Ferry Nurqadar

Blog/ArticleContact Me

Experience Timeline

root@security:~/experience$INITIALIZING TIMELINE...

Penetration Testing Skills

root@security:~/pentest$ enumerate_capabilities --detailed

Web Attack Surface

Advanced Web Security Testing

Authentication Bypass
SQLi & NoSQLi
SSRF & XXE
OAuth Vulnerabilities
JWT Attacks
IDOR & Access Control
File Upload Vulnerabilities
RCE Techniques
Burp Suite
Dirsearch
Nuclei
SQLmap
Nmap
Metasploit
Custom Scripts

Mobile Security

Mobile Platform Security Assessment

Android
iOS
Static Code Analysis
Dynamic Runtime Testing
Binary Reverse Engineering
API Security Testing
Memory Analysis
Data Storage Security
Network Traffic Analysis
Certificate Pinning Bypass
MobSF
Frida
Objection
APKTool
Ghidra

Infrastructure

Network Attack Surface

Network Pivoting
Service Enumeration
Protocol Analysis
Traffic Manipulation
Wireless Assessment
VPN Security Testing
DNS Enumeration
Port Scanning
Nessus
Wireshark
TCPDump
Nmap
Aircrack-ng
Responder

Red Team Ops

Adversary Simulation

C2 Infrastructure
Evasion Techniques
Post Exploitation
Lateral Movement
Active Directory Attacks
Privilege Escalation
Defense Evasion
Persistence Mechanisms
Cobalt Strike
Empire
Covenant
BloodHound
Mimikatz
PowerSploit
Custom C2 Framework
Advanced Tooling

Social Engineering

Human Attack Vector Analysis

Payload Development
Campaign Design
Behavioral Analysis
Target Research
Gophish
SniperPhish

Security Projects

root@security:~/project$ verify_project --all
RED TEAM TOOL

WeakSweet

Scans a list of IP addresses for weak SSH algorithms and vulnerabilities related to the SWEET32 attack.

PythonJavaScriptSQLiteDocker
Weak SSH algorithms
SWEET32 vulnerabilities
Repository
RECON TOOL

NmapSentinel

Enhanced Nmap automation tool with advanced reporting capabilities

PythonNmapXMLJSON
Automated Scanning
Custom Report Generation
Service Detection
Vulnerability Mapping
Repository
SECURITY TOOLKIT

SecuToolbox

Security testing toolkit with multiple assessment modules

PythonBashDockerREST APIs
Port Scanning
Directory Enumeration
SSL Analysis
DNS Reconnaissance
Repository
INTELLIGENCE TOOL

VulnSync

Vulnerability database synchronization and management system

PythonPostgreSQLRESTful APIDocker
CVE Database Sync
Custom Vulnerability Tracking
Risk Assessment
Patch Management
Repository
MOBILE SECURITY

ADB_Frida

Android application security testing framework using Frida

PythonFridaADBJavaScript
Runtime Analysis
API Hooking
SSL Pinning Bypass
Native Library Analysis
Repository
SECURITY RESEARCH

TryHackMe Writeups

Detailed walkthrough and solutions for TryHackMe rooms and challenges

LinuxPenetration TestingWeb SecurityForensics
Room Solutions
Attack Methodologies
Vulnerability Analysis
Exploitation Techniques
Repository
BLUE TEAM

LetsDefend SOC

Documentation and analysis of SOC analyst challenges and incident response

SIEMIncident ResponseThreat HuntingLog Analysis
Incident Analysis
Threat Detection
Alert Investigation
Response Procedures
Repository

Security Clearance

root@security:authenticate_credentials --all

Mobile Security

Clearance: Level 5

CMPen-IOS

PRO

Certified Mobile Pentester (CMPen) - iOS

Issuer
iOS Runtime Analysis
iOS Application Reversing
iOS Security Architecture
iOS Exploit Development
VERIFIED
Certificate ID: 9639185

CMPen-Android

PRO

Certified Mobile Pentester (CMPen) - Android

Issuer
Android Malware Analysis
Android Runtime Manipulation
Application Component Security
Android Exploit Creation
VERIFIED
Certificate ID: 9627226

Network & Infrastructure Security

Clearance: Level 5

CNSP

PRAC

Certified Network Security Practitioner

Issuer
Network Infrastructure Security
Vulnerability Assessment
Penetration Testing Methodology
Network Defense Strategies
Security Compliance & Audit
VERIFIED
Certificate ID: 9618691

NSE 3

ASSOC

Fortinet Network Security Associate

Issuer
Network Security Solutions
Zero Trust Access
Secure SD-WAN
Dynamic Cloud Security
VERIFIED
Certificate ID: Gxy3cyBqkh

NSE 2

ASSOC

Fortinet Network Security Associate

Issuer
Evolution of Cybersecurity
Security Products & Solutions
Security Tools & Controls
FortiGate Basics
VERIFIED
Certificate ID: WBDE1dTMss

NSE 1

ASSOC

Fortinet Network Security Associate

Issuer
Information Security Awareness
Network Security Concepts
Cloud Security Basics
Threat Landscape
VERIFIED
Certificate ID: WCzwdXvkB3

Web Security

Clearance: Level 5

EHE

ESS

Ethical Hacking Essentials

Issuer
Information Security Fundamentals
Web Application Security
Network Security Basics
System Hacking Essentials
VERIFIED
Certificate ID: 247370

Secure Communications

root@security:~$INITIALIZING SECURE PROTOCOLS