David specializes in building enterprise adversary-focused assessment teams, which have performed thousands of engagements for large private-sector organizations and major government agencies. David has extensive experience in conducting highly specialized, large-scale adversarial operations against a variety of targets. In addition, he has built several training courses focused on red team operations methodologies. In his previous life, David was a senior technical lead for the National Security Agency Red Team, providing mission direction through numerous large-scale operations.
Jason has extensive technical experience in the field of information security with a specialization in providing technical leadership across adversary-focused engagements while developing adversary operations programs, with extensive experience in leading both large-scale and highly specialized engagements. In addition, he has spent several years building training courses focused on red team operations methodologies. Jason was formerly the primary developer and instructor of the Adaptive Penetration Testing training course, provided at the Black Hat Security Conference.
Kelly is responsible for running Human Resources, Finance, and backend operations for SpecterOps. She began her career in the cyber security industry when she joined Mandiant (FireEye), where she served as their managed services coordinator and eventually the internal and external and logistical training coordinator. Before joining Specter, Kelly served as the operations coordinator with Veris Group's Adaptive Threat Division, where she was responsible for ensuring oversight, event logistics, management, and billing for $5+ million in services annually.
Mike has over 15 years of technical experience in the field of information security and technology specializing in advanced penetration testing, secure enterprise and infrastructure architecture, and engineering. He has supported major U.S. government agencies and Fortune 500 commercial clients as a subject matter expert in technically complex cloud and on-premise environments as well as led large-scale security assessments. Mike is an experienced developer in multiple static and dynamic languages and contributes to several open-source community projects.
Jeff has several years of offensive security experience, with a concentration in leading red team operations and penetration tests. He provides leadership across concurrent offensive security assessments and serves as a technical lead for multiple Fortune 500 commercial companies and U.S. government agency assessments. Jeff holds a master’s degree in Information Security Assurance and several information security certifications. He is an active blogger at bluescreenofjeff.com, where he writes about offensive tradecraft development and attack infrastructure.
Lee is a senior red team operator, threat hunter, and capability engineer for SpecterOps. Lee has performed red team and hunt engagements against Fortune 500 companies for several years, and has trained on offensive/defensive tactics at events throughout the world. Lee enjoys building tools to support red team and hunt operations. Lee is the author of several offensive tools and techniques, including UnmanagedPowerShell (incorporated into the Metasploit, Empire, and Cobalt Strike toolsets), and KeeThief.
Will is an experienced operator and researcher in the field of information security with a focus on red teaming, Active Directory, and offensive development. He has spoken at a number of security conferences including ShmooCon, DerbyCon, Troopers, DEF CON, BlueHat Israel, and more. He co-founded the Veil-Framework, developed PowerUp/PowerView, is an active PowerSploit developer, co-founded the BloodHound analysis platform, and co-founded Empire/EmPyre. Will is a Microsoft PowerShell MVP, a veteran Black Hat trainer, and actively blogs at http://blog.harmj0y.net.
Matt Nelson is an active red teamer and security researcher. He brings a passion for researching and pushing new offensive and defensive techniques into the security industry. He is the primary developer on the PowerSCCM toolkit, a co-developer on the Empire framework, and contributes to many other open source security projects. Matt has spoken at numerous security conferences, and has been recognized by Microsoft for his discovery of new offensive techniques and bypasses. He maintains his blog at http://enigma0x3.net.
Robby is an experienced threat hunter and penetration tester. Over the course of Robby’s career, he has developed and supervised penetration testing, physical security, and breach assessments for several private-sector and government clients. Previously Robby worked for the U.S. Air Force Information Aggressors, providing full-scope network and physical red team operational assessments and further worked integrating information security operations with traditional military operations for the U.S. Air Force’s RED FLAG exercise.
Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at http://www.invoke-ir.com.
Rohan is an operator and developer for SpecterOps with extensive experience performing penetration tests and red team engagements. He has spoken at numerous security conferences including DEF CON, Black Hat, SANS Hackfest, and more. He also conducts research and releases tactics for leveraging security weaknesses in Windows based platforms. Rohan is the co-author of the BloodHound analysis platform and has contributed to other open source projects such as Empire and EyeWitness.
