概要

Cyber Security Consultant with a background in Systems Engineering
Experienced in Infrastructure Penetration testing / Red Team Operations and Threat hunting.

The Guy who loves breaking networks

I Love Popping shells, Escalating privileges, and Wandering inside Networks.

Specialized in Advance Active Directory Attacks From Generating Custom Macro Payload and Other Advance techniques for Initial access, Lateral Movement to Domain Controller pwnage.
Popped "NT Authority" / "root" shell in no time at Various projects.

- Having In-depth Command on Python3, Internals of OSs (Windows / Linux).
- Strong Hands-on with ELK Stack in various Threat Hunting projects. (Deployment / Analysis) (Security Onion, HELK).

I frequently participate in Global Online CTFs and hold a Pro Hacker rank on renowned CTF platform HackTheBox
https://app.hackthebox.eu/profile/15981

Open to work (relocation or Remote)

Areas of interest:
- Red Teaming
- Binary Exploitation
- Reverse Engineering
- Threat Hunting
- Memory Forensics

工作经历

公司标识
Team Lead - Cyber Operations
Ideators Pakistan
Jun 2021 - 代表 | Karachi, Pakistan

- Red Team Engagements.- Infrastructure Vulnerability Assessments and Penetration tests (internal/external)- Web Application Penetration tests.- VAPT, Compromise Assessment and InfoSec Project handling.- Team management- Securing an organization’s critical infrastructure- Report Development

公司标识
Consultant - Cyber Security & Risk Advisory
A F Ferguson & Company
Mar 2019 - Jun 2021 | Karachi, Pakistan

- Infrastructure Penetration test (internal / External) and internal Red Team Engagements.- Vulnerability Assessments using commercial-grade tools (Nessus, Nexpose, Acunetix, Netsparker)- Penetration tests of Azure and AWS-based applications. (Cloud)- Vulnerability assessment in OT (Industrial Control Systems) Environments using commercial-grade tools (Nozomi Guardian) and review results. Collaborate with client’s staff to rank vulnerabilities, validate high-risk vulnerabilities on specific targets. Develop a remediation action plan.- Report writing- Customized Macro payloads for phishing, Deployed and managed C2 Frameworks (covenant, Faction, Cobalt Strike). Lateral movements to DC compromise- Threat Hunting, advance network, and host analysis in the event of a compromise.- Used ELK stack (Log Analysis) and deep memory forensics to identify threats, determine root cause, scope, and severity of each and compile/report findings into a finished analytical product.- Identify potential security exposures that may currently exist or may pose a potential future threat to the client’s networks and applications

公司标识
Penetration Tester
Seclogi
Jan 2019 - Feb 2019 | Karachi, Pakistan

• Conduct network, web and mobile application security vulnerabilities assessments, (review designs, perform pen test, code review, and security checks) through the use of scanning tools and manual checks and notify the appropriate team to take necessary action.

• Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.

• Identify potential security exposures that may currently exist or may pose a potential future threat to client’s networks and applications.

• Support Development Teams, Architects and Security teams to periodically review the application code and be able to define the security posture of applications and back-end systems

公司标识
Systems Engineer
NewSoftwares.net
Nov 2013 - Jan 2019 | Karachi, Pakistan

• Layer 7 Firewall Management
• SSL/TLS, HTTPS, Security Management
• Cloud based Endpoint Device management
• Citrix Xen Server Administration
Install, configure, maintain, and support
Manages servers with multiple OS’s, includes provisioning, monitoring and upgrades.
Deploy and manage virtual servers, including server provisioning, upgrading, monitoring, maintaining, performance optimization.

学历

Virtual University of Pakistan
学士, 理工学士, BSc (Computer Networking)‎
Data Communication, Information Security, Network Design & Analysis
2021
Certified Red Team Professional (CRTP) - Pentester academy
证书, ‎
Information Security
Incomplete
2021
MILE2
证书, C)PTE - Certified Penetration Testing Engineer‎
Penetration Testing, Vulnerablity Assessment, Ethical Hacking
Completed
2018
Govt: National College
中级/A级, , FSc (Pre Engineering)‎
Physics
2011

技能

中级 Active Directory
初学者 Assembly Language
初学者 Automation Languages Command
中级 Bash
初学者 C++
熟练 Ethical Hacker
熟练 Information Gathering
中级 Internet Troubleshooting
中级 Linux
熟练 Metasploite
熟练 Nessus
熟练 Nmap
中级 OWASP
熟练 Penetration Testing
初学者 PLC Network
中级 Red Teaming
中级 SQL Injection
熟练 Vulnerability Assessment
中级 Web Application Security Assessment

语言

中级 英语

推荐

简短自我描述
Syed Ghazali Ali
Customer Support Lead, NewSoftwares.Net
曾与你工作在 NewSoftwares.net

Network Support

Hisan 联系人

Mohsin Younus
Webwooter
Syed Ghazali Ali
NewSoftwares.Net