Attack IQ

Security Engineer

I develop scenarios within a Breach and Attack Simulation (BAS) platform, simulating threat actors and ensuring alignment with the MITRE Framework. This involves creating realistic scenarios to test and evaluate the effectiveness of cybersecurity measures in detecting and responding to potential breaches and attacks. This focuses on post-explotation techniques to allow customers detect threats in production without impacting the infrastructure, like it could happen with regular pentesting where you can potentially break things. Although we have some initial access scenarios.

As a Detection Engineer, I have experience with various security controls and tools, including:

• Crowdstrike
• Microsoft Defender for Endpoint
• Cybereason
• Carbon Black
• Splunk
• Palo Alto Networks
• VirusTotal

I generate mitigations using the MITRE Framework and employ Generative Pre-trained Transformers (GPT) to provide customers with actionable recommendations for strengthening their protection post BAS testing.

I design and implement infrastructure solutions aimed at emulating the tactics and techniques used by threat actors. This showcases a proactive approach to cybersecurity.

I am involved in researching and developing advanced cybersecurity techniques, focusing on developing a crypter using Golang and Assembly, and other low-level evasion techniques (such as Direct System Calls, unhook ntdll or kill ETW threads). This crypter plays a crucial role in obfuscating malware, enabling security teams to detect attacks based on behavior, this just bypass EDR in the evasion techniques itself but allows to use hooked API calls from the EDR in order to trigger the desired Security Control (SC) behavior detection (aka: read LSASS memory process, instead of mimikatz signature). It’s a challenging yet rewarding endeavor that aligns with my commitment to staying at the forefront of cybersecurity advancements.