Josh specializes in a proactive offensive approach in securing company assets within the different technology stacks. Currently, I’m focused on building a team of like-minded individuals within the southeast asia pacific region. My interest lies in developing custom C2 tools, researching latest offensive techniques and correlating the effectiveness of the defenses against such TTP
AAS is the flagship of my portfolio, stimulating an advanced-level attacker would in a real-life situation. Using popular OSINT tools to map out the attack surface of the company to give the initial access either via careless employee clicking on crafted payload or perhaps some common CVEs you forget to patch. The rules are simple, I am only interested in gaining access to your guarded network.
Providing core offensive security services such as web penetration testing and source code review, I will help you to secure your API endpoints, front/back end web server deployment, and give your more time to focus on the development of the business than worrying about security.
With the overwhelming number of N-days to patch, most IT enterprises are finding it hard to keep up with the patching cycle faster than the researcher. The solution focuses on building up your scanning capabilities with industry-standard scanners such as Qualys or Tenable, but I don't stop there. Leaning on the decade-old VM experiences, I will provide you the solution to prioritize what needs to be fixed now... through combined usage of quick API solution and expert know-how.
Certified OSWEs have a clear and practical understanding of white box web application assessment and security. They’ve proven their ability to review advanced source code in web apps, identify vulnerabilities, and exploit them. They use creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities OSWEs are able to assist web development teams in creating and maintaining web apps that are secure by design.
An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. OSCP holders have also shown they can think outside the box while managing both time and resources.
A certification holder has demonstrated the skills to understand and assess security of an Active Directory environment. A non-exhaustive list of skills: Active Directory Enumeration, Local Privilege Escalation, Domain Privilege Escalation using Kerberoast, Kerberos delegation, Abusing protected groups, abusing enterprise applications and more. Domain Persistence and Dominance using Golden and Silver ticket, Skeleton key, DSRM abuse, AdminSDHolder, DCSync, ACLs abuse, host security descriptors. Forest privilege escalation using cross trust attacks and Inter-forest trust attacks
Offensive Security Experienced Penetration Testers (OSEPs) have the expertise necessary to conduct pentests against hardened systems. They’ve proven their ability to identify intrusion opportunities and execute advanced, organized attacks in a focused manner. OSEPs can bypass security defenses, perform advanced attacks while avoiding detection, & compromise systems configured with security in mind. They are able to assess systems and execute penetration tests at a higher level than an OSCP.
Although I’m not currently looking for any new opportunities, my inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!