Darix Deros (KNX)
Red Team & Offensive Security
Malware Dev and Analysis
Low Level Hacking

Introduces to computing at age 6 with a Spectrum 48k plus. Passionate about computer security for as long as I can remember.
Specialized on Adversary Simulation (AD) and Low Level Hacking topics (Binary exploitation, malware development userland and kernel, reverse engineering, malware analysis).
As a hobby I participate in CTF (also qualifying in the top 10 worldwide) and collect industry certifications :)

Exploit Development

Offensive Security Exploit Developer

OffSec Exploit Developers (OSEDs) have the skills and expertise necessary to write their own shellcode and create custom exploits from scratch. They can use these exploits to reverse-engineer bugs and bypass common Windows security mitigations.

OSEDs can:
* Bypass basic security mitigations such as DEP and ASLR
* Exploit format string specifiers
* Find bugs in binary applications to create custom exploits

They are able to adapt older exploitation techniques to more modern versions of Windows and execute them at a higher level than an OSCP. The OSED certification is one part of the updated, three-part OSCE cert.

Verify certification

Exploit Development

eLearnSecurity Certified Exploit Developer

eCXD is an eLearnSecurity Certified eXploit Developer certification from eLearnSecurity. The purpose of the course is to learn Windows and Linux binary exploitation such as buffer overflow, DEP bypass, Ret-to-libc.

Verify certification

Exploit Development

Offensive Security Certified Expert

OSCEs have expert-level penetration testing skills. They have proven that they can craft their own exploits, execute attacks to compromise systems, and gain administrative access. The intense 48-hour exam also demonstrates that OSCEs have an above-average degree of persistence, determination, and ability to perform under pressure.

They can:
* Debug Windows binaries
* Work through encoding issues and space restrictions while crafting exploits
* Understand PE structure to learn techniques that backdoor executables and bypass AV
* Use creative and lateral thinking to achieve an expanded view of standard vectors
* Think outside the box to determine innovative ways of penetrating internal networks

An OSCE also has familiarity with more advanced protections like ASLR.

Verify certification

Red Team

Offensive Security Experienced Penetration Tester

OffSec Experienced Penetration Testers (OSEPs) have the skills and expertise necessary to conduct penetration tests against hardened systems. They’ve proven their ability to identify more impactful intrusion opportunties and execute advanced, organized attacks in a controlled and focused manner.

OSEPs can:
* Bypass security defenses
* Perform advanced attacks while avoiding detection
* Compromise systems configured with security in mind

They are able to assess systems and execute penetration tests at a higher level than an OSCP. The OSEP certification is one part of the updated, three-part OSCE cert.

Verify certification

Red Team

Active Directory Certificate Service Attacks

The Certified Enterprise Security Professional - AD CS (CESP - ADCS) is a fully hands-on certification.
To be certified, a student needs to solve an exam lab that contains fully patched Active Directory Certificate Services environment with fully patched Server 2022 machines within 24 hours. The certification challenges a student to compromise Active Directory Certificate Services by abusing misconfigurations, default settings, features and functionalities without relying on patchable exploits.

A certification holder has demonstrated the skills to understand and assess security of an AD CS environment. A non-exhaustive list of skills:

- AD CS Enumeration
- Stealing Certificates using Windows Crypto APIs, DPAPI, User store, Machine store and disk.
- Domain Privilege Escalation by abusing settings and misconfigurations like Enrollee Supplies Subject, Enrollment Agent EKUs, Overly permissive ACLs on Certificate Templates and CA, Abusing CA Roles, Relaying to HTTP Endpoints and more.
- Machine and User Persistence by requesting and renewing certificates
- Domain Persistence using Forged certificates, Stolen Trusted Root certificates and more.
- Abusing SSH CA Signers on Linux machines for Lateral Movement
- Abusing VPN with Certificate-based authentication to pivot to different networks.
- Pivoting to Azure by abusing Azure AD CBA.

Verify certification

Red Team

Certified Enterprise Security Controls Attack Specialist

Certified Enterprise Security Controls Attack Specialist Badge is earned by completing the CyberWarFare Labs CESC-AS Course and successfully passing 24 hours hands-on practical examination in Simulated enterprise environment with well equipped defensive controls.

