I have extensive experience in reviewing network designs and implementations and Cyber Security engagements, having worked in the industrial networking sector for over 10 years. My experience includes conducting penetration tests of both wired and wireless applications using the black box and grey box testing methodology across Windows and *nix Applications. I have performed many engagements assessing the security of network infrastructure devices, their routing capabilities, and wireless-based implementations, including authentication reviews such as firewall security testing including IPTables, SSH, and PAM confirmation, Group / User Access across devices and applications.
I have also confirmed Operating Effectiveness testing with technology such as WEP, WPA, WPA2, capturing 4-way handshakes, de-authentication, WPS Pin capture, replaying attacks, and cracking passwords offline. I have also coded my own toolsets to aid in password cracking that has been used successfully and provided great value on multiple client’s networks. Additionally, I have conducted numerous social engineering exercises, including physical access engagements – including red teaming, phishing, vishing, and smishing exercises.
My significant experience extends to performing reviews of the design, implementation, management, and security of Active Directory at a range of different clients across a broad range of sectors. This includes reviews of service accounts, Domain Admins, and Enterprise Admin accounts. My related experience includes testing privilege escalation and untrusted paths in Active Directory to understand the permissions and relationships between the security of users, groups, and systems. Using up-to-date techniques, I am able to capture the threats and provide evidence of the Active Directory structure visually in a technically and business-focused manner for the executive board, management, and technical teams as required.
I have over 10 years’ experience in managing the security of critical network infrastructure, network design, and Intrusion Detection / Prevention Systems, including SIEM, IDS/IPS. I keep up to date with the latest threats and weaknesses used by illicit threat actors through forums and internet-based chat rooms where I learn and discuss new threats, find new weaknesses then deliver mitigation advice to clients on how to remediate issues found. I have also conducted engagements on *nix systems, vulnerability management, web application testing – covering OWASP and data leakage exercises.
