ALI RIRACH
adc9of@r.postjobfree.com
Authorized to work in the US for any employer
Penetration Tester Internship
DjibSmart - Djibouti,
February 2019 to March 2019
•Performed host, network, and web application penetration tests
•Perform vulnerability assessments and penetration testing/ethical hacking using Web Inspect
•Performed network security analysis and risk management for designated systems
•Proposed remediation strategies for remediating system vulnerabilities
•Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, Kick off Brief, and Exit Brief templates • Documented detailed penetration test reports.
•Performed Web-application/Network/Port/Wireless Vulnerability scanning using metasploit and publicly available exploits. • Exploited web application vulnerabilities such as cross-site scripting, SQL injection, directory traversal, man-in-the-middle attacks, authentication bypass, and command injection
•Educated clients on best practice methodologies to harden their systems and minimize future attacks.
•Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems• Found common web site security issues.
•
U.S. Army
July 2016 to February 2017
University of North Dakota
Certificate:
OSCP and CEH in progress of obtaining
EC-Council
Bachelor's Degree in Psychology
Metropolitan State University 2018
Associate Degree
Community college of Denver
2017
•Database design
•Sql
•Firewalls
•Network security
•Networking
•Tcp/ip
•Security
•Wireless
•C++
•Cryptography
•Intrusion
•Malware
•Ids
•Network analysis
•Network monitoring
•Tcp
•Nosql
•Smart grid
•Uml
Rank: E3
Pen testing Skills:
Use ping utility to find the IP address of a target domain
Use ping utility to emulate the tracert (traceroute) command
Find the maximum frame size for the network
Extract accurate information about a network using Metasploit Framework.
Check live systems and open ports
Perform banner grabbing and OS fingerprinting
Identify network vulnerabilities
how to scan networks and enumerating system information
Perform a system and network scan
Enumerate user accounts
Execute remote penetration
Gather information about local network computers
Check live systems and open ports
Perform banner grabbing and OS fingerprinting
Identify network vulnerabilities
Draw network diagrams of vulnerable hosts
Extracting administrative passwords
Hiding files and extracting hidden files
Recovering passwords
Monitoring a system remotely
Creating and using different types of malware, such as Trojans, Viruses, and Worms, and exploiting a target machine as proof of concept
Detecting malware
Sniff the network
Analyze incoming and outgoing packets
Troubleshoot the network for performance
Secure the network from attacks
Perform Credential Harvesting
Perform a DoS attack by sending a large number of SYN packets continuously
Perform a HTTP flooding attack
Perform a DDoS attack
Detect and analyze DoS attack traffic
Intercept the Traffic between server and client
Install and configure Snort IDS
Detect Intruders using HoneyBot
Bypassing Windows Firewall Using Nmap
Bypassing Firewall Rules Using HTTP/FTP Tunneling
Bypassing Windows Firewall using Metasploit
Perform Web Server Security Reconnaissance
Detect unpatched security flaws like Shellshock bug
Crack remote passwords
Parameter tampering
Cross-Site Scripting (XSS)
Stored XSS
Username and Password Enumeration
Exploiting WordPress Plugin Vulnerabilities
Exploiting Remote Command Execution Vulnerability
Web Application Auditing Framework
Website Vulnerability Scanning
Understanding when and how web application connects to a database server in order to access data
Extracting basic SQL Injection flaws and vulnerabilities
Testing web applications for Blind SQL Injection vulnerabilities
Scanning web servers and analyzing the reports
Securing information in web applications and web servers
Analyze Wireless Network Traffic using Wireshark
Crack WEP using aircrack-ng
Crack WPA using aircrack-ng
Exploit the vulnerabilities in an Android device
Crack websites passwords
Use Android device to perform a DoS attack on a machine
Perform Security Assessment on an Android Device
Create User Accounts and assign user rights
Securing ownCloud from malicious file uploads using ClamAV
Bypassing ownCloud Antivirus and hacking the host using Kali Linux
Use encrypting/decrypting techniques
Generate Hashes and checksum files
KEY COMPETENCIES
•Multilingual: English, Arabic, Somali and French
•CPR Certified
•Computer Skills
Graduate Student:
Fall 2018:
Foundation of Cybersecurity
This course provides an overview and foundational understanding of concepts essential to the cybersecurity professional to evaluate best practices in implementing security systems within the enterprise. This course covers key bodies of knowledge in security, privacy, and compliance. Topics include security planning, risk management, security technologies, basic cryptography, digital forensics, application security, intrusion detection and prevention, physical security, and privacy issues.
Computer Networking
- Comprehensive overview of network security with a focus on methods for securing networks and utilizing these methods in basic architectural design. The methods are then applied to the design of a cohesive network security strategy. Topics include investigation of areas such as network analysis, perimeter defense strategies, network monitoring, vulnerability and intrusion detection, and security in mobile and wireless environments.
Security Architecture
-Security planning, risk management, security technologies, basic cryptography, digital forensics, application security, intrusion detection and prevention, physical security, and privacy issues. -Security architecture design in enterprise security. Structured approach to the steps and processes involved in developing comprehensive and layered security architectures. Evaluate the principles, attributes and processes used in designing and deploying architecture that supports the business objectives of an enterprise.
Springs 2019:
Communication Protocols
-Communication between computers and networks uses protocols.
This course introduces students to the OSI model and TCP/IP protocol stack. Functions of each layer in the network are explained and their security analyzed.
Apply Cryptography
-Modern cryptography algorithms are necessary for protection of data storage and communication streams from disclosure and manipulation of information to distrusted or malicious parties. The course explains the inner workings of cryptographic primitives and how to implement them. Assignments will be both theoretical and application based. Experience with C/ C++ programming is required
Summer 2019:
Introduction to smart grid
This course is an in-depth study of the ways in which information and communication technologies (ICT) are being deployed to modernize the electric energy infrastructure, i.e. "Smart Grid." In this course we will dene Smart Grid as the use of ICT (in combination with power electronics and policy) to make electricity cleaner, less costly, and more reliable.
Fall 2019:
Database Management Systems
Database concepts, database design (ER, UML), database programming languages (SQL), NoSQL Database, Database Concurrency and recovery techniques, and Database security.
Intrusion Detection Algorithms
With the increasing number of cyber-attacks, intrusion detection systems become crucial tools for detecting anomalies and enhancing computers and networks security. This course exposes students to the existing intrusion detection techniques and algorithms, including signature-based and anomaly-based approaches.
Cloud Computing
Course on cloud computing models, techniques and architectures. Cloud computing is an important computing model which enables information, software, and other shared resources to be provisioned over the network as services in an on-demand manner. This course introduces the current practices in cloud computing. Topics may include distributed computing models and technologies, Infrastructure-as-a-service (Iaas), Platform-as-a-Service (Paas), Software-as-a-Service (Saas), virtualization, performance and systems issues, capacity planning, disaster recovery, cloud OS, federated clouds, challenges in implementing clouds, data centers, hypervisor CPU and memory management and cloud hosted applications.
Advanced Software engineering
A study of current topics related to the design and implementation of large software systems. Potential topics include software testing and validation, programming environments, program metrics and complexity, design methodologies, software reliability and fault tolerance.