خلاصہ

Cyber Security Consultant with a background in Systems Engineering
Experienced in Infrastructure Penetration testing / Red Team Operations and Threat hunting.

The Guy who loves breaking networks

I Love Popping shells, Escalating privileges, and Wandering inside Networks.

Specialized in Advance Active Directory Attacks From Generating Custom Macro Payload and Other Advance techniques for Initial access, Lateral Movement to Domain Controller pwnage.
Popped "NT Authority" / "root" shell in no time at Various projects.

- Having In-depth Command on Python3, Internals of OSs (Windows / Linux).
- Strong Hands-on with ELK Stack in various Threat Hunting projects. (Deployment / Analysis) (Security Onion, HELK).

I frequently participate in Global Online CTFs and hold a Pro Hacker rank on renowned CTF platform HackTheBox
https://app.hackthebox.eu/profile/15981

Open to work (relocation or Remote)

Areas of interest:
- Red Teaming
- Binary Exploitation
- Reverse Engineering
- Threat Hunting
- Memory Forensics

تجربہ

کمپنی کا لوگو
Team Lead - Cyber Operations
Ideators Pakistan
جون ۲۰۲۱ - موجودہ | Karachi, Pakistan

- Red Team Engagements.- Infrastructure Vulnerability Assessments and Penetration tests (internal/external)- Web Application Penetration tests.- VAPT, Compromise Assessment and InfoSec Project handling.- Team management- Securing an organization’s critical infrastructure- Report Development

کمپنی کا لوگو
Consultant - Cyber Security & Risk Advisory
A F Ferguson & Company
مارچ ۲۰۱۹ - جون ۲۰۲۱ | Karachi, Pakistan

- Infrastructure Penetration test (internal / External) and internal Red Team Engagements.- Vulnerability Assessments using commercial-grade tools (Nessus, Nexpose, Acunetix, Netsparker)- Penetration tests of Azure and AWS-based applications. (Cloud)- Vulnerability assessment in OT (Industrial Control Systems) Environments using commercial-grade tools (Nozomi Guardian) and review results. Collaborate with client’s staff to rank vulnerabilities, validate high-risk vulnerabilities on specific targets. Develop a remediation action plan.- Report writing- Customized Macro payloads for phishing, Deployed and managed C2 Frameworks (covenant, Faction, Cobalt Strike). Lateral movements to DC compromise- Threat Hunting, advance network, and host analysis in the event of a compromise.- Used ELK stack (Log Analysis) and deep memory forensics to identify threats, determine root cause, scope, and severity of each and compile/report findings into a finished analytical product.- Identify potential security exposures that may currently exist or may pose a potential future threat to the client’s networks and applications

کمپنی کا لوگو
Penetration Tester
Seclogi
جنوری ۲۰۱۹ - فروری ۲۰۱۹ | Karachi, Pakistan

• Conduct network, web and mobile application security vulnerabilities assessments, (review designs, perform pen test, code review, and security checks) through the use of scanning tools and manual checks and notify the appropriate team to take necessary action.

• Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.

• Identify potential security exposures that may currently exist or may pose a potential future threat to client’s networks and applications.

• Support Development Teams, Architects and Security teams to periodically review the application code and be able to define the security posture of applications and back-end systems

کمپنی کا لوگو
Systems Engineer
NewSoftwares.net
نومبر ۲۰۱۳ - جنوری ۲۰۱۹ | Karachi, Pakistan

• Layer 7 Firewall Management
• SSL/TLS, HTTPS, Security Management
• Cloud based Endpoint Device management
• Citrix Xen Server Administration
Install, configure, maintain, and support
Manages servers with multiple OS’s, includes provisioning, monitoring and upgrades.
Deploy and manage virtual servers, including server provisioning, upgrading, monitoring, maintaining, performance optimization.

تعلیم

Virtual University of Pakistan
بیچلرز, بیچلرز ان سائنس, BSc (Computer Networking)‎
Data Communication, Information Security, Network Design & Analysis
2021
Certified Red Team Professional (CRTP) - Pentester academy
سرٹیفیکیشن, ‎
Information Security
نامکمل
2021
MILE2
سرٹیفیکیشن, C)PTE - Certified Penetration Testing Engineer‎
Penetration Testing, Vulnerablity Assessment, Ethical Hacking
مکمل
2018
Govt: National College
انٹرمیڈیٹ / اے لیول, , FSc (Pre Engineering)‎
Physics
2011

پیشہ ورانہ مہارتیں

متوسط Active Directory
ابتدائی Assembly Language
ابتدائی Automation Languages Command
متوسط Bash
ماہر Ethical Hacker
ابتدائی GUI Framework
ماہر Information Gathering
متوسط Internet Troubleshooting
متوسط Linux
ماہر Metasploite
ماہر Nessus
ماہر Nmap
متوسط OWASP
ماہر Penetration Testing
ابتدائی PLC Network
متوسط Red Teaming
متوسط SQL Injection
ماہر Vulnerability Assessment
متوسط Web Application Security Assessment

زبانیں

متوسط انگریزی

سفارشات

جنرک پلیس ہولڈر کی تصویر
Syed Ghazali Ali
Customer Support Lead, NewSoftwares.Net
میں آپ کے ساتھ کام کیا NewSoftwares.net

Network Support

Hisan آپکے جاننے والے

Mohsin Younus
Webwooter
Syed Ghazali Ali
NewSoftwares.Net