My profile

Key Competences:

- IT Support, IT Consulting & Management

- Executing and Delivering, Result Oriented, Driving Change

- Digital Marketing

- Customer Service

- Contract Management

- Sales & Influence

Specialties:

Business(SMEs), Day Trading, IT Security, Leading & Helping people achieve their goals.

IT Security courses completed:

* x86 Assembly Language and Shellcoding on Linux

* x86_64 Assembly Language and Shellcoding on Linux

* GNU - Debugger Megaprimer

* Exploiting Simple Buffer Overflows on Win32

* Python for pentesters

* Web Application Pentesting

* Javascript for Pentesters

All my certificates from Lynda.com:

http://www.lynda.com/AllCertificates/User/2290141

I'd like to explore new opportunities within IT Security.

If you like to explore further what I'm up to, then follow me on my Twitter page: @Maxjensendk

I am a firm believer in that, no assignment is too big.

Mobile phone: +45 23 96 67 13

Mail: Max@maxjensen.dk

★★★ Alternatives ★★★

✔ Blog: http://www.maxjensens.blogspot.dk

✔ Twitter: http://twitter.com/maxjensendk

✔ Linkedin: http://www.linkedin.com/pub/max-jensen/49/b02/a55

Think of when performing in a new environment:

Don’t be malicious.

Don’t be stupid.

Don’t attack targets without written permission.

Consider the consequences of your actions.

If you do things illegally, you can be caught and put in jail! (Considering in Denmark, Straffeloven § 263 stk. 2)

Stanford university - Cryptography

Some of my favorite moments

Analysing 3rd party shellcode with Libemu

Exploiting Memcpy() within a simple TCP echo server on WinXP SP3:
- Meterpreter shell style

Using Railgun within Meterpreter to invoke a syscall that locks the client workstation

Exploitation from AoE - Web Server:
I was calculating about how large my NOP sled should be and allign the 78-byte shellcode, since the buffer was 500 bytes I knew that I had a chance to get control over the program execution - and thereby exploited the web server!

How System Calls work:
I learn stuff by drawing them down on my whiteboard.

Exploitation of FreeSSHd - example

Adding debugging content to exsisting programs and Stripping it afterwards

References

About - Max Jensen

Strategies &

Cyber threats!

Ethical hacking, has become more

popular over the world, and as well

I'm living my dreams out upon security

threats!. To prevent against the

recently updated security vulnerabillities

exposed by OWASP, exploit-db,

packetstormsecurity, 1337day etc.

Currently I'm avaliable to new job opportunities within InfoSec.

If you find my profile relevant, you can contact me by mail, and he will gladly respond to every mail ASAP:

Max@maxjensen.dk

As shown below, some methods to implement in a company to secure against security threats, or even on personal usage.

OpenTC strategies

Cryptographics

Shell & Physical security

Social Engineering tecniques

RFID insecurites

IPS/IDS, Firewall restrictions

IT-security politics

As shown, a different methods of preventing against exploits build upon vulnerabilities, are to be broken down in concepts.

OpenTC, stands for Open Trusted Computering, which is a great way for securing against attacks, but is not the only solution to be done.

ModSecurity is also some set of security which can be implemented, but should be restricted.

Iptables is commonly used as a Linux firewall, and can allow a lot of security impelementations, to make sure you will keep malicious users out.

You do not want to make the job easier for the attacker than given.

User accounts should be restriced, and should think out-of-the-box, to ensure quality, permissions has to be set as with precaution!.

Cryptographics, should be used when deliver an internal/external message to a client, within gpg, comming by default in Linux, this should be used to send messages, and also replace the files, to confuse the attacker, if the OS were to be compromised.

As Max commonly saying, to people who are not aware of security, and how it should be handeled -

You should treat shell access, as it were physical access.

Social Engineering tecniques, should also be taken seriously!.

This is a great threat to a company, if were (e.g. Attacker got into the IT comapny building, droping off a infected USB, carrying a rootkit on it, that has a payload to execute when opened upon a computer).

You got to make the personnel aware of several SE attacks.

RFID Insecurities, is something, which not many companies has taken seriously. But hey comon, if an attacker were desperate, he could deploy an attenna from Yagi-Uda 2,412GhZ, and start deauthenticating victims, becomming the man in the middle! - while you might not knowing, the next step were to sniff your password!, or to do some other privilige escalations.

IPS/IDS, Firewall restrictions, as mentioned firewall for Linux, such as Iptables, you could do a lot of things with this!. But it's a great start. IPS/IDS, are usually good, but in some advantages, it's giving false alarms. This might be usfull for some sys admins though, to check the log. But at the end of the day, if that's get's the job done, then everyone is happy right?. Snort, Kismet is to be mentioned, when doing some security researcing on the network.

IT-security politics, is bascially the main reason on securing a company / private use. Let's face it. there is nothing such as 100% security nowadays. Security is divided up in layers. The main factor here is, there will always be vulnerabilities, since there will always be humans involved. Companies need to focus on what is satisfying them, upon security messurements.

Day Trader & Security Researcher