Professional Attributes:

• Critical thinker
• Motivated
• Reliable
• Excellent interpersonal skills

Core Competencies:

• I apply the latest and most reliable techniques for enumeration and exploitation of internal and external networks. I do not rely solely on public exploits; I perform thorough enumeration of the domain, users, computers, and privileges to exploit weak security controls, excessive permissions, and policy misconfigurations.
• As an early adopter of Linux (mid 90s), I am proficient in using and exploiting Linux and other Unix- based operating systems.
• Using a social engineering platform built in-house, I create convincing phishing campaigns to entice users to enter their credentials and run a malicious trojan to obtain remote code execution.
• Using C/C++, Ruby, and Bash, I’ve written several tools used by the team for enumeration and exploitation. Most notably, I created a DNS-based command-and-control framework in C++ which has a proven track record of evading modern host-based and network security solutions and egressing the target network. Operators can then perform post-exploitations tasks that often go undetected by using techniques including reflective DLL injection, payload encryption, and sandbox detection.
• Additionally, I’ve contributed numerous modules and bugfixes to the Metasploit Project.

Industry Experience: