Introduction

About me

Hello, I'm Keanen, a Cybersecurity and Network Systems Administration graduate from Rasmussen University. I'm currently working as a System Administrator for a MSP that provides support services to a wide range of organizations that vary in industry. I've been recently given the amazing opportunity to perform Security Audits, Security Awareness Training, and Penetration Testing!

Personal activities include visiting family and friends, meeting up with previous coworkers almost once a week to stay in touch, hiking, camping, and continuing my education.

Experience

Sora Technologies - System Administration/All IT Support Tiers

Maintaining the SLA for response and resolution regarding support requests and projects, troubleshooting hardware, software, and services running on Windows Server and client systems, installing and configuring end user computers and printers, updating documentation on new installations or updates to software/hardware configurations, monitoring network activity to identify any malicious activity or vulnerable protocols being used, securing any vulnerabilities found, and maintaining documentation on steps taken to resolve each incident whether IT Support or Cybersecurity related. I find looking though the Event Logs on the Domain Controller to be useful in identifying any brute-force password attacks since the VPN uses the Domain Controller for authentication. I provide continuous support for around 30 companies, which ranges in difficulty/expertise, including application specific, network, email delivery, VPN, MFA troubleshooting. I’ve been spending much of my time here in the O365 Admin portal where I have implemented Information Protection Policies for email encryption, among other things. I’ve installed the Azure VPN on client systems plenty of times, along with the Cisco AnyConnect, and Forticlient VPN client installations. We always have our remote management software installed on Virtual Machines in the cloud, so we just remote into them like any other client device. Lately, I have also been given the opportunity to perform authed/no-auth vulnerability scanning and compliance scanning with Nessus Pro for a client that wishes to have a Security Audit, Penetration Testing, Phishing Campaigns, and Security Awareness Training. I will be the lead for each of those deliverables.

CAT/HCL Technologies - IT Analyst

I perform system imaging and configurations on Windows 10, macOS, and Linux operating systems, IT Support up to tier three, and delivery/deployment of systems. Asset Management includes performing inventory to support audits, sorting methods based on data retention policies, and changing the status of assets accordingly within Service-Now. Other duties include maintaining a clean work environment, a professional appearance, and upholding the SLA relative to incidents and support tickets.

December, 2021 - May, 2023

May, 2023 - Present

Education

Network Systems Administration

February 2020 - September 2021

Associates Degree from Rasmussen University

Cumulative GPA: 3.88

Cybersecurity

October 2021 - August 2023

Bachelors Degree from Rasmussen University

Cumulative GPA: 3.88

AZ - 900

October 29, 2023

Microsoft Certified: Azure Fundamentals

System Administration Skills

Troubleshooting Hardware/Software

The majority of troubleshooting experience I have gained has come from my role at SORA Technologies. This ranges in devices from anything you can find in a commercial environment such as printers, access points, laptops, desktops, servers, switches, firewalls, etc. The software varies just as much since each industry may use a different variety of vendor-developed, internally hosted applications to support critical business operations.

Customer Service

My role at SORA Technologies has been customer-facing, where the interactions can be either in Zoom/Teams meetings, over the phone, or in person.

Ticketing Systems

Working at CAT/HCL for 1.5 years, I had gotten familiar with Service-Now. I have been working with ConnectWise Manage as my ticketing system for 1.5 years at SORA Technologies as well.

I have working knowledge of Wireshark and it's ability to export files that were accessed during the capture. I also recently used Wireshark during a moment of compromise to identify suspicious network traffic.

Unifi Product Administration

I have working knowledge of the Unifi Cloud Key, Controller, and NVR. I've setup a Unifi NVR for a client along with mounting cameras, a Unifi Cloud Key that allowed remote management of a company's secure gateway, switch, and access points, and Unifi Controllers both setup as an application and service for local administration.

Active Directory

Both my role at SORA Technologies and my Network System Administration degree have given me working knowledge of managing users, groups, and computers in Active Directory. I've also used Group Policy Management in both realms.

Firewalls

I have working knowledge of configuring SSL VPNs and creating rules to block suspicious traffic on Fortigate devices from my role at SORA Technologies. Other firewalls that I have personal experience with are PFSense, OPNSense, and Cisco ASAs from my Bachelors program.

SIP/VOIP

I have working knowledge of maintaining and configuring SIP phones through Sangoma Portal from my role at SORA Technologies. I've registered new phones, configured extensions for those new phones, configured forwarding to custom devices(users cell phones), voicemails, and speed dial preferences.

Printers

Working in my role at SORA Technologies, I've gained working knowledge of configuring Scan to SMB/FTP/Email on a variety of printers such as Xerox, Epson, HP, and Brother. This includes assigning static addresses and adding them to the Print Server.

DHCP

I have gained working knowledge of configuring DHCP, along with exclusions and reservations for infrastructure devices.

DNS

I have gained working knowledge of configuring DNS on both Windows Server and on Registrars such as GoDaddy, Hostinger, NameCheap, and Domain.com.

Cybersecurity Skills

Packet Capturing

I have working knowledge of the Office 365 Admin Center. I gained this knowledge from my role at SORA Technologies such as Resetting MFA, Configuring Information Protection Policies for Email Encryption, Managing account passwords, memberships, access to shared mailboxes, licensing, creating Auto Attendants and Call Queues in the Teams Admin Center, and creating Distribution Lists.

Office 365 Admin

Identifying Website Technologies

I have been using Builtwith and Wappalyzer for identifying website technologies and any version numbers that might be found because of Information Disclosure. If a website has a CMS entry, I attempt a rate-limited brute force attack on the admin page.

Finding Subdomains

I have working knowledge of finding subdomains with Sublist3r and Google Fu, where you can search for a domain and exclude www such as "site:<domain> -www".

Vulnerability Scanning

I have working knowledge of Nmap, Nikto, HostedScan, and Nessus Pro. I've used Nmap and Nessus during my Bachelors program and am currently using them for a Security Audit. I just recently started using Nikto and HostedScan, although I did learn about Nikto through TCM-Security.

Directory Fuzzing

I have been using Dirbuster, Ferox-buster, and FFUF to map out available website directories.

I have working knowledge of setting up and using Burpsuite. I learned through TCM-Security and my Bachelors program. Mainly, I've been using the Proxy to capture requests that I either send to Intruder or Repeater. With Intruder, I've been primarily using the ClusterBomb payload setting to spread out brute force attempts while working on an External Assessment.

Proxies

I have working knowledge of Metasploit and the difference between staged and non-staged payloads. If a staged reverse-shell doesn't work, it's a good practice to try a non-staged payload; vice-versa. Other places I've looked for exploits include Github and Exploit-DB. With websites, I've mainly been attempting SQL-Injection with Sqlmap, LFI, RFI, Brute-Force, XSS, and SSRF with Burpsuite. Some Active Directory exploits include ntlmrelayx.py, mitm6, metasploit auxiliary scanners for enumerating credentials, smbrelay.py, responder.py for capturing hashes, crackmapexec and secretsdump.py for dumping hashes, Bloodhound for AD Recon, GetUserSPNs.py for Kerberoasting, and Meterpreter shells to get delegate tokens.

Exploitation