Thiago Mayllart

Co-Founder

São Paulo, São Paulo, Brazil7 yrs 6 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Expert in Red Team engagements and penetration testing.
  • Proficient in automation and tool development for security.
  • Strong leadership and mentoring experience in cybersecurity.
Stackforce AI infers this person is a Red Team expert in cybersecurity with strong automation and leadership skills.

Contact

LinkedIn

Skills

Core Skills

Red TeamPenetration TestingTeam Leadership

Other Skills

AutomationCloud SecurityComputer ScienceContainerizationCybersecurityJamfPhishing CampaignsRed Team engagementsReports ElaborationSocial EngineeringVulnerability Assessment

About

• Ability to create Infrastructure Resources for Red Team engagements: automation and rotation of redirectors and C2 servers (Creator of Harvis); creation of covert channel profiles for post-exploitation tools (Creator of DNS Profile – Mythic). • Knowledge in evasion of signature-based protection mechanisms (AMSI), EDRs (syscall manipulation) and telemetry (ETW) through process injection and byte patching techniques. • Experience in the creation of different phishing contexts through company and employees reconnaissance, in order to capture credentials or establish an initial foothold in the target. • Ability to enumerate, move laterally, set persistence and exfiltrate confidential information through Active Directory exploitation, minimizing indicators of compromise during the engagement. • Knowledge in reconnaissance techniques for Penetration Testing: Brute-Force; Permutation of Subdomains; Virtual Host discovery; SSL certificate analysis, finding subdomains with search indexers (Dorking), static content analysis (Javascript, HTML, etc), reverse DNS lookup. • Knowledge in vulnerabilities and manual/automated exploitation in Web Applications: Password Spray, SQL Injection, Cross-Site Scripting, Template Injection, XXE Injection, Deserialization, CSRF, Command Injection, Code Injection, Cookie Manipulation and vulnerable Ciphers (CBC/EBC), etc. • Experience with automated tools for Vulnerability Assessments: Nessus, Acunetix, Qualys. • Ability to automate Tools and Procedures during Red Team engagements (Scripting). • Knowledge in Artificial Intelligence – Reinforcement Learning: Dynamic Programming, Monte Carlo, Temporal Difference, Tabular Methods, Eligibility Traces. • Programming Languages: Rust, C#, Python, C, Java, Powershell, Bash. • Public Projects: Harvis: C2/redirector automation tool; Mythic: Port Forward task and DNS Profile for Apollo Agent; DarkMelkor: loading .NET assemblies in disposable AppDomains and injected processes; NightVision: subdomain enumeration tool. Private Projects: custom loader against EDRs; syscall dynamic resolution without importing ntdll or D/Invoke stubs; custom injection techniques and ETW syscall patch for Apollo.

Experience

Kraken digital asset exchange

2 roles

Senior Red Team Engineer

Promoted

Apr 2024Present · 1 yr 11 mos

Red Team Engineer

Nov 2021Mar 2024 · 2 yrs 4 mos

  • Conducting Red Team engagements: from data reconnaissance to exfiltration of sensitive information in a compromised environment.
  • Conducting Pentest in Web Application and Infrastructures through Black Box, Grey Box and White Box (Code Review).
  • Automation and development of tools (AV/EDR bypasses, payloads, droppers, infrastructure automation) for Team Operations.
  • Elaboration of Phishing Campaigns and Spear Phishing contexts.
  • Research with Team Members in Vendor Applications.
  • Reports Elaboration: describing vulnerabilities, impact, procedure of exploitation and recommended
  • corrections.
  • Presentations to different areas of the company, describing the path of exploitation, features involved and
  • assisting during the procedure of correction.
  • Dossier elaboration: assessment of new employees, background check (finding personal information,
  • locations, relatives, email addresses, interests).
Red Team engagementsPenetration TestingAutomationPhishing CampaignsVulnerability AssessmentRed Team

Hakai offensive security

Co-Founder/Partner & Red Team Technical Lead

Aug 2021May 2024 · 2 yrs 9 mos · São Paulo, Brazil

  • Team Leadership: Experience in leading and managing a technical team, including assigning tasks, coordinating efforts, and ensuring the overall effectiveness of the team.
  • Mentorship: Experience in mentoring and developing team members, cultivating their skills, and assisting in their career growth.
  • Workload Management: balancing multiple projects and responsibilities, ensuring high-quality output and meeting deadlines.
  • Conducting Red Team engagements: from data reconnaissance to exfiltration of sensitive information in a compromised environment.
  • Conducting Pentest in Web Application and Infrastructures through Black Box, Grey Box and White Box (Code Review).
  • Automation and development of tools (AV/EDR bypasses, payloads, droppers, infrastructure automation) for Team Operations.
  • Elaboration of Phishing Campaigns and Spear Phishing contexts.
  • Research with Team Members in Vendor Applications.
  • Reports Elaboration: describing vulnerabilities, impact, procedure of exploitation and recommended
  • corrections.
Team LeadershipRed Team engagementsPenetration TestingAutomationPhishing CampaignsReports Elaboration+1

