Ben F. Email & Phone Number

Philadelphia, PA, US

Philadelphia, Pennsylvania, United States

• Simulated a sophisticated attacker in stealth oriented engagements, performing phishing campaigns to establish initial access and operating with command and control in live production environments.
• Led various internal, external, and web application penetration tests, exhibiting a comprehensive understanding of attack vectors and vulnerabilities.
• Facilitated face-to-face purple team sessions with client IT personnel, fostering collaborative learning and enhancing defensive strategies. Developed and executed custom bundles and test cases to address.
• Hosted informal internal presentations on current industry techniques, typically relating to Windows Active Directory in the context of an internal penetration test or red team engagement.

Philadelphia, Pennsylvania, United States

• Led external, internal, web application, mobile, and red team penetration tests to emulate an advanced threat actor.
• Provided oversight and direction to consultants assisting with technical execution.
• Interfaced directly with the client, communicating status and results of engagements.

Philadelphia, Pennsylvania

• Experienced in technical execution in all phases of a network penetration test, including simulating an external attacker or an insider threat using open-source and commercial toolkits to assess risk.
• Identified clear-text PII and credit card data during PCI compliance testing on multiple engagements.
• Performed web application security assessments and source code reviews to identify vulnerabilities in application logic against a variety of front-end applications and back-end systems.

Hoboken, New Jersey

• Constructed a system architecture diagram to identify security-related flaws in public-facing systems. Examined internal process and data passed between 20+ teams during the life of a transaction, from navigation to.
• Worked with team members to create a python script that mitigates the risk of sub-domain takeover on the production environment.
• Both shadowed and conducted penetration tests on web applications.
• Attended SummerCon with the team in Brooklyn, NY, and listened to several field experts give presentations.

Philadelphia, Pennsylvania

• Worked under Dr. Du creating a working proof of concept based on a publication claiming that traffic could be mapped to physical hardware through clock skew.
• Utilized multiple Raspberry Pi devices to connect to a server that collected timestamps sent with network traffic.
• Analyzed clock drift and used this data to determine which traffic (with spoofed IP/MAC addresses) belonged to a specific resource.

Columbia, Maryland

• Twelve week co-op program, worked with other interns to create relevant and useful projects and tools to be used while attending weekly tech talks and seminars.
• Configured a S.C.A.D.A. honeypot emulating a simple industrial network to lure hackers into revealing methodologies. The project was complete with an admin network of multiple users and several common exposed services.
• Worked with several open source malware analyzing tools such as ClamAV and Yara and network analysis tools such as Snort and Bro to create an Intrusion Detection System to protect a network. Created a simple wrapper to.
• Placed first among interns in the company wide yearly Capture the Flag event.