Hi, my name is

William Wallace

Red Teamer, Malware Developer, Security Researcher

Read About Me

About Me

 

William Wallace is an offensive security researcher and red team developer specializing in advanced evasion and threat simulation. Self-taught over the past four years, he has engineered custom malware and tooling capable of bypassing leading EDR solutions, including CrowdStrike Falcon, Microsoft Defender for Endpoint, and Palo Alto Cortex.

 

His work at various prestigious firms, including Coalfire DivisionHex, Accenture, and Nave Security reflect a blend of deep technical expertise and pragmatic problem-solving, while his community engagement and research contributions continue to shape conversations around modern adversarial tradecraft.

 

  • Experience 4 Years of Penetration Testing & Adversarial Research
  • Focus Areas Application Security, Windows Internals, Loader Development
  • Country United States
  • Location New York, Remote
View My Resume Contact Me

What I Do

Penetration Testing

Showing you exactly where, why, and how your company's security infrastructure needs to be fixed.

Evasive Tooling

Casually C2'ing past your EDRs by combining Python, C++, and Assembly with a hint of mad science.

Application Security

Because your company's web apps and chatbots deserve more than hope, vibes, and a firewall.

Adversary Simulation

A mix of red teaming and operating like other threat actors-- without copying their mistakes.

What I've Done

  • Professional Experience

  • Application Security Consultant

    Coalfire DivisionHex

    May 2024 - Present

    Expanded beyond core responsibilities to contribute to weeks-long adversary simulation exercises, as well as perform social engineering and physical security assessments, including vishing simulations and on-site access attempts, resulting in strengthened employee security awareness and improved training across multiple clients.

     

    Discovered and reported a misconfiguration in a software distribution platform that allowed Remote Code Execution across user fleets. Developed a custom Proof-of-Concept tool to demonstrate risk by successfully bypassing Windows Defender and executing shellcode, leading to a critical security patch and improved validation controls.

     

    Reduced time required for performing code reviews by at least 25% by automating checks for common vulnerabilities and use of RegEx within code written in various languages including C-languages, Python, PowerShell, and Bash.

  • Penetration Tester

    Nave Security

    Nov 2023 - Mar 2025

    Performed external and internal AWS cloud, web application, and API penetration tests and wrote detailed reports on findings and potential remediation solutions for companies in the healthcare industry.

     

    Developed Windows malware designed to bypass common AV/EDR solutions with >99% success rate by using C++ and C# to develop sophisticated tools and leveraging GPT-4 to optimize and simplify the coding process.

  • Offensive Security Engineer

    WIN Waste Innovations

    Mar 2023 - Dec 2023

    Performed Penetration Testing and wrote detailed reports on 30+ Windows Server and Linux devices, webapps and APIs, and SCADA systems using Kali Linux, Metasploit, Burp Suite, and self-coded tools to perform AV/EDR evasion.

     

    Resolved Vulnerability Management issues through patching 50+ recorded vulnerabilities using Agiloft to record and resolve security incidents and using Nessus and Kali Linux to confirm successful patching of recorded vulnerabilities.

     

    Implemented effective Endpoint Detection Response (EDR) solutions on 12,000+ Microsoft Azure servers and endpoints by installing CrowdStrike Falcon on devices to monitor and administrate activity.

  • Vulnerability Management Intern

    Accenture

    Jun 2022 - Aug 2022

    Updated Vulnerability Management to support the migration of 13,000+ users and devices between company acquisitions by effectively managing and carrying out assigned projects from inception to successful rollout.

     

    Carried out penetration tests with Accenture’s Advanced Attack and Readiness Operations’ [AARO] team using Burp Suite and other penetration testing tools.

  • Community Engagement

  • Interviewee

    Unscripted by David Raviv

    May 2026

    Appeared as a featured guest on Unscripted, a cybersecurity podcast run by SecurityScorecard Head of Partner Solutions and NYIS Founder David Raviv, discussing the self-taught path into offensive security. Covered advanced topics including malware development, physical penetration testing, and the evolving cat-and-mouse dynamic of modern endpoint detection. Shared practical guidance on leveraging home labs, public GitHub portfolios and personal websites, and responsible AI-assisted learning as differentiators for breaking into red team consulting.

  • Speaker

    Coalfire Hexcon 2026

    Mar 2026

    Presented talk demonstrating the development of a custom User-Defined Reflective Loader (UDRL) built entirely from publicly available research, illustrating that advanced red team tradecraft is achievable through disciplined application of open-source knowledge rather than proprietary tooling or techniques.

  • Contributor

    Black Hills Information Security

    Jan 2024 - Present

    Presenting valuable insight into research performed on malware development and AV/EDR evasion to 3,800+ members of the Black Hills Information Security community by answering questions, sharing experiences, and engaging in the red teaming community.

  • Lead Researcher

    Columbia University

    Apr 2024

    Performed and presented research on practical ways to bypass EDRs in 2024 at Columbia University. Exhibited findings from testing various evasion methods against CrowdStrike Falcon EDR and Palo Alto Cortex xDR.

  • Workshop Leader

    HackCUNY 2024

    Feb 2024

    Led a hacker workshop during the HackCUNY 2024 hackathon. Taught the fundamentals of AV/EDR evasion through bypassing API hooking with system calls to 50+ students by demonstrating detailed proof-of-concepts.

  • Hacker

    National Cyber League 2023

    Jan 2023 - Apr 2023

    Achieved Top 1% ranking nationwide in the NCL 2023 competition for the John Jay Cyberhounds team by solving real-world cybersecurity challenges including identifying hackers from forensic data, pentesting and auditing vulnerable websites, and more.

  • Offensive Security Projects

  • trustme

    GitHub Link

    Mar 2026

    Developed a Cobalt Strike Beacon Object File (BOF) to escalate from Administrator to TrustedInstaller context via thread impersonation, enabling modification of OS-protected files and services.

     

    Avoids Service Control Manager interaction by using the DISM API to trigger TrustedInstaller.exe, and enumerates processes/threads indirectly through NtGetNextProcess and NtGetNextThread.

  • LetMeowIn

    GitHub Link

    Binary Defense Article

    Feb 2024 - May 2024

    Created a sophisticated, covert Windows-based credential dumper using C++ and Microsoft Macro Assembly x64.

     

    Historically has (and may presently still) bypassed Windows Defender and commercial security solutions Malwarebytes Anti-Malware and CrowdStrike Falcon EDR Complete.

     

    Avoids detection by manually implementing NTAPI operations through indirect system calls, disabling telemetry, obfuscating API function names and pointers, creating offline copies of the LSASS process to perform memory dumps on, and corrupting the signature of dropped files.

     

    Project has gained >300 stars from other members of the red teaming community on GitHub since initial release.

  • Vulnerability Research & Disclosures

  • CVE-2025-54960

    CVE Record

    Malwarebytes Entry

    Jun 2025 - TBD

    Exploited the mbamchameleon.sys kernel driver to weaponize its Protected Process killing capabilities.

     

    Allows operators to perform privilege escalation into kernel to kill Protected Processes, such as Windows Defender and EDR agent processes.

     

    Currently not on any driver blocklists and undetected by most commercial security tools including AV/EDR vendors.

Where I've Done It

All Hacking Networking Coding

Contact Form

 

Contact Information

New York, NY

[email protected]

Meowmycks.4444