Abdul Jalil

• Associate penetration tester on the application security team.

• Conducting security vulnerabilities tests on web applications, Networks , Mobile applications Installing security firewalls, Web application firewall.

• Applying, training, implementing NIST, ISO/IEC 27001 frameworks.

• Conducted comprehensive internal and external network and application tests across various industries for multiple clients, with the goal of identifying security misconfigurations that could lead to account takeovers, gaining domain administrator privileges, or accessing servers/hosts through web applications or networks.

• Utilized a range of tools including BurpSuite, SQLmap, Python-based exploits from GitHub, and PHP-based exploits to conduct penetration testing on web applications such as WP, Joomla, Drupal, and various custom-made applications or CMS. Employed the Metasploit framework in Kali Linux for brute force attacks, utilized tools like SlowHTTPTest, Hping3, and Nmap to assess network security and vulnerabilities.

• Leveraged 0day exploits to test vulnerabilities in the latest/newer technologies, software, networks, web applications, and mobile applications, providing reports to seniors with mitigation suggestions.

• Conducted tests on plugins, checked for broken links and web upload options to prevent XSS attacks, database hacks, root access, and even DNS attacks through server/host hacking, reporting findings and recommending patches and fixes to the team lead.

Conducted authorized cyberattacks on computer systems, networks, applications and databases to identify and report vulnerabilities and security issues. Simulate real-world threats and help the organization improve its security posture and prevent malicious exploitation On the premises .

Responsibilities:
• Conduct vulnerability assessments using various tools and techniques to scan for open ports, weak passwords, outdated software and other potential risks.
• Plan, design and execute penetration tests using ethical hacking methods and tools to exploit vulnerabilities and test the effectiveness of existing security measures.
• Document and report the findings and recommendations of the penetration tests in a clear and concise manner to the system owner or administrator.
• Advised the on security best practices, such as implementing strong passwords, using encryption, keeping software up-to-date and following the principle of least privilege.
• Stay up-to-date on the latest security trends, threats and vulnerabilities to provide the most effective security testing services.

Skills/ Frameworks:
• Knowledge of common penetration testing tools and frameworks, such as Metasploit, Nmap, Burp Suite, Wireshark, etc.
• Knowledge of common hacking techniques and tactics, such as malware, phishing, SQL injection, cross-site scripting, denial-of-service, etc.
• Knowledge of common security standards and protocols, such as OWASP, NIST, PCI-DSS, ISO 27001, etc.
• Ability to think like an attacker and anticipate potential attack vectors and scenarios.
• Ability to communicate effectively with technical and non-technical audiences, both verbally and in writing.
• Ability to work independently or as part of a team, depending on the project requirements.
• Ability to adhere to ethical principles and professional codes of conduct.