Certified Ethical Hacker (C|EH) and Penetration Tester with 8+ years of experience.
Providing Professional Penetration Testing services:
- Black-Box, White-Box, Grey-Box Penetration Testing
- Web Application Penetration Testing
- Software Penetration Testing
- Red Team Penetration Testing
- Social Engineering Testing
- Mobile Penetration Testing
- Network/Wireless Penetration Testing
- IoT Penetration Testing
In my work follow according to the best cybersecurity practices, standards, methodologies:
- OWASP TOP 10
- OWASP Testing Guide
- OWASP Application Security Verification Standard (ASVS)
- OWASP Mobile Application Security Verification Strandard (MASVS),
- OWASP Firmware Security Testing Methodology
- SANS TOP 25 Risks
- The Open Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing Execution Standard (PTES)
- NIST SP 800–115
- MITRE ATTACK & DEFEND
- Information Systems Security Assessment Framework (ISSAF)
- PCI-DSS Penetration Test Guidance
- Web Application Security Consortium (WASC)
My penetration testing toolkit:
- Reconnaissance / Fingerprinting: Maltego, Shodan, Zoomeye, Censys, theHarvester, DNSdumpster, DNSlytics, SpiderFoot, SecurityTrails, Spyse, SimilarTech, Wappalyzer, PublicWW, BuiltWidth, Netlas, LeakiX, OPSWAT, Hunter, GHUNT, exiftool, Metagoofil, Pymeta;
- Enumeration / Fuzzing: OWASP Amass, Sublister, Dirhunt, Dirbuster, Gobuster, Crlfuzz, XSStriker, Photon, FFUF, Adfind;
- Vulnerability Scanning & Assessment: Acunetix Vulnerability Scanner, NMAP, Wireshark, Nuclei, Nikto, WhatWeb, Qualys Web Application Scanner, Rapid1 Nexpose, Tenable Nessus, OWASP Zap, OpenVAS, Detectify;
- Offensive Security: Metasploit, Exploit-DB, BeeF, THC Hydra, HashCat, Weevely, Ettercap, Aircrack-NG, BurpSuite, SQLmap, WPScan, Cobalt Strike.