Andy is an active red teamer and co-author of BloodHound, a tool designed to reveal the hidden and unintended permission relationships in Active Directory domains. He has performed numerous red team operations and penetration tests against banks, credit unions, health-care providers, defense companies, and other Fortune 500 companies across the world. He has presented at DEF CON, BSides Las Vegas, DerbyCon, ekoparty, and actively researches Active Directory security. He is also a veteran Black Hat trainer.
Derek Rushing is a developer at heart with experience in multiple coding languages. His over 15 years experience in information technology and security began with an early focus on forensics and later shifted to penetration testing and red teaming. Derek leverages this experience to design and build tools specifically for the information security community.
Linda oversees and manages the financial and accounting activities at SpecterOps. She has over ten years of finance, accounting, and administrative experience gained from working in diverse industries. Prior to SpecterOps, Linda worked at Loyola Marymount University in the Post Award Administration and Accounting office and at Mandiant (and later, FireEye) in the Finance Department supporting the Professional Services team.
Matt is an experienced Senior Consultant for SpecterOps, coming from a background of building and leading Red Teams. He is passionate about Windows post-exploitation tradecraft and focuses heavily on creating new capabilities for SpecterOps in that area. Matt is an author of numerous open source tools, including the OffensiveC# repository and DefenderCheck, as well as the co-author of Spotter.
Brandon Scullion is a Senior Analyst at SpecterOps. He has several years of experience operating in various Security roles at a Fortune 500 company. There, he worked with both internal and external teams to accomplish complex goals. Brandon has contributed to building a Security Operations Center as Senior Threat Analyst utilizing the MITRE ATT&CK Framework, attack automation, and adversary simulation techniques to hunt for threats in the environment. When he is not spending time with his wife and family, he loves to learn, automate tasks with PowerShell, and develop tools in his home lab.
Andrew Chiles has over 10 years' experience in information technology with 6 years' experience in Offense Cyber Operations (Red Teaming and Threat Emulation). He is a former member of a NSA Certified DoD Red Team and regularly publishes research and security related articles for the security community at http://threatexpress.com
Carlo Alcantara is an experienced red teamer and penetration tester. With a background originally in audit and compliance, he now prefers a more technical role and has years of experience performing technical assessments across numerous industries including government, finance, and healthcare. When not actively engaged in an assessment, Carlo provides training for SpecterOps’ Adversary Tactics: Red Team Operations course.
Dwight is a red team operator with a focus on network, host and web application security. Throughout his career Dwight has actively developed, blogged and maintained unique techniques and toolsets to accomplish challenging assessment objectives. His penchant for automation has led to a deep knowledge across a variety of topics, allowing him to reveal vulnerabilities and assets that would otherwise go unnoticed. He has contributed to projects such as GhostPack, Cobalt Strike and Kali Linux, and actively maintains a Github repository at https://github.com/djhohnstein
Calvin is a red team operator with SpecterOps, and has several years of experience with red team operations and penetration testing. With SpecterOps, Calvin delivers training courses, performs red team engagements, and assists with tool development, specializing in Aggressor Script. He has also spoken on penetration testing and red teaming at several conferences, including BSides Detroit, GrrCON, and A2Y.asm. Before joining SpecterOps, Calvin performed penetration testing and red team engagements for smaller organizations across the United States.
Cody Thomas is a red team operator and developer focusing on macOS and *nix devices. He created the initial Mac and Linux ATT&CK matrices while he was working on the Adversary Emulation team at MITRE. Cody has spoken at a few conferences and works on his open source framework for Red Teaming called Mythic. He maintains his blog at its-a-feature.github.io.
