Skills
Here's a brief rundown of my abilities. This list is intentionally concise and omits fluff.
- Red Teaming in complex Active Directory environments
- AV/EDR evasion using
LOLBAS, custom loaders, and process injection - High-level phishing campaigns using:
GoPhishfor campaign automation and trackingEvilGinxwith custom phishlets for 2FA bypass- Advanced spam filter evasion (e.g. DKIM/SFP trickery, advanced bot filtering, cloaked payload delivery)
- Social engineering phone calls
- Post-exploitation with C2 frameworks (e.g.
Cobalt Strike,Sliver) - Post-exploitation on Linux platforms
- Linux-first workflow:
Alpine,Arch,Debian,Nix,OpenSuse,RHEL - Manual OS hardening:
AppArmor,firewalld,sysctl, permissions,PAM,journaldconfigs - Containerized workflows using
LXC/LXD
- Infrastructure as code:
Ansible> Bash one-liners > YAML hell LXC/LXDfor reproducible testbeds and dynamic lab deployments- CI/CD pipelines (
GitLab CI,Jenkins) - System validation with
Goss+DGoss
- Secure architecture design & review
- Threat modeling focused on real risk
- Detection engineering with
YARA,Suricata - SIEM pipelines mit
ELK,Graylog,syslog-ng
Certifications / Courses
- Phishing
- MalDevAcademy | Offensive Phishing Operations
- BreakDev | Evilginx Mastery
- Offensive Security
- Zero-Point Security | Certified Red Team Operator
- Blue Team Stuff
- Qualys | Vulnerability Management Detection and Response
- Qualys | Endpoint Detection and Response Certification
- Linux
- LPIC-1 | Linux Administrator
- IHK
- State Certified IT Specialist for Systems Integration
Experience
2023 - Present
Junior Penetration Tester & Security Engineer at SmartTECS Cyber Security
As part of my role, I was responsible for conducting comprehensive penetration tests across various environments, developing robust IT emergency response plans, and supporting the implementation of ISO 27001-compliant information security management systems. I also designed and hardened Linux-based infrastructures (RHEL and Debian) and integrated as well as monitored network detection systems, including NIDS, AIDS, and HIDS, to enhance overall organizational security posture. I was actively involved in threat intelligence gathering and analysis to proactively identify, assess, and mitigate emerging risks.
2020 - 2023
Apprenticeship β Linux Administrator at SBE network Solutions
Completed a vocational training as an IT Specialist for System Integration, with a strong focus on planning, deploying, and maintaining Linux-centric and hybrid infrastructures. Core responsibilities included managing
Samba4 Active Directory environments, building containerized services with LXC, and automating system configurations using Puppet. Daily work involved deploying secure proxy services via Squid, implementing system monitoring and backup strategies, and troubleshooting complex issues in Debian- and RHEL-based networks. Gained deep experience in integrating open-source tools to create scalable, secure, and maintainable environments.
Hobbies
- Red Teaming
- Self-hosting
- Hiking
- Kickboxing
- Sports photography
- Bodybuilding