4. Security & Compliance

Conducts security reconnaissance including OSINT, subdomain enumeration, and port scanning to map attack surfaces for penetration testing.

Performs mobile app security testing for Android/iOS, including APK analysis, SSL pinning bypass, and root/jailbreak detection evasion.

Performs Windows privilege escalation using service misconfigurations, DLL hijacking, token manipulation, and UAC bypasses for post-exploitation.

Conducts social engineering assessments including phishing campaigns, credential harvesting, and pretexting using tools like Gophish and SET for red team engagements.

Performs penetration testing on Active Directory environments using Kerberos attacks, credential dumping, and BloodHound analysis to identify security weaknesses.

Performs wireless network penetration testing including WPA/WPA2 cracking, WPS exploitation, and Evil Twin attacks for security assessments.

Performs Linux privilege escalation via SUID/SGID, sudo misconfigurations, kernel exploits, and container escapes for security testing.

Enables container security testing via Docker escape, Kubernetes cluster exploitation, and misconfiguration abuse for penetration testing.

Performs security vulnerability testing on web applications, including OWASP Top 10 flaws such as SQLi, XSS, and JWT attacks.

Establishes long-term system access via registry, cron, SSH, and backdoors for post-exploitation activities.

Executes password cracking via hashcat/john, password spraying, brute force, and pass-the-hash attacks for authorized security testing.

Performs security testing by enumerating and exploiting network services including SMB, SSH, FTP, and databases for vulnerability assessment.

Performs security audits and vulnerability exploitation on smart contracts and Web3 applications to identify critical flaws such as reentrancy and access control issues.

Enables secure file transfer between systems using HTTP, SMB, FTP, netcat, and base64 encoding for security operations and data exfiltration.

Identifies and exploits cloud misconfigurations in AWS, Azure, and GCP for security testing and assessment.

Enforces secure coding practices to prevent common vulnerabilities like RCE and SQL injection in user input and database operations.

Automates security code review for sensitive areas (auth, crypto, SQL) using OpenAI Codex to identify potential vulnerabilities.

Verifies regulatory compliance and provides actionable improvement suggestions to meet organizational standards.

Generates a compliance checklist for excavation reports to ensure adherence to National Heritage Agency regulations.

Manages authentication flows, mock security, and environment validation for Laravel Sanctum and Next.js applications.

Enables comprehensive tracking of admin actions with detailed logs including user ID, IP, and entity changes for security monitoring and compliance purposes.

Enables role-based access control (RBAC) with middleware to authorize endpoints based on user roles (admin, lead, member).

Sets up secure authentication with JWT, bcrypt password hashing, refresh tokens, account lockout, and password reset flow.

Ensures web content meets WCAG 2.1 AA standards through ARIA, keyboard navigation, screen reader compatibility, and color contrast adjustments.