Russel Van Tuyl

Russel Van Tuyl is the managing consultant for security assessments at Sword & Shield Enterprise Security. His primary role is conducting network vulnerability assessments and penetration tests but also performs web application assessments, firewall configuration audits, wireless assessments, and social engineering.

He has more than 11 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.


Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More


Dec 2016

Russel Van Tuyl Joins WATE News 6 to Discuss the Latest Yahoo Breach

Sword & Shield Managing Consultant of Security Assessments Russel Van Tuyl talks with WATE News 6 about how to protect yourself after the latest Yahoo! breach. Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The California company says it’s a different breach from the one it disclosed in September, when it said 500 million accounts were...

Read More


Nov 2016

Slack Shell Bot

By Russel Van Tuyl I really, really, really like shells. Nothing is better than that feeling you get when a shell comes in. There are many ways to get a shell, but some of them take a while to produce. A phishing campaign that leverages malicious payloads is a good example where there might be delayed gratification on receiving a shell. The emails might be...

Read More