Jean-François Maes

Jean-François is based in Portugal where he is the European director of advanced assessment for Neuvik, specializing in internal penetration testing as well as red teaming and adversary emulation and simulation.

Prior to Neuvik, Jean-Francois has worked for other noteworthy firms, including, but not limited to: TrustedSec, Fortra's Cobalt-Strike team, and NVISO.

He is a strong believer in open source and avid contributor to the offensive security community. Jean-François is currently teaching SANS course SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering and is lead author of SEC565: Red Team Operations and Adversary Emulation

More About Jean-François

Profile

Starting out in IT, Jean-François always thought that being a hacker was out of reach. He was under the all-too-common preconceived notion that a hacker had to be fluent in assembly and was constantly writing 0days. He says, “From the moment one of my old bosses showed me Metasploit and popped that first reverse shell, I knew in that very moment that this was something I wanted to do for the rest of my life.”

While he started out as member of a security operations team, Jean-François quickly shifted his focus towards infrastructure penetration testing and network security. Coupled with his strong background in networking topics, such as network architecture, routing switching, network segmentation/segregation, and network devices (Cisco, Check Point, Fortinet, Palo Alto, etc.), this quickly lead to him becoming one of the driving forces behind NVISO’s red teaming approach. He provided cyber resiliency services to their clients with a focus on infrastructure-based assessments, red teaming, and social engineering.

With NVISO’s transition into purple teaming, Jean-François was often called upon to give pure purple assessments in addition to his red team work. This all made him well suited and even ideal for teaching SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection. “You need expertise in both red and blue in order to achieve success in purple team operations and there aren't that many of us out there yet. I strive to make students that sign up for the SEC699 purple experts when they walk out.”

After a while, Jean-François left NVISO to join TrustedSec as a senior security consultant. Where he worked in the Force team performing various internal and external penetration tests. Fast forward a little bit and Jean-François is now security researcher at HelpSystems, where he is helping the Cobalt-Strike team with developing new features and engaging with the community on a very regular basis. On top of that, Jean-François is a freelance security consultant that still performs assessments with TrustedSec, when the opportunity presents itself. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

In his spare time, Jean-François enjoys reading research available to the cyber security community and watching talks about other superstar researchers. In addition to infosec he is also an avid #redteamfit supporter and even, on occasion, can be seen acting and singing.

Here is a SANS presentation with Jean-François Maes:

So, you want to be a red teamer? | SANS Webcast


ADDITIONAL CONTRIBUTIONS BY JEAN-FRANÇOIS MAES:

WORKSHOPS

NTLM Relaying 101: How Internal Pentesters Compromise Domains

Reflection in C#

Emulating the Latest Buer Loader: Self-Guided Workshop

WEBCASTS

Emulating, Detecting, and Responding to LOLBAS Attacks

Introducing SEC565: Red Team Operations and Adversary Emulation

PUBLICATIONSblog.nviso.eu/author/jfmaes/https://redteamer.tips/