Russel is a well-rounded information security consultant and offensive security practitioner. He has over 15 years of IT experience with 7 years as an offensive security consultant performing tasks such as penetration testing, web application assessments, social engineering, and wireless assessments. He has spoken at several security conferences to include Knoxville TN chapters of OWASP and BSides along with BlackHat Arsenal. Tools and open source projects developed by Russel can be found on his GitHub page at https://github.com/Ne0nd0g or on his blog at https://medium.com/@Ne0nd0g. Additionally, he enjoys knowledge sharing and teaching and has presented at several colleges and high schools.
Luke is an adversary detection analyst for SpecterOps. He has several years of experience in threat hunting and penetration testing for both enterprises and government agencies. Luke has used many industry tools to accomplish threat hunting missions in networks ranging from 300 to 100,000 endpoints. His hobbies include malware analysis, PowerShell development, web development, and front-end design.
Leo has several years of technical experience in the field of information security and technology. His career began conducting security assessments of information systems for various U.S. government organizations. He later transitioned to offensive security consulting as a member of a DoD Red Team, in which he participated in penetration tests, red team engagements, and physical security assessments. He maintains his blog at https://medium.com/@D00MFist.
Chris is a red team operator at SpecterOps with several years of experience specializing in offensive security and tool development. He has spoken at various security and development conferences including DerbyCon, SecTor, CodeMash, Converge, and more. Chris enjoys developing automation and creating new tools, which are released as open source projects on GitHub (https://github.com/chrismaddalena/). He also actively blogs on topics ranging from open source intelligence gathering and tool development to custom hardware projects at https://chrismaddalena.com/.
Bonnie is responsible for assisting Human Resources, and backend operations for SpecterOps. She began her career in the cyber security industry when she joined SpecterOps in 2019. She comes to the SpecterOps team with over 20 years administrative experience. Her most recent role prior to joining SpecterOps was as a Sr. Administrative Coordinator for Inova Health System’s Cancer Genetics department, where she supported five Genetic Counselors, and trained newly hired administrative staff and interns. Bonnie oversaw the day to day operations while providing exceptional customer service and ensured that the department ran efficiently.
Rob has over 15 years of system administration and support with deep roots in the information security industry. Previously to SpecterOps, Rob was with ICEBRG, Essential Security Software and Webroot Software. Rob holds multiple industry certificates including CompTIA CySA+. Additionally, Rob has lead multiple acquisitions and build-outs from a technology perspective and specializes in making the nuts and bolts of technology work for the organization.
Steven is an experienced red team operator and former Marine. Over the years Steven has performed engagements against organizations of varying sizes in industries that include financial, healthcare, legal, and government. Steven enjoys learning new tradecraft and developing tools used during red team engagements. In addition to offensive operations Steven also has previous experience performing incident response and digital forensics.
Mike helps manage projects and operations for SpecterOps. He has over 15 years experience managing both project teams and day-to-day business operations, working in both the consulting world and directly for the Fortune 500. Mike has extensive experience both managing and performing highly-specialized information security consulting engagements, assessments, and audits, as well as presenting and speaking on information security issues. Mike holds several professional certificates including Certified Information Systems Auditor and Project Management Professional.
Ryan Cobb is an operator and red teamer at SpecterOps, who specializes in building offensive security toolsets. Ryan has contributed to several open source security projects, such as Empire and Invoke-Obfuscation, and is the author of PSAmsi, SharpSploit, and Covenant. Ryan has presented at several security conferences, including: DerbyCon, BSides Austin, and BSides DFW. Ryan maintains a blog at cobbr.io where he shares research and development projects.
David Polojac is a consultant with SpecterOps where he specializes in adversary detection. He has over 9 years of experience in IT and information security. His background includes working with operational technology, developing threat hunting capabilities for government organizations, and utilizing adversary simulation techniques in various roles. He maintains his blog at https://email@example.com.
Emily is an Associate Consultant focused on red team operations. She graduated from MIT where she studied computer science and creative writing and spent summers researching network security and building capture the flag competitions. When not doting on her cat, she likes to write speculative fiction. She aspires to contribute to the field of offensive security in whatever way she can. Emily’s career is only beginning, and she is eager to learn as much as possible.
