Ethical Hacker

at  Packetlabs

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan “Ready for more than a VA scan?” drives at the importance of not providing our clients with a false sense of security.
We are a passionate team of highly trained, proactive ethical hackers. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard.
To do so, we only hire individuals with the same drive and passion.

WHO WE ARE LOOKING FOR

• Core values:
• Customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
• You deliver work that you take pride in. Your work is an autograph of your excellence.
• Digs deeper into every finding. Doesn’t stop until impact is proven.
• Is comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn’t your typical job and requires adapting to rapidly changing environments.
• Is always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
• Self-motivated and dependable.
• Is humble. Egos don’t have a place at Packetlabs.
• Education and experience:
• A graduate of Information Security or Computer Science degree program.
• Has between two and five years of experience in a similar role.
• Has professional qualifications (one or more): CISSP, OSCP, OSCE, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, BSCP. OSCP or Burp is mandatory.

• Penetration testing of web applications, mobile applications, APIs, and cloud.
• If ready according to Packetlabs standards:
• Penetration testing of infrastructure that includes on-premises, hybrid, and cloud environments
• Network Attacks: Developing access with no privileges but network access.
• Active directory:
• Unauthenticated Exploitation - AD exploitation as a user without access to a domain user account. Gain a foothold in the network through misconfigurations, exploitation and AD-specific attacks.
• Authenticated Exploitation - Exploitation as a low-privileged domain user. Elevate privileges and laterally move within the network through abusing misconfigurations, exploitation and poor security configuration.
• Exploitation: Local User - Elevating privileges on a specific machine.
• Exploitation: Cross-Forest - Leveraging privileged access to compromise multiple segmented AD environments.
• Advanced - Post-Exploitation Activities: Combining all of the above along with credential access, evasion, and lateral movement to demonstrate impact and risk.
• Red teaming
• Demonstrate the ability to engineer resilient infrastructure and creative TTPs as part of the red team lifecycle.
• Ability to thrive in complex infrastructure environments and tackle technologies you might not be familiar with.
• Utilize common offensive security testing tools and tradecraft, and ability to customize existing toolsets to remove common IOCs.
• Possesses a deep knowledge of the entire red team lifecycle (Initial Access, Recon, Persistence, Lateral Movement, Privilege Escalation, Data Exfiltration, and Objective Completion).
• Purple teaming
• Possesses the ability to attack and avoid detection at different levels.
• Have a “hunt yourself” mentality. If you can skirt defenses, are you capable of demonstrating valid methods to detect/protect against said TTPs.
• Sitting and coaching defense teams to sprint through rule creation, alerting, and threat-hunting methodologies.
• Demonstrate capability in the creation of a detection-based attack range.