offline

Adam Zabrocki

Security Consultant, pentester, M.Sc., Eng.

Miejscowość:: Londyn, zagranica

Strona www:: Homepage

Branże:: Informatyka/Administracja; Informatyka/Programowanie; Telekomunikacja

Podsumowanie zawodowe:: Security Consultant, pentester and bughunter focused on Operating Systems. Increasing knowledge in Web applications security (client and server side). Reverse engineer and rootkits/virus analyser.

Zobacz pełny profil

Doświadczenie i referencje

Firma:: Cigital (od 2011-11)

Stanowisko:: Security Consultant

Obowiązki:: As a Security Consultant at Cigital, I'm currently working at a large financial institution as part of the Application Security Architecture team. Working on many different projects alongside the development teams within the organization to ensure security is thought about at the requirements stage of the SDLC. Then I work with the development team throughout the development, testing and deployment phase to ensure the application is secure.
*) Experience with conducting application security design reviews on applications at a coding level and the architectural level.
*) Communicating with the development leads and business representatives within the organization to find a secure solution that meets the Firm’s policies.
*) Developing security reviews which highlight the systems functionality, its security and any risks introducing the system may pose to the firm.

Firma:: The ERESI Reverse Engineering Software Interface (od 2007-07)

Stanowisko:: Developer

Obowiązki:: I'm developer responsible for supporting MIPS architecture. I'm supporting the smart disassembling engine that gives both syntactic and semantic attributes to instructions and their operands (libasm) and the control flow analysis and fingerprinting library (libmjollnijr).

Firma:: European Organization for Nuclear Research (CERN) (od 2011-03 do 2011-08)

Stanowisko:: User Office

Obowiązki:: I am responsible for create, design and write own project – Rootkit detector for kernel 2.6 (32 and 64 bits). This detector can find any kernel rootkit including Phalanx (not public rootkit – all versions), and Debug Register rootkits. It has self-defence code based on Debug Register features which implies almost impossible to bypass for now.

Firma:: Wroclaw Centre for Networking and Supercomputing (od 2010-09 do 2011-03)

Stanowisko:: Security expert

Obowiązki:: I was responsible for doing security testing and code review. Analysis techniques for attacks and defence ways on PL-GRID project - Polish Infrastructure for Supporting Computational Science in the European Research Space.

Firma:: European Organization for Nuclear Research (CERN) (od 2009-11 do 2010-09)

Stanowisko:: Technical Student

Obowiązki:: Cooperating with CERN computer security department (Reverse Engeneering). Create and developing own project - framework used for automatic generating Unit, Functionality and Regression tests (Master of Degree thesis topic) using fuzzing technique. Writing tests for DPM, LFC and RFIO software used in Large Hadron Collider (LHC) project.

Firma:: SecDay 2009 (od 2009-09 do 2009-09)

Stanowisko:: Lecturer

Obowiązki:: I gave a lecture about: “Unusual bugs” - essence of bughunting.

Firma:: Forum Informatyki Sledczej 2009 (computer's forensic forum) (od 2009-07 do 2009-07)

Stanowisko:: Lecturer

Obowiązki:: I gave a lecture about: “Invisible hacking in practice” - bypassing IDS/IPS, firewalls and other security analysers.

Firma:: HISPASEC (od 2009-03 do 2010-03)

Stanowisko:: Security expert

Obowiązki:: I was responsible for doing pentests (blackbox testing), auditing code (whitebox testing), bughunting in opensource software and reverse engineering malware.

Firma:: Sysday 2009 (od 2009-03 do 2009-03)

Stanowisko:: Lecturer

Obowiązki:: I gave a lecture about: “IP spoofing is still alive” - presenting own program which implement IP Hijacking attack which is still possible (new attack).

Firma:: Wrocław University of Technology (od 2009-03 do 2009-06)

Stanowisko:: Security expert

Obowiązki:: Project “New IT technologies for the electronic economy and
information society based on the SOA paradigm” Research Area 7-6 “Security evaluation of SOA and SOKU systems” https://www.soa.edu.pl/

Firma:: Sekit 2008 (od 2008-09 do 2008-09)

Stanowisko:: Lecturer

Obowiązki:: I gave a lecture about: “Hacking Linux systems on x86 architecture”.

Firma:: AVET Information and Network Security (od 2008-07 do 2009-03)

Stanowisko:: Security expert

Obowiązki:: I was responsible for doing pentests in banking systems - blackbox testing, auditing code (whitebox testing), bughunting.

Firma:: XploiT magazine (od 2008-01 do 2008-01)

Stanowisko:: Author of the article

Obowiązki:: Publish article “Remote DoS attacks for Windows Vista/XP” in XploiT magazine

Firma:: Confidence 2007 (od 2007-05 do 2007-05)

Stanowisko:: Lecturer

Obowiązki:: I gave a lecture about: “Shellcodes for MIPS architecture on IRIX systems”.

Firma:: Wroclaw Centre for Networking and Supercomputing (od 2005-11 do 2006-07)

Stanowisko:: Security expert

Obowiązki:: I was responsible for doing security testing and code review. IT security consultant. Analysis techniques for attacks and defence ways for ClusteriX project.

Firma:: Mercedes-Benz (od 2005-06 do 2005-08)

Stanowisko:: Security expert and administrator

Obowiązki:: I was responsible for setup and full secure one of the main
computable server in south western Poland.

Firma:: RKL Inkasso Polska (od 2005-02 do 2006-10)

Stanowisko:: Security expert and administrator

Obowiązki:: I was responsible for setup, full secure and take care about all servers in the company. Recovery data from formated disks.

Firma:: Lawyer office (od 2004-11 do 2006-01)

Stanowisko:: Security expert and administrator

Obowiązki:: I was responsible for setup, full secure and take care about all servers in the office. Recovery data from formated disks.

Firma:: iDEFENSE Labs (od 2004-01 do 2004-01)

Stanowisko:: Remote security expert

Obowiązki:: I was remote security expert (bughunter – code review) for Security and Vulnerability Research Labs.

Edukacja

Uczelnia:: Politechnika Wrocławska (2008-10 - 2011-06)

Zobacz stronę uczelni »

Kierunek:: Pedagogical Course at Wroclaw University of Technology

Poziom studiów:: studia podyplomowe

Uczelnia:: Politechnika Wrocławska (2005-10 - 2011-09)

Zobacz stronę uczelni »

Kierunek:: Computer Science

Poziom studiów:: magisterskie

Uczelnia:: Politechnika Wrocławska (od 2004-10)

Zobacz stronę uczelni »

Kierunek:: Electronics and Telecommunication at Wroclaw University of Technology

Poziom studiów:: inżynierskie

Informacje dodatkowe

Przebyte kursy:: + “Szkolny klub przedsiebiorczosci” (School
Entrepreneurship Club) – project supported by Polish
National Bank (NBP)
+ Final of Information Technology Competition in WSB-NLU
in Nowy Sacz.

Języki:: + Polish (native)
+ English (intermediate)
+ French (beginner)
+ Russian (intermediate)
+ Bielarussian (intermediate)

Hobby:: + Computer security – methods of cracking systems
and preventing computer attacks.
+ Biblical studies – in any form, including exegesis.
+ Classical music – formerly playing the piano
+ Psychology – cause-consequence correlations