Austin James Hudson
Orlando, FL, 32817 - email@example.com
I am seeking a position that can utilize my expertise as a Red Team Operator who specializes in Offensive Tool Development and Security Research for offensive and defensive use. My dream job would be building tools and developing research to enhance my organization’s capabilities.
Summary of Qualifications
Professional Security Consultant and C programmer, focused on researching and replicating various threats, with a strong desire to expand my knowledge of information technology concepts.
- Familiarized myself with various Apache/Nginx options to design “Secure” redirectors for the command and control infrastructure to minimize the damage during an IR investigation.
- Familiarized leveraging various unknown feature sets in SQL servers ( MSSQL / MYSQL / POSTGRES ) to achieve code execution such as using Impacket with MSSQL to execute shellcode directly in the MSSQL Server to get code execution in extremely restrictive environments through the usage of Custom CLR(s).
- Active Directory Exploitation and abusing Active Directory misconfigurations and default config issues that could result in privilege esecalation or hash dumping.
- Exploit Development (Memory Corruption, Stack Overflows, Heap Overflows, Use-After-Frees)
- Programming (C, C++, PowerShell, C#, Ruby, Python, X86/X64 Assembly, VBS)
- Extreme familiarity with developing ‘evasive’ techniques as described by MITRE and as well conducting various research to improve existing concepts and standards to further the offensive security space.
- IoT / embedded device exploitation concepts ( JTAG / SPI )
- Familarity with developing UEFI modules and exploiting the flaws within the UEFI ecosystem.
- Security Researcher at GuidePoint Security - January 2023 - Present
- Developed advanced capabilities to replicate APT’s (Advanced Persistent Threat) tools and techniques in order to test our clients systems against a sophisticated adversary. I have constructed a “stage 0” C2 here, which is used to pivot into commercial networks. Our red team operators are predominantly familiar with Cobalt Strike, so as a solution to the various detections for the well-known framework I constructed the FOLIAGE and TITAN projects to hinder EDR’s from detecting Cobalt Strike during an operation. These techniques have been credited in almost every public offensive tool that performs an encrypted at rest memory scheme (ex: Havoc, Cobalt Strike, AceLdr). I also have discovered techniques to escalate from Administrator to the Windows Kernel without the usage of a driver (ANGRYORCHARD), which can make our toolset extremely evasive. Another method in which I was able to transition into the kernel is through exploiting the UEFI Bootloader, which allows for persistence even if the host operating system is re-installed. Furthermore, I studied various methods of attempting to break BitLocker on its default configuration with poorly designed firmware through the use of PCIe and a malicious UEFI hook as can be seen here. Furthermore, I’ve experimented recently with trying to defeat detections based on Copy-On-Write and Shared pages with infamous memory scanners such as Pe-Seive & Moneta here
- Security Consultant at GuidePoint Security - June 2019 - January 2023
- Worked alongside various colleages as well as conducted solo operations on various Internal, External, and “Red-Team” simulated engagements to help further client defenses and secure external resources from malicious attackers.
- Hobbyist Exploit Development - March 2014 - Present
- Spent two years learning the basics in various flaws such as stack overflows, memory corruptions, & heap overflows
- Taught myself on learning to leverage Windows components for privilege escalation (DLL-hijacking/COM Hijacking, etc.)
- Built Proof-of-Concepts for various flaws which are currently incorporated into the Metasploit Framework targeting embedded devices like Cisco ASA & IOS, as well as Microsoft Word Memory RTF flaws.
- Programming - March 2012 - Present
- Taught myself a few programming languages that I am currently proficient in such as C/C++, PowerShell, C#, Python, Ruby, VBS, in addition to 32-bit (x86) and 64-bit (x64) Assembly.
- Systems Administration
- Able to actively work with the command line of both a Unix terminal, Windows Command Prompt & Windows PowerShell
- Able to configure/utilize various database related-services such as MySQL, MSSQL, PostgreSQL and SQLite
- Able to configure/utilize various HTTP-server components such as Nginx & Apache
- Simulated Offensive Operations
- Occasionally compete in Hack-The-Box Capture-The-Flag challenges targeting Windows, Linux, and Other (Fedora, SunOS)
- Competed previously in RastaLabs Active Directory Lab with 75% completion.
- Competed in Hack-The-Box’s Offshore, was able to achieve DA on the two initial Domain Controllers & acquire first place within the first initial week.
- Played in both root-me’s BlueBox Active Directory Challenges
- Developed bypasses/expanded upon existing exploits/techniques for evasive purposes.
- Web Development - March 2017 - November 2017
- Self-Hosted - Orlando, FL
- Worked as a freelance “web developer”, in addition to providing Server Administration/Web Hosting related services.
- High School Diploma , University High School, Orlando FL May 2019
- HackTheBox - Created autopwn scripts in Python to compromise many machines with zero interaction, performing both the initial foothold and privilege escalation automatically.
Triangle InfoSeCon 2019 - StormCTF, Assistant Designer December 2018 - October 2019 Robert Martin
- Participated in the conceptual design, and administration of Storm CTF for InfoSeCon 2019
- Performed black box tests in the environment before and during the competition to validate accuracy of each challenge in three different categories: Networking, Cryptography and Miscellaneous
- Assisted competitors with technical issues
- Assisted students in the learner’s section with methodologies in offensive security
- Offensive Security Certified Professional. OSCP
Professional Work Cited:
- Defcon, Presented by Kyle Avery. Avoiding Memory Scanners: Customizing Malware to Evade Yara, PE-Seive, and More
- BlackHat Asia, Presented by Gabriel Landau. PPLdump Is Dead. Long Live PPLdump!