The holder of Enterprise Security Controls Attack Specialist [CESC-AS] Certificate possess the capability of the following demanding skills :

1) Knowledge of Red Team Methodologies in Enterprise Environments
2) Planning & executing an organized sophisticated attack
3) Leveraging in-memory implants & enterprise security solutions
4) Bypassing Security Controls deployed with Host& Network
5) Custom exploit writing based on variety of scenarios
6) Perform stealth operations under monitored or hardened environment
7) Bypassing AV, EDR & network-level restrictions

Verify certification

Red Team

Certified Red Team Professional

The Certified Red Team Professional (CRTP) is a completely hands-on certification. To be certified, a student must solve practical and realistic challenges in our fully patched Windows infrastructure labs containing multiple Active Directory domains and forests with Server 2022 and above machines within 24 hours and submit a report. The certification challenges a student to compromise Active Directory by abusing features and functionalities without relying on patchable exploits.

A certification holder has demonstrated the skills to understand and assess security of an Active Directory environment. A non-exhaustive list of skills:

- Active Directory Enumeration
- Local Privilege Escalation
- Domain Privilege Escalation using Kerberoast, Kerberos delegation, Abusing protected groups, abusing enterprise applications and more.
- Domain Persistence and Dominance using Golden and Silver ticket, Skeleton key, DSRM abuse, AdminSDHolder, DCSync, ACLs abuse, host security descriptors and more.
- Forest privilege escalation using cross trust attacks.
- Inter-forest trust attacks

Verify certification


Zero-Point Security Certified Red Team Operator

Holders of the Red Team Operator badge have demonstrated their knowledge of adversary simulation, command & control, engagement planning and time management. They can perform each stage of an attack lifecycle from initial compromise, to full domain takeover, data hunting, and exfiltration; whilst being aware of OPSEC concerns and bypassing defences.

Verify certification

Penetration Test

Offensive Security Certified Professional

An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. They can:

* Use information gathering techniques to identify and enumerate targets running various operating systems and services
* Write scripts and tools to aid in the penetration testing process
* Analyze, correct, modify, cross-compile, and port public exploit code
* Conduct remote, local privilege escalation, and client-side attacks
* Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications
* Leverage tunneling techniques to pivot between networks

OSCP holders have also shown they can think outside the box while managing both time and resources.

Verify certification

Penetration Test

eLearnSecurity Certified Professional Penetration Tester

eCPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professional in all the seven continents.

The eCPPT assesses and certifies your skills in the following areas:
* Penetration testing processes and methodologies, against Windows and Linux targets
* Vulnerability Assessment of Networks
* Vulnerability Assessment of Web Applications
* Advanced Exploitation with Metasploit
* Performing Attacks in Pivoting
* Web application Manual exploitation
* Information Gathering and Reconnaissance
* Scanning and Profiling the target
* Privilege escalation and Persistence
* Exploit Development
* Advanced Reporting skills and Remediation

Verify certification

Penetration Test

Metasploit Framework Expert

The SecurityTube Metasploit Framework Expert (SMFE) is an online certification on the Metasploit Framework. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios.

A brief list of topics to be covered in this course includes:
* Metasploit Basics and Framework Organization
* Server and Client Side Exploitation
* Meterpreter - Extensions and Scripting
* Database Integration and Automated Exploitation
* Post Exploitation Kung-Fu - Exploring the system, Privilege escalation, Log deletion and AV / Firewall bypass
* Token stealing and impersonation, Backdoors and Rootkits, Pivoting and Port forwarding, Railgun and Custom Scripting, Backdoor an Executable
* Ruby Primer for Hackers
* Writing Metasploit Modules - Auxiliary and Exploit
* Exploit research with Metasploit- Buffer Overlows, SEH, DEP Bypass, Return Oriented Programming

Web Hacking

Javascript for Pentesters

Javascript for pentesters is a highly professionalizing course that, in the context of Web attacks, focuses attention on clientside attacks by abusing the browser.

The main focus is on the various possibilities for an attacker to carry out even complex attacks and discover the hidden world behind a simple XSS.

Secutity Analyst

OSSTMM Professional Security Analyst

The OPSA is a technical, skills-based certification designed to accredit professional security analysts.

That's enough for now.