Welcome to my new blog!  The intent of this page is to post on security issues that I’m researching or witness during penetration testing engagements.  I hope this page will serve as a reference for other penetration testers as well as system administrators (as I will often propose mitigation strategies for issues presented).  Please feel free to leave any constructive feedback as I begin posting.

About Me:

I’m an penetration tester who got his start as a government employee working for the Department of Defense (DOD) in a five-sided building.  During this time, I got hands-on experience building, growing and “selling” proactive security services (IT Auditing, Penetration Testing, Software Assurance)  to a variety of DOD customers that utilized our network.  While this work was centered around the management of these programs (as is the life of a IT government employee), I began to thoroughly understand the underlying security methodologies utilized, from checklist-based compliance auditing through highly-technical security assessments and penetration tests.  I had the pleasure of working with very talented security folks, some of which are leaders in their respective areas.

Slowly but surely, my technical competency built up as I snuck in hands-on experience, working on projects for my programs.  In 2014, I decided that enough was enough, and that I wanted to graduate from managing security programs to actually banging on the keyboard and becoming a penetration tester.  I sat for and passed my Offensive Security Certified Professional (OSCP) in February 2015, after four grueling months slaving away in the Penetration Testing with Kali (PWK) labs.

I ended up leaving government service and now I work full-time as a penetration testing consultant.  Hopefully, you enjoy the journey through this blog as much as I enjoy writing it!

  • Mr O

    Looks like a good start to your blog. I am curious to read about fun misconfigurations you come across.

  • rb

    Jonathan

    Great blog.
    Congrats for achieving OSCP.
    Especially, ” Well, That Escalated Quickly…Common Windows Privilege Escalation Vectors ” helped me exploiting one of the lab m/c.

    I am into my OSCP journey and have a small query about the exam. Can we converse offline?

    thanks,

    rb