homepage
Open menu

Tim Medin

Tim is the Founder and CEO of Red Siege Information Security and is also a Senior Instructor, Course Author, and MSISE Program Director at SANS Institute. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He has gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to organizations around the world. Tim is the creator of the Kerberoasting, a widely utilized Red Team penetration test technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. Tim earned his MBA through the University of Texas.

More About Tim
Specialties
Photo

Profile

Tim began his security career in 2008 with a role at AgStar Financial Services (now Compeer Financial), and since then has worked for FishNet Security (now Optiv) and Counter Hack, before founding Red Siege. A SANS instructor since 2012, Tim is currently the program director for the SANS Master of Science in Information Security Engineering (MSISE) curriculum, as well as a principal instructor and course author. In the classroom, you'll find him teaching SEC560: Network Penetration Testing and Ethical Hacking, of which he is also lead author, and SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking.

Through the course of his career, Tim's had the opportunity to hack some of the best and biggest companies on earth and get a sneak peek inside cutting-edge technology before it's publicly released. He has performed penetration tests on a wide range of organizations and technologies in industries including control systems, higher education, financial services, and manufacturing, and brings years of practical experience and stories from himself and his team to his SANS students.

Tim says an eagerness to learn, and an openness to see things differently are keys for success in his classroom. "I really enjoy seeing students break through their current way of thinking and see technology and data differently," he says.

And those lessons can have a lasting impact. "Years ago I had a high school student in a one-day class who came up to me years later and showed me he was doing penetration testing at a major company," says Tim. "It was amazing to see him develop himself and see his transformation."

Tim is an experienced international speaker and the creator of Kerberoasting, a widely-used technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. He has an MBA from the University of Texas, holds the GWAPT, GPEN, GMOB, GCED, and GCIH certifications, and previously held the CCNA certification.

In his free time, you'll find Tim watching sports, appreciating a good beer, and running.

ADDITIONAL CONTRIBUTIONS BY TIM MEDIN:

WEBCASTS

Dirty Defense, Done Dirt Cheap: Make your life easier by making mine harder

Hacking Common AD Misconfigurations

Kerberos & Attacks 101

Hacking without Domain Admin

Offensive WMI

Assumption of a breach: How a new notion can help protect your enterprise

Enterprise Discovery: I Still Haven’t Found What I’m Looking For

Head Hacking


PRESENTATIONS

Assumed Breach: The Better Pen Test

Kerberos and Attacks 101

KringleCon - Hacking Dumberly Not Harderer

Hacking Dumberly Redux - More Dumberer

Successful Hacking with Domain Admin

ARTICLES

Recon Methods Part 1 - OSINT Host Discovery

Recon Methods Part 2 – OSINT Host Discovery Continued

User Enumeration Part 2 – Microsoft Office 365

You can read Tim's blog posts here.


PODCASTS

Daily Cyber #212 - Understanding Penetration Testing

Assumed Breach: The Better Pen Test

Paul's Security Weekly #535 - Breaking Kerberos with Active Directory

Tim's Contributions

Blog
Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye
I recently came across a node.js server in a pen test.
Tim Medin
Senior Instructor
read more
Blog
Sneaky Stealthy SU in (Web) Shells
[In this article, the inimitable Tim Medin has some fun with PHP web shells, and merges together some clever ideas for interacting with them in a rather stealthier fashion using some Python kung fu! -Ed.] Here is the scenario: you have a server that allows you to upload an avatar. The site makes...
Tim Medin
Senior Instructor
read more
Blog
PsExec UAC Bypass
[Editor's Note: In this article, Tim Medin describes a common pen test scenario in which a tester gets limited access of a target Windows machine, and needs to escalate privileges without incurring the wrath of User Account Control (UAC). Tim describes his approach, which involves the use of psexec...
Tim Medin
Senior Instructor
read more
Blog
Putting the MY in phpMyAdmin
[Editor's note: In this article, Tim Medin walks us through a few steps of a recent pen test he did, wherein he exploits phpMyAdmin. The best part of this write up is that he shows the mindset of a pen tester as he methodically attacks the target system step by step. In the process, he provides...
Tim Medin
Senior Instructor
read more
Blog
All your svn are belong to us
[Editor's Note: Here is a delightful little article from my buddy, Tim Medin on recovering Subversion-related files during a penetration test or ethical hacking project. Recently, we've had several projects in which this hot little technique has been vitally important, yielding super cool...
Tim Medin
Senior Instructor
read more