Overview
Greetings! Hi, I'm an expert in the Information Security domain having diverse experience of 5+ years including Penetration Testing, Infrastructure Security, Deep Packet and Forensic Analysis, Blueteaming/SOC, Security Monitoring, Auditing and BugBounty. You can check out my blog at rogueprotocols.com and my Public contributions at GitHub (@eszedkae) ---- My Area of Proficiencies includes: • Extensive experience in infrastructure and application penetration tests for global clients. • First-hand experience in testing banking applications with millions of users for secure and safe transactions. • Specialized in Exploit Research & Development, Python/Bash scripting, Server Hardening, Endpoint Security and Network Security Administration. • Highly skilled in assessing cloud infrastructure (AWS) for implementing access privileges, control structures, and minimal resources consumption. Google Cloud (GCP), Microsoft Azure and Oracle Cloud. • Experienced in implementing policy-based SEIM solution with active threat intelligence and central log management. Splunk, ELK Stack, QRadar, Snort, OSSEC, Graylog. • First-hand experience on compliance PCI DSS (Credit Card Industry) for various financial business companies. • Working experience in integrating DevOps tools to automate infrastructure tasks including implementation of a fully automated CI/CD pipeline via Jenkins, ansible, docker, Terraform on AWS cloud infrastructure. ---- I've acquired Training and Certifications: - CEH Certified Ethical Hacker - SANS SEC-575: Mobile Device Security - SANS SEC-560: Network Penetration Testing - SANS SEC-542: Web-App Penetration Testing - SANS FOR408: Windows Forensic Analysis - SANS SEC503: Intrusion Detection In-Depth - Offensive Security: PWK, Penetration with Kali Linux - (OSCP) - SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling - (GIAC GCIH) - SANS SEC560: Network Pentesting and Ethical Hacking - ISO/IEC 27001:2013 - Information Security Management - RHCSA RedHat Linux Administration ---- I mainly provide the following Services but opened to consultation and customised work 1. WebApp | Android | iOS Penetration Testing based on OWASP TOP 10 2. Network & Infrastructure Penetration Testing 3. Vulnerability Assessment 4. Endpoint Security Hardening & Monitoring My core competency lies in performing black and grey box testing, on the live web applications/networks or in lab environments. I am familiar with all common attack vectors and mitigation techniques, as well as finding unknown to public exploits known as 0days in web applications. Even though most of my work is confidential I can share vulnerability assessment sample. ---- I've worked on several tools including: - Security Pentesting BurpSuite Professional, sqlmap, Nmap, Metasploit, OpenVAS, Mimikatz, Nikto2, IBM Appscan, Acunetix. - Intrusion Analysis/NSM Bro, Snort, Suricata, Security Onion, OSSEC, OSSIM - Deep Packet Inspection TCP/IP Protocols, Traffic Flow, Scappy, Wireshark, tcpdump - Windows Forensics File Carving, Registry Hives, User Profiling, USB Analysis, Email Forensics, Prefetch Analysis, Event Log Analysis - Network Security Assessment Nmap, Nessus, OpenVAS, Metasploit, Maltego, Hashcat, John, Aircrack-ng, Netcat - Log Analysis Firewalls, Antivirus, Web Servers, Email Servers, IDS/IPS, Network Appliances - Others IBM QRadar, Splunk, Alienvault, LogRythm, CarbonBlack, CrowdStrike, SecurityOnion, Bro Framework, Snort/Suricata, Wireshark, tcpdump, Encase.