Smeet Patel

Rochester Hills, MI 48307 · (248) 770-8355 · mail@smeetpatel.com

Penetration Tester with 3 years of hands-on experience, specializing in Active Directory, cloud services, and PKI vulnerabilities. Expert in crafting custom tools and employing advanced C2 frameworks for comprehensive security assessments. Skilled in innovative attack strategies and deeply understanding cyber threats to strengthen defenses. With a track record of pwning over 300 machines on HackTheBox and a portfolio of advanced certifications, I bring a proactive and relentless approach to cybersecurity. Ready to deploy my advanced penetration skills and contribute to the success of your team in a fast-paced cybersecurity landscape.

Experience

Penetration Tester (Cybersecurity Specialist)

Self-Employed
  • Advanced Penetration Testing: Executed advanced Active Directory penetration with deep enumeration, leveraging GMSA, GPOs, ACLs, Kerberos, and trust manipulation, utilizing LOTL attacks and fileless techniques.
  • Security Defense Evasion: Bypassed advanced security defenses including EDR, WDAC, AppLocker, and PowerShell CLM using evasion tactics like process injection and leveraging LOLBins for stealth operations.
  • Custom Script Development: Developed custom scripts and backdoors in Python, Bash, and PowerShell, optimizing automation for reconnaissance, exploitation, and persistence, enhancing undetectability.
  • Web Vulnerability Exploitation: Identified and exploited web vulnerabilities (XSS, CSRF, Java serialization, SQL injection) using Burp Suite, demonstrating a deep understanding of attack vectors and mitigation techniques.
  • Lateral Movement/Persistence: Utilized advanced techniques such as Rubeus, Mimikatz, and Impacket for lateral movement and persistence within networks.
  • Cloud Security: Worked in Azure environment, addressing cloud services vulnerabilities in Hybrid-AD using Azure AD tools.
  • Adversary Simulation: Utilized C2 frameworks for adversary simulation, applying advanced DLL side-loading/LOTL attacks and in-memory execution techniques to test and enhance defense mechanisms.
  • Privilege Escalation: Implemented innovative privilege escalation tactics through MSSQL vulnerabilities, constrained/delegated attacks, and abusing cross-forest eschewing traditional methods for more sophisticated initial access strategies.
  • Compliance Knowledge: Familiar with CIA Triad for NIST, OWASP, and HIPAA compliances learned from CISSP.
  • Community Engagement: Maintained industry knowledge by engaging with cybersecurity communities on GitHub, Discord, and exclusive DeepWeb forums.
  • Versatile Operations: Knowledgeable in SOC, threat hunting, incident response, & security management, ensuring comprehensive security posture assessments.
  • Automated Security Assessments: Automated security assessments across diverse platforms, identifying vulnerabilities in both emerging technologies and legacy systems, leveraging advanced tools and manual testing skills.
  • Security Hardening: Implemented techniques for Windows systems, applying best practices for securing endpoints, servers, and network devices.
June 2021 - Present

Service Technician

Assurant
  • Certified Technician: Achieved Apple and Samsung certification for phone repairs.
  • Quality Assurance: Conducted thorough testing of repaired devices to ensure they met quality standards.
  • Device Repairs: Diagnosed and repaired hardware issues such as screens, speakers, cameras, and batteries.
  • Software Troubleshooting: Resolved software problems including operating system malfunctions, backup issues, and app-related concerns.
September 2021 - December 2021

Education

Walsh College

Bachelor of Science
Information Technology - Cybersecurity

GPA: 3.23

Oakland Community College

Associate of Science
Computer Information Technology - Cybersecurity

GPA: 3.13

Rochester High School

Diploma

GPA: 3.34

Skills

Programming Languages
  • SQL
  • Bash
  • Python
  • PowerShell
  • Learning Ruby
Operating Systems
  • Windows (10+ years)
  • Linux (5+ years)
  • macOS (3+ years)
  • VM Ware (3+ years)
  • Qubes, Tails, Whonix (2+ years)
Tools and Techniques
  • Active Directory (Azure) Exploitation Tools:
    • Lateral Movements: Encrypted Mimikatz, Rubeus, PowerShell Remoting, etc.
    • Domain Enumeration: AD Module, PowerView, etc.
    • Domain Privilege Escalation: Kerberoast, Impacket, Constrained/Unconstrained Delegation, etc.
    • Domain Persistence: Powermad, PowerUpSQL, Golden/Silver Ticket Attacks, DCsync, Custom SSP.
    • Cross Forest Attacks: BloodHound CE, ASREPRoast, Abusing Certificate, GPOs, etc.
  • Web Pentest Tools: Fuff, Gobuster, Sqlmap, Intruder, BurpSuite Pro
  • Network Exploitation Tools: Ligolo, Chisel, Responder, CrackMapExec
  • Command and Control (C2) Frameworks: Brute Ratel C4, Cobalt Strike, Manjusaka, Alchimist, Sliver
  • Reverse Engineering and Evasion Tools: Ghidra, Binary Ninja, ScareCrow, Exploit Pack, Custom Scripts, Custom Shellcode
  • Network Monitoring and SOC: Rapid7, Splunk, Acunetix, Tenable Nessus, Qualys
  • Threat Intelligence and Hunting Tools: OpenCTI, MISP, YARA with custom rulesets, Maltego with dark web plugins
  • Other Tools: Nmap, Netcat, Wireshark, Customs, more than 200+ additional tools

Certifications

  • Vulnlab - Wutai and Shinra
  • eJPT - Junior Penetration Tester
  • CCNA - Cisco Certified Network Associate
  • Network Pro - TestOut Network Pro certification
  • eWPTX - Web application Penetration Tester eXtreme
  • HackTheBox - Rasta, Dante, Offshore, Cybernetics, APT, and Zephyr

Upcoming Certifications

  • OSCE3 - Offensive Security Certified Expert 3
  • GXPN - GIAC Exploit Researcher and Advanced Penetration Tester