Red Teamer, Malware Developer, Security Researcher
 
I think like an attacker.
I push the limits of your security infrastructure, then rebuild it stronger.
Send me a message. Let's grab some coffee and swap stories.
 
Showing you why your security infrastructure needs to be fixed-- and how to do it.
Casually bypassing your EDR by combining Python, C++, and C# with a red teaming twist.
Letting you run your business without needing to worry about cyber threats.
Rebuilding your security infrastructure to prevent me from breaking into it again.
Coalfire Systems, Inc.
May 2024 - PresentDiscovered and reported a misconfiguration in a software distribution platform that allowed Remote Code Execution across user fleets. Developed a custom Proof-of-Concept tool to demonstrate risk by successfully bypassing Windows Defender and executing shellcode, leading to a critical security patch and improved validation controls.
 
Conducted 15+ penetration tests on AWS applications, services, and infrastructure, identifying and mitigating both common and advanced vulnerabilities to strengthen overall security posture.
 
Reduced time required for performing code reviews by at least 25% by automating checks for common vulnerabilities and use of RegEx within code written in various languages including C-languages, Python, PowerShell, and Bash.
Nave Security
Nov 2023 - Dec 2024Performed external and internal AWS cloud, web application, and API penetration tests and wrote detailed reports on findings and potential remediation solutions for companies in the healthcare industry.
 
Developed Windows malware designed to bypass common AV/EDR solutions with >99% success rate by using C++ and C# to develop sophisticated tools and leveraging GPT-4 to optimize and simplify the coding process.
Success Academy Charter Schools
Mar 2024 - May 2024Performed adversary simulations against company infrastructure with >80% success rate by writing custom tools to carry out sophisticated evasion methods and stress-test CrowdStrike Falcon and Palo Alto Cortex.
 
Tested physical security integrity of company locations by using social engineering to accomplish tailgating and the assumption of identities of other employees through keycard cloning and gaining access to normally restricted areas.
Kraken IO
Jan 2024 - Feb 2024Created sophisticated, Windows-based red teaming tools for Ransomware Adversary Simulation exercises capable of bypassing and evading popular AV/EDR and SIEM monitoring solutions with >99% success rate by using Python, C++, C#, and Microsoft Macro Assembly x64 to interact with and manipulate the Windows API.
WIN Waste Innovations
Mar 2023 - Dec 2023Performed Penetration Testing and wrote detailed reports on 30+ Windows Server and Linux devices, webapps and APIs, and SCADA systems using Kali Linux, Metasploit, Burp Suite, and self-coded tools to perform AV/EDR evasion.
 
Resolved Vulnerability Management issues through patching 50+ recorded vulnerabilities using Agiloft to record and resolve security incidents and using Nessus and Kali Linux to confirm successful patching of recorded vulnerabilities.
 
Implemented effective Endpoint Detection Response (EDR) solutions on 12,000+ Microsoft Azure servers and WIN Waste endpoints by installing CrowdStrike Falcon on devices to monitor and administrate activity.
Black Hills Information Security
Jan 2024 - PresentPresenting valuable insight into research performed on malware development and AV/EDR evasion to 3,800+ members of the Black Hills Information Security community by answering questions, sharing experiences, and engaging in the red teaming community.
Unscripted by David Raviv
May 2024In this podcast episode, cybersecurity expert William Wallace shared profound insights into the cybersecurity landscape and the demands of the profession. Emphasizing the importance of dedication and proactive learning.
 
His journey from an early fascination with malware on old operating systems to leading sophisticated cybersecurity initiatives serves as a testament to the dynamic and demanding nature of the field, which requires constant innovation and a forward-thinking approach.
Columbia University
Apr 2024Performed and presented research on practical ways to bypass EDRs in 2024 at Columbia University. Exhibited findings from testing various evasion methods against CrowdStrike Falcon EDR and Palo Alto Cortex xDR.
HackCUNY 2024
Feb 2024Led a hacker workshop during the HackCUNY 2024 hackathon. Taught the fundamentals of AV/EDR evasion through bypassing API hooking with system calls to 50+ students by demonstrating detailed proof-of-concepts.
National Cyber League 2023
Jan 2023 - Apr 2023Achieved Top 1% ranking nationwide in the NCL 2023 competition for the John Jay Cyberhounds team by solving real-world cybersecurity challenges including identifying hackers from forensic data, pentesting and auditing vulnerable websites, and more.
Created a sophisticated, covert Windows-based credential dumper using C++ and Microsoft Macro Assembly x64.
 
Historically has (and may presently still) bypassed Windows Defender and commercial security solutions Malwarebytes Anti-Malware and CrowdStrike Falcon EDR Complete.
 
Avoids detection by manually implementing NTAPI operations through indirect system calls, disabling telemetry, obfuscating API function names and pointers, creating offline copies of the LSASS process to perform memory dumps on, and corrupting the signature of dropped files.
 
Project has gained >300 stars from other members of the red teaming community on GitHub since initial release.
Created a Windows-based ETW unhook PoC using C++ and Microsoft Macro Assembly x64. Overwrites NtTraceEvent opcode by performing indirect system calls with NtProtectVirtualMemory and NtWriteVirtualMemory and ultimately disabling ETW at Nt* function level.
 
Avoids detection by bypassing EDR hooks on the Windows API with manual implementation of Nt* functions and finding unhooked opcodes to use as trampolines.
B.S. in Computer Science and Information Security
Minor in Cybercrime
2018 - 2023Hacker - National Cyber League Spring 2023
Speaker - From John Jay to Cybersecurity Exellence Alumni Panel
Member - John Jay ISACA Student Group