ben@mrb3n:~$ whoami

I've been doing penetration testing for close to two decades now, with a heavy focus on Active Directory. Over the years I've done hundreds of assessments and developed both in-person and online training courses on pentesting and AD security.

I enjoy digging into complex attack paths—the kind that have sometimes gone unnoticed for years. Once I'm inside a network, I'm like a dog looking for a bone. But the work doesn't stop at finding issues. I put a lot of effort into translating technical findings into actual business risk and writing reports with clear, actionable remediation steps.

I'm a big proponent of getting the basics right first. Layered controls built on a strong foundation go a long way. I tend to approach security the same way I approach everything else: understand the system, respect the fundamentals, and fix the parts that actually matter.

Outside of infosec, I train Brazilian Jiu Jitsu and spend time homesteading—chickens for eggs, a vegetable garden, and an ever-growing orchard of fruit trees and bushes (including some exotic tropicals). I'm a husband and father of four.

Right now I'm working on a passion project with a goal of helping drastically improve the security posture of at least 1,000 small and medium businesses. More on that soon.

This site is where I publish writeups, notes, and walkthroughs I reference and share.