Offensive Security/Pentesting

I have recently obtained my OffSec Certified Professional certification, an industry standard in penetration testing, proving my competency in real-world offensive security engagements.

I've always had an interest in penetration testing and offensive security (refer to $history). I'm constantly researching new attacks, vulnerabilities and techniques. I also frequently play TryHackMe and HackTheBox labs to keep my skills sharp and learn new things.

I frequently play and compete in CTFs, placing second individual at BSIDES Cache 2024 and second in teams (as a solo player) at BSIDES Red Rocks 2024.

Pracitcal Examples

During the OSCP exam I was tasked with penetrating six total machines, three standalones and three in an Active Directory network. While I'm limited on what details I can share due to exam restrictions, I was able to gain access to five of the six devices within 24 hours.

I employed a variety of tactics and techniques to gain initial access to, escalate privileges on and pivot between computers. From webservers to domain controllers.

CVE-2023-23752 POC - I also have experience in creating exploits such as this proof of concept for an information disclosure vulnerability in Joomla CMS.

Tools and Platforms

• nmap
• burpsuite
• netexec
• impacket toolsuite
• self-written exploits/payloads
• John the Ripper
• Many more