With more than 3.5+ years’ experience as an Information Security Analyst, I am adept in risk assessment, planning, and mitigation strategies. Moreover, my on-the-job experience has afforded me a well-rounded skill set, including first-rate project management and problem-solving abilities.I have deep knowledge of Security Assessment Methodology to identify vulnerabilities in Network, Cloud, API, Web, and Mobile Applications.
I have conducted and led hundreds of security audits, penetration tests and red team engagements for a variety of companies, ranging from multinational corporations with thousands of hosts in scope to startups or small clients that want to have an edge over their competition security-wise.
My day-to-day job is that of an ethical hacker, which has allowed me to amass great hands-on experience in the field of Penetration Testing, Cyber Security and Vulnerability Assessment, and to have a great understanding of the most widespread and modern technology stacks currently in use around the globe and their flaws from a security standpoint.
Follow systematic approach and best industry methodology like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115; PCI DSS etc to perform penetration testing
I am able to provide the following services:
✅ Penetration Testing Engagement ✅
This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well.
✅ Professional Report & Statistics ✅
Detailed report explaining step-by-step the exploitation and discovery method of each and every vulnerability discovered. Proof-of-Concept screen captures, full requests and responses, CVSS v3.0 standardised risk score, impact and ownership included.
✅ Remediation Advice & Guidance ✅
Remediation advice regarding all security issues discovered, how to fix them and warnings associated with the impact and risk of these vulnerabilities.
✅ Asset Discovery ✅
Through both active and passive methods, I can help you asses how big your digital footprint is on the internet and what is the attack platform visible from an outsider threat perspective. This includes subdomain enumeration and service/port discovery.
✅ Free Checkup ✅
Included in the price will be a checkup/retest of all aforementioned vulnerabilities present in the report in order to ensure that the implemented security controls and/or fixes are working as intended and that there is no other way to bypass them or exploit that vulnerability any longer.
✅ OSINT Reconnaissance ✅
Gathering of all valuable data pertaining to your company available on the internet. This includes any breached email addresses and related passwords available in cleartext on the internet, usually being traded on the dark web. Full access to over 4 billion records of personally curated lists of such information will help you to asses how vulnerable you are and what passwords need to be changed as soon as possible.
✅ Briefing ✅
I am available for calls/meetings discussing what the Scope of Work will be, where the focus of the penetration testing engagement will be, if all subdomains need to be included, if you want a black-box type of engagement or a white-box engagement, if accounts will be required, preferred hours for load testing and any other guidance your company would require if this is the first penetration test engagement that you are doing.
✅ Debriefing ✅
I am available for calls/meetings after the penetration test is completed in order to discuss with you the results of the engagement, what the main issues were and what my concerns regarding the security of your company are. This includes any further clarification regarding any vulnerability and the impact/risk associated with it.