Personal information hidden

Contact information

This job seeker has hidden his personal information, but you can send him a message or suggest a job to him if you open his contact info.

Work experience

Offensive Security Engineer & Penetration Tester (Pentester)

from 12.2018 to now (5 years 6 months)
IT

Developed strong leadership skills through leading penetration testing projects, overseeing teams, and ensuring the successful completion of deliverables. This experience has honed my ability to effectively manage resources, communicate project objectives, and collaborate with cross-functional teams to achieve project goals. My leadership capabilities, combined with my technical expertise, enable me to drive projects forward and deliver high-quality results that meet and exceed client expectations.Acquired expertise in effective communication and presentation, demonstrated through experience in client interaction.Conducted open-source intelligence (OSINT) activitives, performing internet and darknet reconnaissance. Investigated data leaks, collected information on individuals, companies, and websites and conducted forensic analysis on gathered data. Delved into vulnerability assessments for networks, wireless systems, and web applications, leveraging my expertise in Black, Gray, and White Box Penetration Tests.Implemented advanced techniques and tools, including proxies, scanners, fuzzing, scripting, and the exploitation of application logic, to ensure thorough vulnerability assessments and penetration tests.Proficiently identified and exploited a wide range of vulnerabilities, including SQL Injection, XSS, CSRF, SSRF, RFI, LFI, and RCE, employing tools such as Burp Suite PRO, OWASP ZAP, Acunetix, Metasploit, WPScan, and various others. My background in open-source intelligence positions me to make meaningful contributions to Red Team assessments and other tasks that require research, ensuring a comprehensive and proactive approach to cybersecurity challenges.Over the past year, I led 10+ projects aimed at enhancing cybersecurity against phishing for clients. This involved educating their staff and evaluating defenses, resulting in fewer successful phishing attempts and increased awareness. The projects not only boosted security but also fostered a culture of vigilance.My proficiency in OSINT, combined with expertise in the latest phishing methods and reverse proxying for MFA bypass using Evilginx, equips me to make substantial contributions to Red Team assessments.Extended my expertise to include attacks against Azure, and Active Directory, with a specialization in Kerberos attacks. Leveraging advanced Windows command line skills, I demonstrated proficiency in advanced Windows PowerShell during assessments. My commitment to staying current with evolving technologies and continually diversifying my skill set positions me as a valuable asset in the field of penetration testing.

Education

State University of Telecommunications

Information and Cyber Security, Київ
Higher, from 2023 to 2025 (2 years)

Knowledge and skills

Language proficiencies

• English — above average
• Spanish — beginner

Additional information

Working as an Offensive Security Engineer and Penetration Tester for the past 5 years, I have had the opportunity to engage in numerous compelling projects, accumulating valuable experience and acquiring a wealth of knowledge. These experiences have equipped me to execute my responsibilities with efficiency and speed.

Highly motivated to consistently enhance my skills and advance professionally. Always eager to collaborate with new information and thrive on tackling fresh challenges.


Skills:

I possess a comprehensive skill set in the field of cybersecurity, specializing in Black, Gray, and White Box Penetration Tests, Vulnerability Assessments, and a range of Penetration Testing Techniques.

- Leadership in Penetration Testing Projects: Proficient in leading penetration testing projects from initiation to completion, ensuring adherence to timelines and project objectives. Skilled in coordinating team efforts, assigning tasks, and monitoring progress to achieve project milestones effectively. Experienced in communicating project requirements, objectives, and outcomes to stakeholders, fostering collaboration and alignment across teams. Strong ability to analyze project risks, identify potential issues, and implement proactive measures to mitigate challenges and ensure project success. Demonstrated track record of delivering high-quality results that meet and exceed client expectations, establishing a reputation for excellence in leadership within the cybersecurity domain.

- Penetration Testing: Proficient in conducting Web Application, API, Network (Internal & External), Cloud, and Wireless Penetration Tests, ensuring robust security measures across diverse environments.

- Industry Frameworks: Comprehensive understanding of industry standards, encompassing OWASP Top 10, MITRE ATT&CK, CWE, CVSS, and others.

- Python: Foundational knowledge of the Python programming language.

- Reconnaissance and Intelligence: Skilled in conducting thorough Reconnaissance and Open-Source Intelligence (OSINT) activities to identify potential vulnerabilities and threats. Proficient in gathering information through various channels, including Human Intelligence (HUMINT), to collect information on individuals, companies, and infrastructures. Additionally, adept at monitoring the darknet and underground forums for data leaks and illicit activities, such as buying and selling databases, to proactively safeguard client interests. Experienced in monitoring the darknet and underground forums for leaks and offers to purchase databases, enhancing client company monitoring capabilities. Additionally, adept in utilizing Geospatial Intelligence (GEOINT).

- Social Engineering: Skilled in planning and executing Phishing and Social Engineering campaigns to evaluate and elevate user awareness and security. Proficient in staying updated on the latest phishing methods, including employing reverse proxying techniques to bypass Multi-Factor Authentication.

- Vulnerability Scanning Tools: Hands-on experience with a variety of tools, including Nmap (NSE), Burp Suite PRO, OWASP ZAP, Acunetix, Metasploit, Nessus, Nikto, SQLMap, and others, for effective vulnerability scanning and exploitation.

- Manual Exploitation: Proven expertise in manual vulnerability exploitation using tools like BurpSuite, Metasploit, netcat, and POC's, along with the ability to research and address public CVEs, ensuring a thorough assessment of security vulnerabilities.

- Post-Exploitation and Privilege Escalation: Proficient in post-exploitation techniques, lateral movement, and command & control (C2 (CC)) strategies to assess and fortify security postures.

- Password Security: Experienced in Password Attacks, including Cracking, Pass The Hash, Brute-Forcing, and Password Spraying techniques.

- Security Risk Assessments and Reporting: Conducting security risk assessments, generating comprehensive reports, and providing actionable recommendations for mitigation.


Additional Expertise

- Blockchain & Smart Contract Security Basics: Familiar with auditing blockchain technologies and smart contracts, including identifying potential vulnerabilities such as reentrancy, timestamp dependence, and integer overflow/underflow, ensuring the security and reliability of decentralized applications (DApps).

- Linux Systems and Bash Scripting: Strong background in working with Linux systems.

- Mail Servers & DNS: Proficient in configuring mail servers, DNS records.

- Reverse proxying techniques to bypass MFA, crafting HTML-based phishing emails and pages.

- CTF’s: Hack The Box rank - Hacker

- JavaScript & PHP: Foundational knowledge of the JavaScript & PHP programming languages.

- Certificates and Additional Education:

GIAC: GPEN
GIAC: GWAPT
SANS: SEC542
SANS: SEC560
CompTIA PenTest+
SANS: SEC554
eJPT
CSAS
CCNA
Evilginx
CEFR B2
Cisco ITC
Qualys (Vulnerability Management Specialist)