Tyler Booth | OSCP, CRTO, CRTL

Lead the Adversary Simulation team, developing initial access payloads, C2 infrastructure automation, and advanced EDR evasion techniques. Drive the creation of custom internal tooling to enhance offensive security engagements and overall team effectiveness. Manage internal knowledge-sharing and training programs, elevating team competency and operational readiness. Support pre-sales initiatives by demonstrating team expertise, articulating service offerings, and advising on engagement scope. Promote team achievements through whitepapers, advisories, marketing materials, and industry event representation, strengthening the organization’s professional network and industry presence.

Developed custom tools for internal team use while enhancing systems and processes to improve operational efficiency. Created and executed personalized education plans to align skill development with client needs, supporting team growth initiatives. Participated in pre-sales activities by demonstrating team expertise, clarifying service offerings, and advising on engagement scope. Conducted research on emerging security topics, producing tools and documentation to support security assessments. Promoted team visibility through internal collaboration, whitepapers, advisories, marketing contributions, and conference presentations.

Led and supported network security assessments for organizations ranging from small businesses to large enterprises. Developed custom tools and scripts to streamline engagements and served as the designated Serpico Project lead, modifying code to meet reporting standards. Created a red team service offering, including toolbox development, automated infrastructure builds, and comprehensive documentation. Maintained social engineering infrastructure, designed new campaigns, and actively shared insights with the team to enhance collective expertise.

Provided customer support by resolving billing concerns, answering inquiries, and troubleshooting handset and cellular network issues. Developed and maintained Excel spreadsheets for rate plan calculations and implemented systems to track company devices, preventing loss or theft. Educated associates on Microsoft Dynamics CRM functionality and wrote scripts to analyze service reports, identifying potential outage locations.

Conducted in-depth Android malware analysis and evaluated proof-of-concept code to develop metrics for assessing zero-day attack probabilities. Assembled and maintained server racks while supporting faculty research through white paper reviews and minor contributions to new publications. Collaborated closely with professors to enhance algorithms, source code, and project outcomes.

An analysis of the user password hashing algorithm used by Citrix NetScaler.

Programmatically parse minidump files from system memory dumps using a patched version of Ulf Frisk's vmm library.

An impacket example script that retrieves Microsoft LAPS (LAPSv1) passwords from LDAP attributes.

An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates.

An overview of Kerberos and various attacks primitives.

Defense Against the Dark Arts 2023 presentation on exploiting vulnerable drivers.

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the IREC.sys driver.

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.

A talk that went over an interesting pentest engagement. Domains are compromised, access control systems taken over, server rooms are broken into, and some explanation as to why this happened is shared.