Konrad

Penetration Tester

Зайнятість:: Повна зайнятість, неповна зайнятість.
Вік:: 36 років
Місто проживання:: Київ
Готовий працювати:: Дистанційно, Київ, Львів, Одеса

Контактна інформація

Шукач вказав ел. пошту та LinkedIn.

Отримати контакти цього кандидата можна на сторінці https://www.work.ua/resumes/10695380

Досвід роботи

Penetration Tester (Remote)

з 06.2019 по нині (5 років)
KR. Laboratories, Київ (IT)

— Pentest. Executed 10+ External/Internal penetration tests, including Black-Box, Grey-Box and White-Box types, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG. I conduct manual testing using the following Offensive Security tools: Kali Linux, Parrot Linux, Arch Linux, Burp Suite, Metasploit, OWASP Zap, OWASP Amass, NMAP, SQLmap, WPScan, Joomscan, Droopescan, Wireshark, Cobalt Strike, Aircrack-NG, THC Hydra, Hashcat, BeeF and many others.

— Audit. I have conducted more than 20 security audits for various types of applications (Web/Mobile/Cloud/On-Premise/IoT/SCADA), including Vulnerability Scanning and Risk Management. In total, I discovered and investigated more than 300 vulnerabilities of various severity. In my work, utilizing CVE/CWE/Exploit-DB databases, CVSS score system and SAST/DAST scanners, such as: Acunetix, Nessus, Rapid7 Nexpose, OpenVAS, Intruder, WhatWeb, Nikto, Nuclei, Qualys, ImmuniWeb, Detectify, SonarQube, Snyk and others. My reports are detailed, contain actionable recommendations to improve security posture and mitigate identified vulnerabilities. All audits based on compliance requirements: ISO 27001/9001, NIST SP 800-115, COBIT, ITAF, PCI-DSS, HIPAA, SOX.

— Red Team. Led a team in performing Red Team and Social Engineering experiments that simulate real attacks and provide valuable information about security vulnerabilities. Created, selected, modified, tested exploits and backdoors in PHP, Python, JavaScript, Ruby, Perl. Automated processes using Bash and PowerShell. Thought over Offensive Security algorithms and strategy, attack and defense tactics, studied various techniques, methods, phases of Ethical Hacking: Reconnaissance, Network Intelligence, Enumeration, Fuzzing, Bypassing, Spoofing, Exploitation, Post Exploitation, Escalation Privileges.

— Cyber Threat Intelligence. Conducted 5+ OSINT investigations, during which identified various fraudulent schemes, malicious domains and deanonymize intruders. Using such tools as Google Dorks, Maltego, Intelx, Censys, Shodan, MISP, ZoomEye, Cybergordon, SpiderFoot, SecurityTrails, DNSdumpster, DNSlytics, GHUNT, Maigret, Metagoofil, Sherlock, Exiftool, Pymeta, theHarvester and others.

— Endpoint Security. Successfully monitored and protected at least 100 applications and infrastructure systems, using WAF, NGFW, IPS/IDS, DLP, SIEM. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE. During all time, blocked over 400 spam bots and eliminated 200+ threats (phishing, smishing, vishing, doorwaying, spoofing, poisoning, hijacking, clickjacking). Preventing unauthorized access, protecting sensitive data and involving potential data leaks for over 10 clients. Reported to CERT, CSIRT, DFIR and other incident response teams.

Освіта

European University

IT Engineering, Київ
Вища, з 2014 по 2018 (4 роки)

Додаткова освіта та сертифікати

Certified Ethical Hacker (CEH)

2020
Сертифікат

Знання і навички

HTML SQL Ручне тестування Написання bug reports Складання чеклістів Стрес-тестування Burp Suite Metasploit NMAP OWASP Zap SQLmap Wireshark Hashcat THC Hydra John the Reaper Aircrack NG Maltego Shodan Censys DNSdumpster Nuclei Nikto Metagoofil Сумлінність JavaScript Kali Linux Parrot Linux Arch Linux Debian Ubuntu OSI TCP/IP HTTP VPN DNS SSH VMware VirtualBox Python Bash PowerShell PHP XML Tenable Nessus Offensive Security Ethical hacking Penetration Testing Vulnerability Scanning Програмування Acunetix

Знання мов

Англійська — просунутий
Українська — вільно

Додаткова інформація

Professional Penetration Tester with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box) and Vulnerability Scanning & Assessment. Has deep dive technical skill and strong background of Ethical Hacking. Understanding most Offensive Security strategies and methodologies.

My personal IT Blog: https://kr-labs.com.ua/author/konrad-ravenstone/