Redteamer

My Services

Interested in hiring me for some 1099 or W-2 work? Here are some of the freelance services I offer. Send me an email using the link on the left sidebar and we can discuss your needs further.

Penetration Testing

Penetration testing is a security test in which I mimic real-world attacks to identify methods for circumventing the security features of a binary or web application, system, or network. It often involves launching real attacks on real systems and data that use tools and techniques commonly used by attackers. Most penetration tests involve looking for combinations of vulnerabilities on one or more systems that can be used to gain more access than could be achieved through a single vulnerability.

Penetration testing can also be useful for determining:

  • How well the system tolerates real world-style attack patterns.
  • The likely level of sophistication an attacker needs to successfully compromise the system.
  • Additional countermeasures that could mitigate threats against the system.
  • The defenders’ ability to detect attacks and respond appropriately.

Social Engineering

Social engineering is a tactic used to persuade individuals to give sensitive information and/or to perform some kind of action. There are four major social engineering categories: Phishing, Spear-phishing, Whaling, and Vishing. Some attackers use phone and other voice communications platforms to perform “vishing” attacks. I make use of social engineering tactics to mimic real world attacks and techniques commonly used by attackers.

Social engineering tactics that can be attempted include:

  • Developing and executing organization specific pretexts.
  • Creating cloned credential harvesting websites and other lures.
  • Sending malicious attachments and links to organization users.

Redteaming

Red team testing uses advanced, real-world attack techniques to bypass security controls in order to gain access to protected systems or sensitive data. This is a goals oriented assessment with a wide, “no holds barred” (to the extent the law allows) scope. I gather information starting with OSINT, making use of data from past breaches and other information I can scour from everywhere, including the Dark Web. I then attempt to identify vulnerabilities the system using scanning tools, performing analysis of information systems and applications, and attempting to manipulate software applications in ways they were not intended. I usually chain together multiple exploits of vulnerabilities in order to gain access to an information system.

A red team’s goals can include:

  • Assess the overall security monitoring and defensiveness of client endpoints.
  • Assess the SOC’s ability to detect and monitor attacks against client systems.
  • Provide real-world insights regarding current information systems implementations.
  • Attempt to gain real world insights regarding current client’s security posture.

Threat Emulation

Threat emulation testing is a security assessment where I use real-world attack techniques used by various threat actor groups to bypass security controls in order to test and assess an organization’s defensive monitoring and detection capabilities. It’s similar to red teaming, but the techniques I use are mapped to a specific threat actor’s history. First, a threat profile is generated using available Threat Intelligence to list the methods and techniques that an attacker has historically used against their targets. I gather information about the targeted information systems, including architecture, layout, components, and purpose. I then attempt to identify vulnerabilities within the system using scanning tools, analysis of information systems and applications, and manipulation of software applications.

The goals of performing a threat emulation operation are to:

  • Assess the overall security monitoring and defensiveness of client endpoints.
  • Assess the SOC’s ability to detect and monitor attacks against client systems.
  • Provide real-world insights regarding current information systems implementations.
  • Attempt to gain real world insights regarding current client’s security posture.

Mobile Application Testing

Mobile Applications are a relatively new addition to most organizations, and many mobile applications haven’t undergone extensive checking to ensure they function well, are usable, have security “baked in”, and perform well. Mobile applications are usually the way most of an organization’s users or customers interact with the business, so ensuring these applications are secure is especially vital.

When I assess mobile applications, I do the following:

  • Assess a mobile application against the OWASP MSTG and MASVS standards.
  • Test a mobile application’s authentication, authorization, data security, and third party libraries for vulnerabilities.
  • Use static and dynamic runtime analysis to review a mobile application for weaknesses.