Konrad

Penetration Tester

Employment:: Full-time, part-time.
Age:: 36 years
City of residence:: Lviv
Ready to work:: Dnipro, Kyiv, Lviv, Odesa, Remote, Zaporizhzhia

Contact information

The job seeker has entered a email and LinkedIn.

You can get this candidate's contact information from https://www.work.ua/resumes/10695380

Work experience

Penetration Tester (Remote)

from 06.2019 to now (5 years)
KR. Laboratories, Київ (IT)

— Pentest. Executed 10+ External/Internal penetration tests, including Black-Box, Grey-Box and White-Box types, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG. I conduct manual testing using the following Offensive Security tools: Kali Linux, Parrot Linux, Arch Linux, Burp Suite, Metasploit, OWASP Zap, OWASP Amass, NMAP, SQLmap, WPScan, Joomscan, Droopescan, Wireshark, Cobalt Strike, Aircrack-NG, THC Hydra, Hashcat, BeeF and many others.

— Audit. I have conducted more than 20 security audits for various types of applications (Web/Mobile/Cloud/On-Premise/IoT/SCADA), including Vulnerability Scanning and Risk Management. In total, I discovered and investigated more than 300 vulnerabilities of various severity. In my work, utilizing CVE/CWE/Exploit-DB databases, CVSS score system and SAST/DAST scanners, such as: Acunetix, Nessus, Rapid7 Nexpose, OpenVAS, Intruder, WhatWeb, Nikto, Nuclei, Qualys, ImmuniWeb, Detectify, SonarQube, Snyk and others. My reports are detailed, contain actionable recommendations to improve security posture and mitigate identified vulnerabilities. All audits based on compliance requirements: ISO 27001/9001, NIST SP 800-115, COBIT, ITAF, PCI-DSS, HIPAA, SOX.

— Red Team. Led a team in performing Red Team and Social Engineering experiments that simulate real attacks and provide valuable information about security vulnerabilities. Created, selected, modified, tested exploits and backdoors in PHP, Python, JavaScript, Ruby, Perl. Automated processes using Bash and PowerShell. Thought over Offensive Security algorithms and strategy, attack and defense tactics, studied various techniques, methods, phases of Ethical Hacking: Reconnaissance, Network Intelligence, Enumeration, Fuzzing, Bypassing, Spoofing, Exploitation, Post Exploitation, Escalation Privileges.

— Cyber Threat Intelligence. Conducted 5+ OSINT investigations, during which identified various fraudulent schemes, malicious domains and deanonymize intruders. Using such tools as Google Dorks, Maltego, Intelx, Censys, Shodan, MISP, ZoomEye, Cybergordon, SpiderFoot, SecurityTrails, DNSdumpster, DNSlytics, GHUNT, Maigret, Metagoofil, Sherlock, Exiftool, Pymeta, theHarvester and others.

— Endpoint Security. Successfully monitored and protected at least 100 applications and infrastructure systems, using WAF, NGFW, IPS/IDS, DLP, SIEM. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE. During all time, blocked over 400 spam bots and eliminated 200+ threats (phishing, smishing, vishing, doorwaying, spoofing, poisoning, hijacking, clickjacking). Preventing unauthorized access, protecting sensitive data and involving potential data leaks for over 10 clients. Reported to CERT, CSIRT, DFIR and other incident response teams.

Education

European University

IT Engineering, Київ
Higher, from 2014 to 2018 (4 years)

Additional education and certificates

Certified Ethical Hacker (CEH)

2020
Certificate

Knowledge and skills

HTML SQL Ручне тестування Написання bug reports Складання чеклістів Стрес-тестування Burp Suite Metasploit NMAP OWASP Zap SQLmap Wireshark Hashcat THC Hydra John the Reaper Aircrack NG Maltego Shodan Censys DNSdumpster Nuclei Nikto Metagoofil Сумлінність JavaScript Kali Linux Parrot Linux Arch Linux Debian Ubuntu OSI TCP/IP HTTP VPN DNS SSH VMware VirtualBox Python Bash PowerShell PHP XML Tenable Nessus Offensive Security Ethical hacking Penetration Testing Vulnerability Scanning Програмування Acunetix

Language proficiencies

English — fluent
Ukrainian — fluent

Additional information

Professional Penetration Tester with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box) and Vulnerability Scanning & Assessment. Has deep dive technical skill and strong background of Ethical Hacking. Understanding most Offensive Security strategies and methodologies.

My articles: https://kr-labs.com.ua/author/konrad-ravenstone/

Some clarifications:
English - only technical
Jobs - only remote