Skip to content

Security Engineer @ AttackIQ

Focus: Offensive Security & Breach and Attack Simulation (BAS)

At AttackIQ, I focused on offensive security and threat simulation, specializing in automating threat actor scenarios to evaluate the effectiveness of security controls in production environments without impacting infrastructure.

Key Responsibilities & Achievements

  • Threat Simulation & MITRE ATT&CK: Specialized in automating threat actor scenarios aligned with the MITRE ATT&CK framework, providing customers with actionable intelligence on their security control effectiveness (e.g., Splunk, Crowdstrike, Microsoft Defender).
  • Detection Engineering: Developed scenarios for post-exploitation techniques, ensuring realistic simulation to test detection and response capabilities across various platforms (Cybereason, Carbon Black, Palo Alto Networks).
  • Low-Level Research & Evasion: Researched and developed advanced cybersecurity techniques, including a custom crypter using Golang and Assembly x86-64.
  • EDR Evasion & Obfuscation: Implemented low-level evasion techniques such as Direct System Calls, unhooking ntdll, and terminating ETW threads to bypass EDRs while triggering behavioral detection (e.g., reading LSASS memory).
  • AI-Driven Mitigations: Employed GPT models to generate actionable recommendations and mitigations for customers based on BAS testing results.

Technical Stack

  • Security Controls: Crowdstrike, Microsoft Defender, Splunk, Palo Alto Networks.
  • Offensive Tools: Breach and Attack Simulation (BAS), MITRE ATT&CK.
  • Low-Level & Evasion: Assembly x86-64, Golang, Crypter Development, EDR Evasion.
  • Research: Python, VirusTotal, Threat Simulation Infrastructure.