Morgan

Offensive Security Expert

Anonymous • ZZP

Jan 2020 - Present • 6 yrs 4 mos

Offensive Security Expert / Web & Mobile Application Penetration Tester 6+ years (2019 – Present) As an Offensive Security Specialist, I conduct authorized, real-world simulated attacks to identify and exploit vulnerabilities in web applications, mobile apps (Android/iOS), APIs (REST/GraphQL), and related infrastructure — helping clients strengthen defenses before malicious actors can strike. Key responsibilities and achievements: Led manual and hybrid penetration tests on 50+ client projects, uncovering critical and high-severity issues (SQL Injection, XSS, IDOR, SSRF, broken authentication, insecure data storage, improper platform usage) using methodologies like OWASP Top 10, OWASP Mobile Top 10, PTES, and NIST. Performed black-box, gray-box, and white-box testing, chaining exploits to demonstrate real business impact, including post-exploitation scenarios (where scoped and permitted). Delivered detailed, professional penetration test reports with executive summaries, CVSS-scored findings, proof-of-concept screenshots, reproduction steps, business risk analysis, and prioritized remediation guidance — enabling development teams to fix issues efficiently. Specialized in API security testing and mobile app reverse engineering risks, identifying data leakage, weak cryptography, and insecure configurations. Maintained strict ethical standards: Obtained explicit client authorization, defined clear rules of engagement, and ensured non-destructive testing to avoid any operational disruption. Stayed current with evolving threats through continuous research, tool mastery (Burp Suite, Metasploit, Nmap, Wireshark, Frida, MobSF, etc.), and hands-on labs.