John K.
Details
Penetration Testing & Ethical Hacking
SANS Technology Institute
2017 : 2019
Bachelor of Science
Business Administration
San Diego State University
MBA
University of West Florida
Engineered, executed, and submitted numerous real-world cybersecurity exploits, receiving cash bounties and recognition from programs like Hack The Pentagon, Hackerone, and Bugcrowd.
Ranked #249 of 25,550 ethical hackers on hackthebox.eu (pentest lab)
BSIDES talk : https : //youtu.be/YoNrNBnmwuY
https : //www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fwww%2eexploit-db%2ecom%2Fexploits%2F42261%2F
PenTestGPT proficient
AWS Environment Security Assessor
OSCE, OSCP, GXPN, and GWAPT-certified penetration testing proficiency :
Webservices/API testing (Postman, SOAP-UI Pro/ReadyAPI, Burp Suite Pro)
Mobile Apps (MobSF, Frida/Objection, Drozer, apktool, jadx)
Active Directory (PowerView, PowerUp, nishang, Bloodhound, Kerberoasting)
Kali Linux
Zero-day bug hunting, exploiting, disclosing
Command line proficiency (Linux, Windows)
Passive information gathering (e.g Whois, Recon-ng Framework)
Active information gathering (e.g. nmap, host)
Vulnerability scanning/assessment (e.g. OpenVAS, Nessus, nmap, Tripwire IP360
Advanced buffer overflow attacks (Windows, Linux)
Exploit development (find bugs, create custom exploits, find 0day vulnerabilities)
Python, Perl, Ruby, C+ , Bash script
File transfer (e.g. ftp, wget, fetch, ncat)
Privilege escalation (Windows, Linux), local and remote
Client-side attacks (e.g. phishing, session steals, etc)
Web application vulnerability assessment/exploitation (Burp Suite Pro, nikto, Zap, IBM AppScan, Core Impact)
Web application attacks (e.g. File Inclusion, SQL Injection, XSS, CSRF)
Password attacks (e.g. Hydra, John the Ripper, pass-the-hash)
Pivoting/Port Forwarding/Redirection (e.g. local, remote, dynamic, Proxychains)
Metasploit Framework expert
Bypassing Antivirus software (e.g. binary re-engineering, encoding, obfuscating)
Risk assessment and management
Penetration test report writing
2015 : Present
Independent
Cybersecurity Assessor / Ethical Hacker / Bug Bounty Hunter / Penetration Tester
Previously a Naval Flight Officer, then a member of the US Navy's Information Warfare Community.
While assigned to United States Strategic Command, I planned, led, and managed a large set of IT test, evaluation and cybersecurity certification projects for USSTRATCOM's new headquarters program.
While there, on my own time, I became an experienced, skilled, and certified ethical (whitehat) hacker.
2004 : 2016
US Navy
Information Warfare Community
2005 : 2007
Commander Naval Forces Europe/Commander Sixth Fleet
Joint Headquarters Certification Exercises
2003 : 2005
US CENTCOM
Knowledge Management Officer
1998 : 2003
DeCare Dental
Business Systems Analyst/ IT Project Manager
Skills
Business Analysis, C4ISR, CEH, CISSP, Command, Computer Security, Cross-functional Team Leadership, Cyber Security, Data Science, Defense, DIACAP, DoD, Electronic Warfare, Government, Government Contracting, Information Assurance, Information Security, Information Technology, Intelligence, Knowledge Management, Leadership, Machine Learning, Management, Marketing, Military, Military Experience, Military Operations, Military Training, Music Production, National Security, Navy, Networking, OCSP, Operational Planning, Organizational Leadership, OSCP, Penetration Testing, Process Improvement, Program Management, Project Management, Requirements Analysis, Requirements Gathering, Sales, Security+, Security Clearance, Systems Engineering, Team Building, Team Leadership, Top Secret, U.S. Department of Defense
Profile Photo