Josh Prager has over 9 years' experience focusing on DoD red team infrastructure, cyber threat emulation and threat hunting. As a former threat hunter for Accenture's Adversary Research and Reconnaissance Team he developed various cyber threat emulation and threat hunting programs within the Federal industry.
Hope is a consultant at SpecterOps with experience in conducting and leading red team operations. Prior to joining SpecterOps, she conducted research, led red team process improvement efforts, trained new operators, and managed the operations floor for a DoD Red Team. Hope holds four degrees from the University of Alabama in Huntsville including a master’s in cyber security and was a recipient of the National Science Foundation Cyber Corps scholarship.
Daniel Heinsen is a red team operator, offensive tools developer, and security researcher at SpecterOps. Prior to working at SpecterOps, Daniel spent over 10 years within the U.S. Department of Defense as a software developer and capabilities specialist. Daniel has experience in offensive tool development, Windows internals, and web application exploitation. Since joining SpecterOps, Daniel has directed his research focus to novel initial access vectors and AWS. He maintains several projects at https://github.com/hotnops and posts to his blog at https://medium.com/@hotnops.
Max Harley is an operator and red team tool developer at SpecterOps. His passion for cybersecurity and software development has motivated him to release open source tools, mostly focused on safe payload delivery and JA3. Max has given presentations at multiple security conferences including CarolinaCon and BSides Charleston. He is a Clemson University alumni and former president of their cybersecurity club, CU Cyber.
Justin is an operations expert who has over a decade of experience in project and program development. After the Air Force, he worked for several consulting firms focused on process and workflow optimization. He enjoys building and leading teams focused on customer delivery at Fortune 500 companies.
Geeta is a seasoned accounting and finance professional with over 12 years of experience. She specializes in financial administration, cash flow management, facilitating effective decision-making with financial models, and optimizing process efficiencies. She has previously worked with Palette SF, McKesson, Wells Fargo Bank, and Farmers Insurance supporting various functions such as ITSM, tech solutions and application services, project and portfolio management, process improvement, marketing, and business analysis in financial capacity.
Jacob is a DevOps engineer who began his career in information security. Before SpecterOps, Jacob built automation tooling, conducted incident response, and released production applications at various organizations in the United States. Jacob enjoys developing tools and learning new skills. Some of his technical hobbies include web development and building out cloud infrastructure.
Duane is an adversary simulation operator at SpecterOps and a veteran of the US Marine Corps with 10+ well-rounded years in IT and information security. His experience spans across private and federal sectors and includes time spent in security operations, engineering, incident response, and penetration testing. Duane enjoys collaborating with clients through both an offensive and defensive lens to improve the detection and response capability of security programs, an activity he has performed at scales ranging from focused, boutique engagements to the extensive enterprise networks of numerous Fortune 500 organizations.
Nick is an operator and red teamer at Specter Ops. He has experience with providing, as well as leading, pentest and red team service offerings for a large number of fortune 500 companies. Prior to offensive security, Nick gained security and consulting experience while offering compliance-based gap assessments and vulnerability audits. With a career focused on offensive security, his interests and prior research focuses have included initial access techniques, evasive Windows code execution, and the application of alternate C2 and data exfiltration channels.
Matt Merrill is a versatile offensive security consultant with several years performing red team operations and penetration testing assessments. He enjoys learning and solving complex problems. In addition to his offensive experience, he previously performed incident response and digital forensics.
Irshad is an experienced Software Engineer starting his work in Cybersecurity with SpecterOps. He has previously worked in Supply Chain Management and FinTech, with a wide array of technologies ranging from many AWS cloud services to Java, Ruby on Rails, and GoLang on the backend as well as MS-SQL, Postgres, and multiple No-SQL technologies for database management. Outside of work, Irshad likes to dabble in motorsports and mechanical engineering. He's also an audiophile, musician, husband, and father of one.
John is a software engineer with 15 years of experience stretching from low-level Linux implementation work to hyper scale services an industry cloud provider. He has experience in a wide array of technologies with a focus on systems and fleet management as well as distributed databases and storage solutions. He works on personal projects on GitHub at github.com/zinic and maintains them as a hobby.
