Hi, my name is

William Wallace

Red Teamer, Malware Developer, Security Researcher

About Me

 

I think like an attacker.

I push the limits of your security infrastructure, then rebuild it stronger.

Send me a message. Let's grab some coffee and swap stories.

 

  • Name William Wallace
  • Age 23 Years
  • Experience 4 Years
  • Country USA
  • Location New York, NY
View My Resume Contact Me

What I Do

Penetration Testing

Showing you why your security infrastructure needs to be fixed-- and how to do it.

Malware Development

Casually bypassing your EDR by combining Python, C++, and C# with a red teaming twist.

Vulnerability Mgmt.

Letting you run your business without needing to worry about cyber threats.

Security Engineering

Rebuilding your security infrastructure to prevent me from breaking into it again.

  • Professional Experience

  • Application Security Penetration Tester

    Coalfire Systems, Inc.

    May 2024 - Present

    Discovered and reported a misconfiguration in a software distribution platform that allowed Remote Code Execution across user fleets. Developed a custom Proof-of-Concept tool to demonstrate risk by successfully bypassing Windows Defender and executing shellcode, leading to a critical security patch and improved validation controls.

     

    Conducted 15+ penetration tests on AWS applications, services, and infrastructure, identifying and mitigating both common and advanced vulnerabilities to strengthen overall security posture.

     

    Reduced time required for performing code reviews by at least 25% by automating checks for common vulnerabilities and use of RegEx within code written in various languages including C-languages, Python, PowerShell, and Bash.

  • Penetration Tester

    Nave Security

    Nov 2023 - Dec 2024

    Performed external and internal AWS cloud, web application, and API penetration tests and wrote detailed reports on findings and potential remediation solutions for companies in the healthcare industry.

     

    Developed Windows malware designed to bypass common AV/EDR solutions with >99% success rate by using C++ and C# to develop sophisticated tools and leveraging GPT-4 to optimize and simplify the coding process.

  • Information Security Engineer

    Success Academy Charter Schools

    Mar 2024 - May 2024

    Performed adversary simulations against company infrastructure with >80% success rate by writing custom tools to carry out sophisticated evasion methods and stress-test CrowdStrike Falcon and Palo Alto Cortex.

     

    Tested physical security integrity of company locations by using social engineering to accomplish tailgating and the assumption of identities of other employees through keycard cloning and gaining access to normally restricted areas.

  • Offensive Tool Developer

    Kraken IO

    Jan 2024 - Feb 2024

    Created sophisticated, Windows-based red teaming tools for Ransomware Adversary Simulation exercises capable of bypassing and evading popular AV/EDR and SIEM monitoring solutions with >99% success rate by using Python, C++, C#, and Microsoft Macro Assembly x64 to interact with and manipulate the Windows API.

  • Offensive Security Engineer

    WIN Waste Innovations

    Mar 2023 - Dec 2023

    Performed Penetration Testing and wrote detailed reports on 30+ Windows Server and Linux devices, webapps and APIs, and SCADA systems using Kali Linux, Metasploit, Burp Suite, and self-coded tools to perform AV/EDR evasion.

     

    Resolved Vulnerability Management issues through patching 50+ recorded vulnerabilities using Agiloft to record and resolve security incidents and using Nessus and Kali Linux to confirm successful patching of recorded vulnerabilities.

     

    Implemented effective Endpoint Detection Response (EDR) solutions on 12,000+ Microsoft Azure servers and WIN Waste endpoints by installing CrowdStrike Falcon on devices to monitor and administrate activity.

  • Community Engagement

  • Contributor

    Black Hills Information Security

    Jan 2024 - Present

    Presenting valuable insight into research performed on malware development and AV/EDR evasion to 3,800+ members of the Black Hills Information Security community by answering questions, sharing experiences, and engaging in the red teaming community.

  • Interviewee

    Unscripted by David Raviv

    May 2024

    In this podcast episode, cybersecurity expert William Wallace shared profound insights into the cybersecurity landscape and the demands of the profession. Emphasizing the importance of dedication and proactive learning.

     

    His journey from an early fascination with malware on old operating systems to leading sophisticated cybersecurity initiatives serves as a testament to the dynamic and demanding nature of the field, which requires constant innovation and a forward-thinking approach.

  • Lead Researcher

    Columbia University

    Apr 2024

    Performed and presented research on practical ways to bypass EDRs in 2024 at Columbia University. Exhibited findings from testing various evasion methods against CrowdStrike Falcon EDR and Palo Alto Cortex xDR.

  • Workshop Leader

    HackCUNY 2024

    Feb 2024

    Led a hacker workshop during the HackCUNY 2024 hackathon. Taught the fundamentals of AV/EDR evasion through bypassing API hooking with system calls to 50+ students by demonstrating detailed proof-of-concepts.

  • Hacker

    National Cyber League 2023

    Jan 2023 - Apr 2023

    Achieved Top 1% ranking nationwide in the NCL 2023 competition for the John Jay Cyberhounds team by solving real-world cybersecurity challenges including identifying hackers from forensic data, pentesting and auditing vulnerable websites, and more.

  • Offensive Security Projects

  • LetMeowIn

    GitHub Link

    Cyber Security News Article

    Feb 2024 - May

    Created a sophisticated, covert Windows-based credential dumper using C++ and Microsoft Macro Assembly x64.

     

    Historically has (and may presently still) bypassed Windows Defender and commercial security solutions Malwarebytes Anti-Malware and CrowdStrike Falcon EDR Complete.

     

    Avoids detection by manually implementing NTAPI operations through indirect system calls, disabling telemetry, obfuscating API function names and pointers, creating offline copies of the LSASS process to perform memory dumps on, and corrupting the signature of dropped files.

     

    Project has gained >300 stars from other members of the red teaming community on GitHub since initial release.

  • etwunhook

    GitHub Link

    Jan 2024 - Feb 2024

    Created a Windows-based ETW unhook PoC using C++ and Microsoft Macro Assembly x64. Overwrites NtTraceEvent opcode by performing indirect system calls with NtProtectVirtualMemory and NtWriteVirtualMemory and ultimately disabling ETW at Nt* function level.

     

    Avoids detection by bypassing EDR hooks on the Windows API with manual implementation of Nt* functions and finding unhooked opcodes to use as trampolines.

  • Higher Education

  • CUNY John Jay College of Criminal Justice

    B.S. in Computer Science and Information Security

    Minor in Cybercrime

    2018 - 2023

    Hacker - National Cyber League Spring 2023

    Speaker - From John Jay to Cybersecurity Exellence Alumni Panel

    Member - John Jay ISACA Student Group

Projects I've Worked On

Contact Form