White Knight Labs is a cyber security consultancy that specializes in offensive cyber engagements. The company is headed by Greg Hatcher, an entrepreneur who transitioned from the military in 2017. To learn more about the company, Pulse 2.0 interviewed Greg Hatcher.
Greg Hatcher’s Background
Hatcher’s background is unorthodox. After graduating with a liberal arts degree from Grand Valley State University (GVSU), Hatcher enlisted in the United States Army Special Forces.
“After multiple combat deployments, in 2017 my wife and I decided that it was time for me to transition out. Because of my role within the Special Forces, I was fairly technical and wanted to keep going down that path to further my skill set – offensive cyber security was the only logical career field for me. I cut my teeth working as a senior penetration tester at a boutique offensive cyber security consultancy: we worked on everything from hacking video games to Bluetooth/Alexa devices,” said Hatcher. “After a couple of years, I left for a Cybersecurity and Infrastructure Security Agency (CISA) contracting role where I led a 3-man red team that traveled all around the United States hacking America’s critical infrastructure.”
Company Launch
White Knight Labs is the brainchild of Greg Hatcher and John Stigerwalt, who are two elite hackers that have spent years in the trenches working for various boutique offensive cyber security consultancies.
Stigerwalt got his start working in development, blue teaming, and system administration before moving into penetration testing and red teaming.
After transitioning out of the military in 2017, Hatcher pivoted into offensive cyber security. Plus Hatcher has held various roles in cyber: developer, and penetration tester. Plus Hatcher also led a CISA red team.
White Knight Labs consists of a small band of engineers that have broken away from the corporate structure to provide deep technical expertise to clients at a reasonable price.
Core Products
White Knight Labs specializes in penetration testing and red teaming. Penetration testing is an umbrella term for testing the security of networks, web applications, and cloud environments via finding and exploiting misconfigurations and unpatched vulnerabilities. And White Knight Labs is currently working on a web application for red teamers that can be used to speed up development time by automating several Endpoint Detection and Response (EDR) bypass features such as lowering entropy and obfuscating Windows APIs and malicious strings in their malware.
White Knight Labs is also working on creating an OnDemand offering of their Offensive Development and Advanced Red Team Operations courses. And they are expecting these training offerings to go live in the summer of this year.
The company’s OnDemand live courses will be instructor-led by either Greg or John. And the feedback from previous students has stated that the lab environment solely is worth the cost of the training. The lab environment consists of the following: a fully licensed version of Cobalt Strike, 4 x top-tier EDR products installed on fully patched Windows machines, Kali Linux machines, and various other machines as well.
Hatcher and Stigerwalt worked at various boutique offensive cyber security consultancies before creating White Knight Labs. And they realized that they could take the best TTPs they have learned over the years, hire world-class engineers, and create an incredible company that is solely focused on engineering.
The company founders wanted to create a company that was lean and could move extremely fast yet have a large impact. And White Knight Labs operates similarly to a Special Forces team as they only hire the best and brightest people that are deeply passionate about their work.
“Our engineers tend to specialize in one thing, just like an Army Special Forces soldier. We have an engineer that works solely on Windows implant development, and another one that specializes in iOS application testing on iPhones. Due to this singular job focus, our team finds deeper bugs than engineers who try to do everything,” Hatcher added.
Evolution Of White Knight’s Technology
White Knight Labs’ has evolved to the changing threat landscape by adding various cloud services as well as harnessing the ability to simulate a ransomware attack. And the majority of their clients are very interested when they discuss WKL’s ransomware simulation service with them. Ransomware is known as one of the biggest things that keep decision-makers up at night. After the simulation, the company’s clients will have a firm answer as to how they would fare in a real-life ransomware scenario.
Biggest Milestones
When I asked Hatcher about the company’s biggest milestones, he said that being able to hire engineers was a big one. And during the first year of the company’s existence, the founders were the only ones executing projects.
“Another major milestone was John and I writing out first training – Offensive Development. It took us several months to write the course and develop the tooling. WKL taught it for the first time at Wild West Hackin’ Fest in 2022. We also teach the course virtually on the AntiSyphon platform,” Hatcher explained.
Applying Military Skillsets
I asked Hatcher about how he applied his experience in the military in building his company.
“There are several skill sets from Special Forces that can be directly applied to working in offensive cyber security: the ability to think on your feet and figure out a creative solution to a problem; operate independently or as a useful member of a team; valuing speed and execution over perfection; and learning how to be comfortable with being uncomfortable,” Hatcher answered.
Customer Success Story
White Knights Labs’ first client in 2022 was a small insurance firm based out of Illinois. The company had various critical vulnerabilities and misconfigurations in their external and internal networks and they also failed a ransomware simulation. After White Knight Labs delivered the penetration test report, they turned around and hired the company to help them secure their on-prem network, cloud infrastructure, and Active Directory environment. Plus the client also purchased a top-tier endpoint security solution.
“White Knight Labs had never seen such speed, determination, and resilience from a client before. They turned their security posture around within a matter of months,” Hatcher revealed.
Differentiation From The Competition
What sets White Knight Labs apart from other cybersecurity companies is its deep technical expertise and the price point for the services. And the company only hires engineers that are senior or principal level and can pass a rigorous technical interview process.
“Due to our sole focus on engineering, we are a 100% remote company; the lack of a brick-and-mortar facility allows us to hire brilliant engineers while keeping the price point for our services reasonable,” Hatcher noted.
Future Company Goals
I asked Hatcher about the company’s future company goals. And Hatcher replied:
“Our vision for WKL is to be one of the top-tier cyber consultancies in the United States. We are currently working on creating an on-demand lab environment that students can subscribe to in order to practice real-world AV/EDR bypass and work with various commercial tools. WKL is also working on creating a framework for penetration testers and red teamers that assists with payload development regarding red team operations.”