Konrad

Penetration Tester

Занятость:: Полная занятость, неполная занятость.
Возраст:: 36 лет
Город проживания:: Львов
Готов работать:: Днепр, Запорожье, Киев, Львов, Одесса, Удаленно

Контактная информация

Соискатель указал эл. почту и LinkedIn.

Получить контакты этого кандидата можно на странице https://www.work.ua/resumes/10695380

Опыт работы

Penetration Tester (Remote)

с 06.2019 по наст. время (5 лет)
KR. Laboratories, Київ (IT)

— Pentest. Executed 10+ External/Internal penetration tests, including Black-Box, Grey-Box and White-Box types, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG. I conduct manual testing using the following Offensive Security tools: Kali Linux, Parrot Linux, Arch Linux, Burp Suite, Metasploit, OWASP Zap, OWASP Amass, NMAP, SQLmap, WPScan, Joomscan, Droopescan, Wireshark, Cobalt Strike, Aircrack-NG, THC Hydra, Hashcat, BeeF and many others.

— Audit. I have conducted more than 20 security audits for various types of applications (Web/Mobile/Cloud/On-Premise/IoT/SCADA), including Vulnerability Scanning and Risk Management. In total, I discovered and investigated more than 300 vulnerabilities of various severity. In my work, utilizing CVE/CWE/Exploit-DB databases, CVSS score system and SAST/DAST scanners, such as: Acunetix, Nessus, Rapid7 Nexpose, OpenVAS, Intruder, WhatWeb, Nikto, Nuclei, Qualys, ImmuniWeb, Detectify, SonarQube, Snyk and others. My reports are detailed, contain actionable recommendations to improve security posture and mitigate identified vulnerabilities. All audits based on compliance requirements: ISO 27001/9001, NIST SP 800-115, COBIT, ITAF, PCI-DSS, HIPAA, SOX.

— Red Team. Led a team in performing Red Team and Social Engineering experiments that simulate real attacks and provide valuable information about security vulnerabilities. Created, selected, modified, tested exploits and backdoors in PHP, Python, JavaScript, Ruby, Perl. Automated processes using Bash and PowerShell. Thought over Offensive Security algorithms and strategy, attack and defense tactics, studied various techniques, methods, phases of Ethical Hacking: Reconnaissance, Network Intelligence, Enumeration, Fuzzing, Bypassing, Spoofing, Exploitation, Post Exploitation, Escalation Privileges.

— Cyber Threat Intelligence. Conducted 5+ OSINT investigations, during which identified various fraudulent schemes, malicious domains and deanonymize intruders. Using such tools as Google Dorks, Maltego, Intelx, Censys, Shodan, MISP, ZoomEye, Cybergordon, SpiderFoot, SecurityTrails, DNSdumpster, DNSlytics, GHUNT, Maigret, Metagoofil, Sherlock, Exiftool, Pymeta, theHarvester and others.

— Endpoint Security. Successfully monitored and protected at least 100 applications and infrastructure systems, using WAF, NGFW, IPS/IDS, DLP, SIEM. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE. During all time, blocked over 400 spam bots and eliminated 200+ threats (phishing, smishing, vishing, doorwaying, spoofing, poisoning, hijacking, clickjacking). Preventing unauthorized access, protecting sensitive data and involving potential data leaks for over 10 clients. Reported to CERT, CSIRT, DFIR and other incident response teams.

Образование

European University

IT Engineering, Київ
Высшее, с 2014 по 2018 (4 года)

Дополнительное образование и сертификаты

Certified Ethical Hacker (CEH)

2020
Сертификат

Знания и навыки

HTML SQL Ручне тестування Написання bug reports Складання чеклістів Стрес-тестування Burp Suite Metasploit NMAP OWASP Zap SQLmap Wireshark Hashcat THC Hydra John the Reaper Aircrack NG Maltego Shodan Censys DNSdumpster Nuclei Nikto Metagoofil Сумлінність JavaScript Kali Linux Parrot Linux Arch Linux Debian Ubuntu OSI TCP/IP HTTP VPN DNS SSH VMware VirtualBox Python Bash PowerShell PHP XML Tenable Nessus Offensive Security Ethical hacking Penetration Testing Vulnerability Scanning Програмування Acunetix

Знание языков

Английский — свободно
Украинский — свободно

Дополнительная информация

Professional Penetration Tester with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box) and Vulnerability Scanning & Assessment. Has deep dive technical skill and strong background of Ethical Hacking. Understanding most Offensive Security strategies and methodologies.

My articles: https://kr-labs.com.ua/author/konrad-ravenstone/

Some clarifications:
English - only technical
Jobs - only remote