Dillon is a highly versatile software engineer. Prior to joining SpecterOps, Dillon was using blockchain technology to build decentralized apps with a focus on supply chain management and solutions for bridging the gap between Web 2.0 and Web 3.0. Dillon is also a veteran of the U.S. Army, a musician, and a father of five. He has a deep passion for software automation, new programming languages and Kubernetes.
Elad has over a decade of experience across the different domains of information security and spent most of his career focusing on security research and delivering offensive security services. Previously, Elad served in the Israeli intelligence and worked in the private sector in Israel and Australia. Elad specializes in identifying security flaws in complex systems and weaponizing intended functionality for offensive capabilities, particularly in Windows and Active Directory environments. Elad occasionally blogs at eladshamir.com.
Eli is an experienced software engineer focused on building modern front-end web applications. He leverages the latest generation of frameworks like React and Express to engineer beautiful and intuitive web apps. Before joining SpecterOps, Eli acquired a wide breadth of experience working as an application development consultant for multiple Fortune 500 clients. He is passionate about bringing great ideas to life through software that is easy-to-use and accessible for all.
Sara is a Marketing Manager who has experience marketing events, products, and services. Her career began in cyber security in 2012 when she joined Mandiant (FireEye) as an Executive Assistant, but recently she has spent the last five years in the advertising industry producing events and managing client relations at the Interactive Advertising Bureau. At SpecterOps, she is responsible for managing our marketing efforts and executing our digital and hybrid programs.
Emily is a Consultant with SpecterOps and has over five years of experience in cybersecurity with expertise in Attack Surface Reduction, Threat Modeling, Cybersecurity Policy, and Adversary Tactics. Emily graduated from the University of Virginia with both a Masters in Public Policy, with a concentration in cybersecurity, and an undergraduate degree in Global Security and Justice. Before joining SpecterOps, Emily worked with multiple large federal agencies helping them prioritize and remediate critical vulnerabilities and proactively defend against potential cyber attacks. Prior to that, she developed agency-wide compliance requirements and wrote the Interim Authority to Test policy in the National Security Systems division at the Department of Homeland Security.
Michael comes from a SOC operations background where he used his experience as a SOC analyst and IR investigator to build better MDR services that detect attacker activity in organizations big and small. He is always fascinated by the ways that technical changes to malware functionality and campaign TTPs reflect larger trends in the e-crime ecosystem. He enjoys breaking down these concepts into guidance that is informed by a larger understanding of attacker behavior but meets target audiences where they are.
Chris is an adversary simulation operator at SpecterOps with over ten years of experience in information security, serving numerous Fortune 500 clients in the retail, consumer products, financial, and telecom industries. He has extensive experience leading network, web application, and wireless penetration tests, social engineering engagements, and technical security assessments to provide actionable recommendations that align with each client's security strategy and risk tolerance. Chris enjoys researching and applying new tradecraft to overcome technical challenges and writing tools to automate tasks and improve efficiency.
With a strong foundation as an information security professional, Stephen specialized in leadership roles across both product management and customer success. By starting his career at the bottom and working up, Stephen became comfortable working with technical teams as well as leading strategic discussions with executives. Stephen believes building strong working relationships are critical to success and loves leading diverse teams through big problems to achieve mutual success based on organizational objectives.
Josh is a Staff Infrastructure Engineer at SpecterOps, and is a well-rounded DevOps resource. He has a degree in Software Engineering from the University of Texas at Austin, and his career brought him up through IT Operations at various levels. He is a tinkerer, automator, Linux hobbyist, and kube evangelist, as well as a husband and father of two.
I am a former Service Desk Technician, Systems Engineer/Administrator, SOC analyst, and Incident Response team member supporting multiple government contracts as well as Golden Nugget Casino and Hotel in Biloxi, MS. In my short time in the enterprise IT industry, I have come to learn multiple new technologies and tools rapidly to help expand my personal skill set and have helped attract new clients and contracts with my monitoring, triage, and investigation expertise.