Michael Kruger
Experience
2021-Current
Senior Analyst/Researcher, Orange Cyberdefense, SensePost Team, United Kingdom.
2017-2020
Lead Analyst, Orange Cyberdefense, SensePost Team, South Africa.
2016
Junior Analyst, Orange Cyberdefense, SensePost Team, South Africa.
During my time at SensePost I have performed various tasks such as:
- Built and presented training at multiple security conferences. Including a wireless course using Docker, Terraform, and Ansible.
- Presented research at multiple security conferences. Most recently on wireless and challenge response authentication schemes.
- Conducted security assessments for a broad range of customers and systems. Including Cloud configurations, Banking systems, Web applications, Mobile applications, and Internal Networks
- Creation of attack tooling and infrastructure such as setting up C2s, phishing infrastructure, scripts, lab environments, and relays/reverse proxies.
- Modified and understood existing tooling in order to achieve a goal.
- Given training at various conferences such as BlackHat.
Contributions
I enjoy presenting at conferences and tool building. I have also built and presented training courses at conferences such as Black Hat.
Talks
2018
DEFCON 26: Practical and Improved Wifi MitM with Mana. Presented the tools wpa_supplicant and berate_ap as additions to Dominic Whites talk on Hostapd-mana and improved Mitm. infocondb/YouTube.
2020
Black Hat Asia 2020: Wi-Fi Brokering. Presented wpa_supplicant with more detail. Blackhat Asia
2021
Black Hat MEA 2021: Attacking VPN’s using Wireless Clients. Presented a new relay tool ppp_sycophant for attacking VPNs via Wireless clients.
2021
DEFCON 29 RFhackers Village talk. Presented with Dominic White, attacking MSCHAPv2 and optimisation, created two new hash modes for Hashcat. YouTube
Tools
https://github.com/sensepost/wpa_sycophant - Wireless client component for a relay attack abusing the MSCHAPv2 Challenge Response
https://github.com/sensepost/ppp_sycophant - SSTP/PPTP client component for a relay attack abusing the MSCHAPv2 Challenge Response
https://github.com/sensepost/hostapd-mana - Added modifications to perform the server portion of the relay attack abusing the MSCHAPv2 Challenge Response
https://github.com/sensepost/berate_ap - Modified version of create_ap to add EAP and malicious WiFi attacks with Hostapd-mana
https://github.com/sensepost/thumbscr-ews - A wrapper around the amazing exchangelib to do some common EWS operations
https://github.com/sensepost/wiresocks - Docker-compose and Dockerfile to setup a wireguard VPN connection, forcing specific TCP traffic through a socks proxy
https://github.com/cablethief/sshaft - Simple sshd container to use for pivoting
https://github.com/hashcat/hashcat/pull/2607 - Addition of hash modes 27000 and 27100 for cracking NetNTLMv1/v2 using NT hashes
Technical Skills
Preferred Programming Languages: Python, Golang, C
Cloud: AWS, Docker, Kubernetes
CI/CD: GitHub Actions, Azure Pipelines
Penetration Testing Experience: Mobile Applications, Web Applications, Internal Networks, External Infrastructure, Cloud Configurations (Azure, AWS, GCP), Kubernetes, Wireless, Red Teaming, and Purple Teaming
Infrastructure: Linux and Windows
Training Courses: Wireless hacking, Web Application hacking, Infrastructure hacking
Education
2015
Hons., Computer Science, Rhodes University, Grahamstown, South Africa.
2012–2014
BSc., Computer Science and Information Systems, Rhodes University, Grahamstown, South Africa.
Certificates
2017
Offensive Security Certified Professional, OS-101-017187
Languages
Native: English
Personal
Citizenship: South African/British
Residence: United Kingdom
Last updated: April 2023