Ethical Hacking + Pentesting
Safe, Non-Destructive Security Testing
Real World Threat Acting & Attack Simulations
Compliance Support
NIST CSF
PCI-DSS
HIPAA
& more
I abide by local & national laws. I always obtain written permission before testing begins.
Recognized by U.S. Department of Defense, Fulfilling CyberSecurity Directive 8570
I have completed the OffSec PEN-200 course and currently preparing to take the OSCP certification exam.
Red Team Engagements
Full-spectrum adversarial simulation across digital, wireless, and physical domains.
A Red Team Engagement is a comprehensive emulation of advanced threat actor behavior. It is tailored to the client’s environment and executed with precision across multiple phases. This is not a checklist—it’s a dynamic, adaptive operation designed to test detection, response, and resilience.
Modules from The Playbook may be incorporated if applicable. Their inclusion is determined by relevance to the target infrastructure and engagement scope.
Strategies
White Box Testing | Full Knowledge
- Full knowledge of Client’s Assets (Infrastructure, Network, & Systems)
- Any applicable support resources are given to Pentester (Ryan)
Grey Box Testing | Partial Knowledge
- Some knowledge of the Client’s Assets
- Good for simulating an insider attack
Black Box Testing | No Knowledge
- No prior knowledge of the Client’s Assets
- Simulates Attack from the outsider’s perspective
Methodology
Plan & Scope
Engagement begins with a direct dialogue to define the adversarial landscape: Client Objectives, Operational Constraints, Budget Parameters, and Rules of Engagement.
Vulnerability Identification
I deploy Open Source Intelligence (OSINT), Active Scanning, Enumeration, and Packet Inspection to extract actionable intelligence. Every technique is selected based on the engagement’s tactical profile.
The toolkit is modular and adaptive, curated per scope.
Whether targeting exposed services, misconfigured endpoints, or wireless infrastructure, every move is calibrated to identify viable vulnerabilities to be used for exploitation paths.
Attack & Exploit
Once viable vulnerabilities are confirmed and scoped, Exploitation begins. I execute targeted payloads, privilege escalations, lateral movements, and physical/digital compromise attempts.
The full attack chronology, including failed attempts and bypass logic, is delivered in the final Operator Report for post-engagement analysis.
Report
At the conclusion of the engagement, a written report is provided detailing all findings, including an overall risk score and a breakdown of each exploit path and vulnerability.
The report is reviewed verbally with the client to ensure technical details are clearly understood among both parties. This walkthrough helps establish an understanding of the organization’s current risk posture and outlines a prioritized remediation plan based on impact and exploitability.
The Playbook
Standalone adversarial tactics. Select, deploy, and validate.
The Playbook is a curated set of tactical modules—each one representing a specific threat action that can be executed independently or chained into a broader operation.
Antivirus/EDR Bypass
Simulates adversary behavior designed to evade endpoint protection systems and execute malicious code without detection.
Multi-Factor Authentication Bypass
Tests the resilience of MFA implementations by attempting to circumvent or manipulate authentication flows. Vishing may be used.
Phishing Operations
Delivers crafted messages intended to elicit user interaction, credential submission, or payload execution.
Payload Delivery
Deploys executable code or implants into target environments using various delivery mechanisms.
Credential Access
Identifies and extracts authentication material from systems, applications, or memory for use in further compromise.
Lateral Movement
Simulates adversary pivoting across internal systems to expand access and reach sensitive assets.
Privilege Escalation
Attempts to elevate access rights within a system or domain to gain administrative control.
Physical Intrusion
Evaluates physical security controls by simulating unauthorized entry or access to restricted areas.
Wireless Exploitation
Targets wireless infrastructure to assess exposure, trust boundaries, and potential entry points.
Detection Evasion
Executes actions designed to avoid triggering alerts or logging mechanisms within the target environment.
Web App Security Testing
OWASP Top 10:
Injection, Broken Auth, Sensitive Data Exposure, XML External Entities XXE, Broken Access Control, Security Misconfiguration, XSS, Insecure Deserialization, Components with Known Vulnerabilities, Insufficient Logging and Monitoring
Compliance Based Testing
HIPAA classified information needs to be encrypted in transit and at rest
Social Engineering
People are the #1 weakness when it comes to Cyber Security. Social Engineering / People Hacking, is a great way to find out who needs security awareness training & retraining
SQL Database Testing
SQL Injection is the top vulnerability found in web applications and can have some serious consequences
Safe Phishing Campaigns
Awareness for your Teams and Workforce. Safely audit staff security awareness through phishing emulations
WiFi Threat Analysis
Unfortunately many Wifi AP’s are vulnerable to MITM Attacks, Deauth, and snooping
What is Pentesting? (Penetration Testing)
Penetration Testing & Ethical Hacking is security focused testing of computer systems, networks, applications, & people. These tests are performed by security professionals following a methodology. Here at iCyberAttack!, I follow what is known as the Pentest Methodology, though other Methods exist as well.
The CIA Triad of Security
Confidentiality
Only the Authorized entity(s) can view the information
Integrity
Data remains unchanged, keeping the original representation of the Data accurate
Availability
The Data is accessible to those Authorized at all times
A A A
Authentication
Who are you?
– Verifies the identity of a user or device.
– Common methods include passwords, biometrics, tokens, and certificates.
– Ensures only legitimate users gain access to the system.
Authorization
What are you allowed to do?
– Determines what resources or actions a user is permitted to access.
– Based on roles, policies, or attributes (e.g., admin vs. guest).
– Prevents unauthorized access to sensitive data or functions.
Accounting
What did you do?
– Tracks user activities and resource usage.
– Logs access times, commands executed, data transferred, etc.
– Supports auditing, compliance, and forensic investigations.
Have you been hacked?
CRIME & CRIMINAL PROCEDURE
Hacking is covered under United States Code, Title 18, Chapter 47, Sections 1029 and 1030 (Crimes and Criminal Procedure)
§1029 | Fraud & related activity w/ access devices
● Prosecute those who knowingly and with intent to defraud, produce, use, or traffic in one or more counterfeit access devices.
● Access devices can be an application or hardware that is created specifically to generate any type of access credentials
§1030 | Fraud and related activity with computers
● Covers just about any computer or device connected to a network
● Mandates penalties for anyone who accesses a computer in an unauthorized manner or exceeds one’s access rights
● Can be used to prosecute employees using capability and accesses provided by their company to conduct fraudulent activity