Memorable Client Findings

  • Helped a sizable software company with their AWS Cloud & AWS Directory Service Purple Team, interesting experience overall! Although I am by no means a specialist in cloud pentesting

  • Helped deliver 3 tabletop exercises across the span of 2 months, one was heavily technical and another was OT/DR focused

  • External Perimeter Testing of a large global financial instutution, basically a large bug bounty scope of 1024 root domains
    • Found lots of cool thngs like exposed Springboot Actuators, Git repos with cloud keys and passwords …
    • Also took down their asia presence for a few hours…

  • Trialled evilgophish with a returning client for phishing campaigns and they loved the results :fishing_pole_and_fish:

  • Was given flights and accomodation to do a solo on-site internal pentest in Melbourne :airplane::tram:

  • Delivered 10 phishing campaigns across 8 weeks, fighting against NetCraft and friends

Work Changes

I got promoted to Consultant (from Associate) at the end of 2022, it was a great year of upskilling for me in the internal pentest as I got exposure through:

  • Two certs: CRTO and CRTP
  • Fieldwork experience: Shadowed a handful of internal pentests, and led a Ransomware Readiness Assessment which I performed the internal part solo