Who Am I?
My Name is F1shh and I am a Red-Teamer
Work Experience
| Title | Description | Duration |
|---|---|---|
| Information Security Engineering Associate | Performed black box security audit of administration tools. Performed Vulnerability Discovery and aided in Vulnerability Remediation | 2021-2023 |
| I.T. Security Engineering | Worked at Start-Up. Security and information Technology work in BioMed | 2022-2023 |
| Security Consultant | Red Team Security Consultant. | 2023-Present |
Formal Education
Rochester Institute of Technology. (2019-Present)
| Course | Description |
|---|---|
| Routing and Switching | Learned how to configure Cisco networking equipment. |
| Systems Administration | Domain management and deployment. |
| Network Services | Gained in-depth knowledge of TCP, DNS, and DHCP. |
| Reverse Engineering Fundamentals | Reverse engineering for malware analysis. |
| Programming for Information Security | Strengthened knowledge of Python, C, and x86. |
| Web and Mobile Development | Basic Front End website development. |
| Computer Science 141/142 | Python and Java Object Oriented Programming. |
| Penetration Testing | Windows, Linux, and web penetration Testing |
| Cyber Defense Techniques | Participated in 3 Network Defense Competitions |
| Introduction to Cryptography | Cryptanalysis and cryptography |
| Introduction to Database Modeling | Mysql database modeling |
| Authentication | Authentication schemes and implementation |
| Cyber Policy and Law | The Rules that govern security research |
| Web application Security | In depth knowledge of web application testing |
| Humanitarian FOSS | Learned how to contribute to open source projects |
| Network Security and Forensics | Learned how to perform network forensics |
| Computer Systems Forensics | Windows, Mac, and Linux operating system forensics |
| Network and System Security Audit | Learned how to audit networks |
| Social Consequences of Technology | How Technology effects our everyday life |
Reverse Engineering Fundamentals Project
Reverse Engineered a modified version of the RacoonStealer Trojan. Used IDA7, ExeinfoPE, and UPX to perform Static Analysis. Performed Dynamic analysis using x64dbg, OLLYDBG, Netcat, Wireshark, Process Explorer, ProcMon, and other related tools. Used Dynamic Analysis Techniques to observe the program’s memory allocation used to unpack the malware. Performed further analysis on unpacked memory which revealed the malware’s payload, it was designed to steal information and passwords from web browsers and crypto wallets. Wrote a twelve page report detailing the findings and discussed potential host and network based indicators of infection.
Systems Administration Labs
Deployed Active Directory Domain Services, Group Policy Management, File Servers with RAID configurations, configuration of DHCP IP addressing, Mail Services, and Web servers, on both CentOS7 and Windows Server 2016. Learned how to work with remote deployment as well as developed research and troubleshooting skills in order to overcome issues that arise when creating complex domain topology.
Programming For Information Security labs
Further developed skills with the programming languages Python, C, and x86 Assembly. Labs included creating interpreters in python, creating multithreaded client/server programs in C, and converting C code to x86 assembly.
What can I do?
I spend most of my free time tinkering, or trying to break programs. Though I am largely self taught, I do have a very strong formal foundation provided to me by my time at Rochester Institute of technology. Below is a brief rundown of what I have learned over the years
Programming Languages
GoLang, Java, Python, C/C++/C#, HTML/CSS, NodeJS, x86 Assembly, and LaTex
Frameworks, APIs, Libraries and Modules
Bootstrap, Hugo, Kubernetes, JavaFX, Docker, and Discord.js
Operating Systems
CentOS, Red Hat, Debian, Arch (by the way), Windows, ProxMox, PFSense, and Windows Server 2016-2019
Software and Tools
BurpSuite, Rapid7 InsightVM, Spirion, Rancher, Photoshop, Plex, Heimdall, SonarQube, VSCodeGrepper, and OpenVPN, Wazuh, Snort, OSSEC, and many many more (see my TryHackMe Profile for a more comprehensive list)
Visit My Github:
If you want a sneak peak of what im currently working on, you should visit my github. Please note that most of my tools are private, but there are some fun public repos. https://github.com/F1shh-sec/
Profile Summary
My Top Languages On Github
This widgit is a little deceptive since my most commonly used language is GoLang. Since I use GoLang to write Red-team tools, those projects are private, and dont count towards the stats.