Penetration Tester
Current- Advanced Penetration Testing: Executed advanced Active Directory penetration with deep enumeration, leveraging GMSA, GPOs, ACLs, Kerberos, and trust manipulation, utilizing LOTL attacks and fileless techniques.- Security Defense Evasion: Bypassed advanced security defenses including EDR, WDAC, AppLocker, and PowerShell CLM using evasion tactics like process injection and leveraging LOLBins for stealth operations.- Custom Script Development: Developed custom scripts and backdoors in… Show more - Advanced Penetration Testing: Executed advanced Active Directory penetration with deep enumeration, leveraging GMSA, GPOs, ACLs, Kerberos, and trust manipulation, utilizing LOTL attacks and fileless techniques.- Security Defense Evasion: Bypassed advanced security defenses including EDR, WDAC, AppLocker, and PowerShell CLM using evasion tactics like process injection and leveraging LOLBins for stealth operations.- Custom Script Development: Developed custom scripts and backdoors in Python, Bash, and PowerShell, optimizing automation for reconnaissance, exploitation, and persistence, enhancing undetectability.- Web Vulnerability Exploitation: Identified and exploited web vulnerabilities (XSS, CSRF, Java serialization, SQL injection) using Burp Suite, demonstrating a deep understanding of attack vectors and mitigation techniques.- Lateral Movement/Persistence: Utilized advanced techniques such as Rubeus, Mimikatz, and Impacket for lateral movement and persistence within networks.- Cloud Security: Worked in Azure environment, addressing cloud services vulnerabilities in Hybrid-AD using Azure AD tools.- Adversary Simulation: Utilized C2 frameworks for adversary simulation, applying advanced DLL side-loading/LOTL attacks and in-memory execution techniques to test and enhance defense mechanisms.- Privilege Escalation: Implemented innovative privilege escalation tactics through MSSQL vulnerabilities, constrained/delegated attacks, and abusing cross-forest eschewing traditional methods for more sophisticated initial access strategies.- Community Engagement: Maintained industry knowledge by engaging with cybersecurity communities on GitHub, Discord, and exclusive DeepWeb forums. Show less