Stone

Senior Red Teamer

Jan 2020Nov 2021 · 1 yr 10 mos · São Paulo, Brazil

  • Conduct Red Team engagements, encompassing everything from data reconnaissance to the exfiltration of sensitive information in compromised environments.
  • Perform penetration testing on web applications and infrastructures using Black Box, Grey Box, and White Box methodologies (including code review).
  • Create payloads for current and team members' engagements.
  • Design and implement phishing and spear-phishing campaigns.
  • Lead training sessions and workshops for team members.
  • Develop automation scripts and conduct research to enhance Active Directory exploitation, bypass protection mechanisms, and improve operational security during engagements.
  • Provide assistance on projects for other team members.
  • Support the Blue Team in detecting and correcting vulnerabilities.
  • Generate comprehensive reports that detail vulnerabilities, their impacts, exploitation methods, and recommended remediations.
Red Team engagementsPenetration TestingPhishing CampaignsAutomationReports ElaborationRed Team

Ey

2 roles

Senior Information Security Consultant/Pentester

Jan 2019Dec 2019 · 11 mos · São Paulo, Brazil · On-site

Trainee Information Security Consultant/Pentester

Jul 2018Dec 2018 · 5 mos · São Paulo, Brazil · On-site

  • Conduct penetration tests on web applications and infrastructure using both automated and manual techniques for internal and external assessments.
  • Generate detailed reports that outline vulnerabilities, impacts, exploitation procedures, and recommend corrective actions.
  • Perform automated scans for comprehensive vulnerability assessments.
  • Develop automation scripts to enhance efficiency during the reconnaissance, engagement, and exploitation phases.
  • Provide web application security training to clients.
Penetration TestingVulnerability AssessmentAutomation

Xp investimentos

Information Security Analyst

Apr 2017Aug 2017 · 4 mos · São Paulo, Brazil

  • Monitor and analyze emails via proxy filters to protect employees from malware, spam, and irrelevant communications.
  • Manage and grant employee permissions to prevent access to excessive, harmful, or non-business related functionalities.
  • Ensure the integrity of physical and virtual assets by using audit inventory tools to detect and eliminate harmful or performance-compromising software.
  • Track virtual assets with tools designed for cataloging and analyzing file/directory usage, facilitating periodic access reviews.

Education

USP - Universidade de São Paulo

Bachelor's degree — Computer Science

Apr 2014Dec 2018

University of Alberta

Bachelor's degree — Computer Science

Sep 2017Dec 2017

Stackforce found 100+ more professionals with Red Team & Penetration Testing

Explore similar profiles based on matching skills and experience

👨🏻‍💻 Blessen Thomas

👨🏻‍💻 Blessen Thomas

Senior Cyber Security Consultant | Attack & Pen

at EY

Wrocław, Poland13 yrs 1 mo exp
Application SecurityPenetration TestingRed Teaming
satyam lohomi

satyam lohomi

Analyst

at Capgemini

Navi Mumbai, India0 mo exp
Penetration Testing
Govind Sharma

Govind Sharma

Mobile Security Engineer

at Thales

Bhilwara, India3 yrs 8 mos exp
Mobile SecurityReverse Engineering
Atul kishor Jaiswal

Atul kishor Jaiswal

Senior Security Engineer

at CRED

Bangalore, India8 yrs 11 mos exp
Cloud SecurityIncident Response & ForensicsRed Teaming & Adversary SimulationVulnerability AssessmentVulnerability Management
Mohammad Y.

Mohammad Y.

Associate Consultant - Offensive Security

at CLA Global Indus Value Consulting

Mumbai, India10 mos exp
Network PentestingApplication PentestingVulnerability Assessment
Shreyal Jain

Shreyal Jain

Technical Project Manager

at Securify AI

India4 yrs 4 mos exp
CybersecurityPenetration TestingVulnerability Assessment
Krishna Agrawal

Krishna Agrawal

President

at Cyberonites Club

Agra, India2 yrs 5 mos exp
Cybersecurity
Rashid Feroze

Rashid Feroze

Security engineering leader

at CRED

Bangalore Urban, India9 yrs 9 mos exp
AutomationCloud securityInfrastructure securityOffensive securityWeb application security