• Simulated a sophisticated attacker in stealth oriented engagements, performing phishing campaigns to establish initial access and operating with command and control in live production environments.• Led various internal, external, and web application penetration tests, exhibiting a comprehensive understanding of attack vectors and vulnerabilities. • Facilitated face-to-face purple team sessions with client IT personnel, fostering collaborative learning and enhancing defensive strategies. Developed and executed custom bundles and test cases to address client-specific concerns.• Hosted informal internal presentations on current industry techniques, typically relating to Windows Active Directory in the context of an internal penetration test or red team engagement.

• Led external, internal, web application, mobile, and red team penetration tests to emulate an advanced threat actor.• Provided oversight and direction to consultants assisting with technical execution.• Interfaced directly with the client, communicating status and results of engagements.

• Experienced in technical execution in all phases of a network penetration test, including simulating an external attacker or an insider threat using open-source and commercial toolkits to assess risk.• Identified clear-text PII and credit card data during PCI compliance testing on multiple engagements. • Performed web application security assessments and source code reviews to identify vulnerabilities in application logic against a variety of front-end applications and back-end systems.

• Constructed a system architecture diagram to identify security-related flaws in public-facing systems. Examined internal process and data passed between 20+ teams during the life of a transaction, from navigation to the site to checkout. • Worked with team members to create a python script that mitigates the risk of sub-domain takeover on the production environment.• Both shadowed and conducted penetration tests on web applications.• Attended SummerCon with the team in Brooklyn, NY, and listened to several field experts give presentations.

• Worked under Dr. Du creating a working proof of concept based on a publication claiming that traffic could be mapped to physical hardware through clock skew.• Utilized multiple Raspberry Pi devices to connect to a server that collected timestamps sent with network traffic.• Analyzed clock drift and used this data to determine which traffic (with spoofed IP/MAC addresses) belonged to a specific resource.

• Twelve week co-op program, worked with other interns to create relevant and useful projects and tools to be used while attending weekly tech talks and seminars.• Configured a S.C.A.D.A. honeypot emulating a simple industrial network to lure hackers into revealing methodologies. The project was complete with an admin network of multiple users and several common exposed services (bacnet, s7comm, snmp).• Worked with several open source malware analyzing tools such as ClamAV and Yara and network analysis tools such as Snort and Bro to create an Intrusion Detection System to protect a network. Created a simple wrapper to run all of the services and parse relevant output and wrote custom Yara rules.• Placed first among interns in the company wide yearly Capture the Flag event.