Programming Languages/ Technologies
§ Python
§ Solidity
§ C\C++
RDBMS
§ My SQL
§ SQLite
Development Tools
Virtualization environments
§ VMWare
§ VirtualBox
§ Genymothion
§ AdroidStudio
Operating Systems
§ Microsoft Windows 95/ 98/ 2000/ XP/ 2003 Server/ Vista / 7/8/10
§ Kali Linux
§ Ubuntu
Application/Web Servers
Methodologies
§ OWASP
§ NIST
§ ISACA
Testing Tools
§ Nmap
§ Nikto
§ Burp Suite
§ OWASP ZAP
§ Nessus
§ Wireshark
§ Maltego
§ Sqlmap
§ Gobuster
§ Metasploit
§ Cloudflare
§ Slither
§ Apktool
Hardware
§ Network technologies
§ Different technological device
Other
§ Technical Documentation/ Penetration Testing Reports
§ Reverse Engineering
Mobile application for IOS and Android fitness app. Red-team pentester, worked with clients security team. Conducting the penetration testing of all new releases of apps.
§ Analyze the system and prepare scope of work
§ Determine the possibility of specific attack vectors.
§ Reverse Engineering of Android app
§ Testing security of the apps
§ Dynamic and Static testing
§ Test api and requests to the server
§ Identify a combination of high and low risk vulnerabilities
§ Prepare a detailed report on found vulnerabilities including executive summary, risk level of each vulnerability and recommendations on how to fix them.
Nmap, Wireshark, Metasploit, Nessus, Burp Suite
Auditing the smart contract of token and bridge based on etherium. ERC20 standard.
§ Analyze the system and prepare scope of work
§ Check loops for miner attacks on timestamps and orders, and transaction order dependency
§ Determine inconsistency between specification and implementation
§ Identify defective design, logic, and access control
§ Provide recommendations to improve contract security and readability.
§ Prepare a detailed report on found vulnerabilities including executive summary, risk level of each vulnerability
Slither, Manticore, Surya, SonarQube
§ Smart Contract Audit
§ Check loops for miner attacks on timestamps and orders, and transaction order dependency
§ Determine inconsistency between specification and implementation
§ Identify defective design, logic, and access control
§ Provide recommendations to improve contract security and readability
Apktool, Graudit, Genymothion, Burpsuite
Dating platform. Penetration testing to estimate WAF security and uncover vulnerabilities.
§ Check loops for miner attacks on timestamps and orders, and transaction order dependency
§ Determine inconsistency between specification and implementation
§ Identify defective design, logic, and access control
§ Provide recommendations to improve contract security and readability
Apktool, Graudit, Genymothion, Burpsuite