The Schellman Blog

Philip Holbrook is a Lead Penetration Tester with Schellman & Company, LLC based in Pittsburgh, PA, where he leads red team engagements and performs external and internal penetration tests, advanced phishing campaigns, and web application testing. Philip is actively expanding Schellman's red team practice through researching novel initial access vectors, developing custom internal tooling, and supporting the team's penetration testing infrastructure. Philip brings in-depth knowledge of enumerating macOS and Windows environments for vulnerabilities and privilege escalation opportunities, with specialized expertise in SIEM and EDR evasion techniques. In his leadership role, he mentors junior penetration testers, contributes to methodology development, and drives innovation in adversary simulation techniques. Philip has over 10 years of experience in IT and security, serving clients across various industries with a primary focus on Cloud, SaaS, and Service Provider environments. He has presented at the Pittsburgh BSides Conference on advanced phishing techniques utilizing calendar injection, user scripting, and dockerized phishing infrastructure to bypass MFA restrictions. Philip recently obtained his Certified Red Team Lead certification to complement his expertise in red team operations. Prior to joining Schellman in 2020, Philip worked as a Security Engineer handling SOC integration projects and Incident Response in MSP environments supporting small to medium businesses. He performed malware and root cause analysis to identify attack kill chains and provide accurate remediation steps. He obtained his OSCP in 2018 and leverages his defensive security background to emulate realistic adversary tactics, techniques, and procedures (TTPs) in red team.