Hi, my name is

William Wallace

Red Teamer, Malware Developer, Security Researcher

About Me

 

I think like an attacker.

I push the limits of your security infrastructure, then rebuild it stronger.

Send me a message. Let's grab some coffee and swap stories.

 

  • Name William Wallace
  • Age 23 Years
  • Experience 4 Years
  • Country USA
  • Location New York, NY
View My Resume Contact Me

What I Do

Penetration Testing

Showing you why your security infrastructure needs to be fixed-- and how to do it.

Malware Development

Casually bypassing your EDR by combining Python, C++, and C# with a red teaming twist.

Vulnerability Mgmt.

Letting you run your business without needing to worry about cyber threats.

Security Engineering

Rebuilding your security infrastructure to prevent me from breaking into it again.

  • Professional Experience

  • Application Security Penetration Tester

    Coalfire Systems, Inc.

    May 2024 - Present

    Performing penetration tests and code reviews of AWS applications and cloud infrastructure.

     

    Simplifying the log review process of pentesting for various AWS services by writing Python and Bash scripts to automate regex checks for sensitive information and CR/LF injection attempts.

  • Information Security Engineer

    Success Academy Charter Schools

    Mar 2024 - May 2024

    Performed adversary simulations against company infrastructure with >80% success rate by writing custom tools to carry out sophisticated evasion methods and stress-test CrowdStrike Falcon and Palo Alto Cortex.

     

    Tested physical security integrity of company locations by using social engineering to accomplish tailgating and the assumption of identities of other employees through keycard cloning and gaining access to normally restricted areas.

     

    Improved the security posture of company infrastructure by performing code reviews on 10+ developed tools and scripts written in PowerShell, Bash, and other common scripting languages used to automate tasks.

     

    Oversaw Vulnerability Management for 6000+ Mac and Windows endpoints and AWS cloud instances by using CrowdStrike Falcon, Recorded Future, Wiz, and other tools to monitor and prioritize remediation of vulnerabilities.

  • Offensive Tool Developer

    Kraken IO

    Jan 2024 - Feb 2024

    Created sophisticated, Windows-based red teaming tools for Ransomware Adversarial Simulation exercises capable of bypassing and evading popular AV/EDR and SIEM monitoring solutions with >99% success rate by using Python, C++, C#, and Microsoft Macro Assembly x64 to interact with and manipulate the Windows API.

  • Penetration Tester

    Nave Security

    Nov 2023 - Mar 2024

    Performed external and internal AWS cloud, web application, and API penetration tests and wrote detailed reports on findings and potential remediation solutions for companies in the healthcare industry.

     

    Developed Windows malware designed to bypass common AV/EDR solutions with >99% success rate by using C++ and C# to develop sophisticated tools and leveraging GPT-4 to optimize and simplify the coding process.

  • Offensive Security Engineer

    WIN Waste Innovations

    Mar 2023 - Dec 2023

    Performed Penetration Testing and wrote detailed reports on 30+ Windows Server and Linux devices, webapps and APIs, and SCADA systems using Kali Linux, Metasploit, Burp Suite, and self-coded tools to perform AV/EDR evasion.

     

    Resolved Vulnerability Management issues through patching 50+ recorded vulnerabilities using Agiloft to record and resolve security incidents and using Nessus and Kali Linux to confirm successful patching of recorded vulnerabilities.

     

    Implemented effective Endpoint Detection Response (EDR) solutions on 12,000+ Microsoft Azure servers and WIN Waste endpoints by installing CrowdStrike Falcon on devices to monitor and administrate activity.

  • Community Engagement

  • Contributor

    Black Hills Information Security

    Jan 2024 - Present

    Presenting valuable insight into research performed on malware development and AV/EDR evasion to 3,800+ members of the Black Hills Information Security community by answering questions, sharing experiences, and engaging in the red teaming community.

  • Interviewee

    Unscripted by David Raviv

    May 2024

    In this podcast episode, cybersecurity expert William Wallace shared profound insights into the cybersecurity landscape and the demands of the profession. Emphasizing the importance of dedication and proactive learning.

     

    His journey from an early fascination with malware on old operating systems to leading sophisticated cybersecurity initiatives serves as a testament to the dynamic and demanding nature of the field, which requires constant innovation and a forward-thinking approach.

  • Workshop Leader

    HackCUNY 2024

    Feb 2024

    Led an offensive security focused workshop during the HackCUNY 2024 hackathon. Taught the fundamentals of AV/EDR evasion through bypassing userland EDR hooks with system calls to 50+ students by demonstrating proof-of-concepts and findings from months of dedicated learning and experimentation.

     

    Led a defensive security focused workshop during the HackCUNY 2024 hackathon. Provided insight into implementing cybersecurity best practices into web development to 50+ students by exhibiting catastrophic real-world examples of the consequences of insecure website design and examples of key issues to focus on.

  • Hacker

    National Cyber League 2023

    Jan 2023 - Apr 2023

    Achieved Top 1% ranking, placing 58th nationwide in the NCL 2023 competition for the John Jay Cyberhounds team by solving real-world cybersecurity challenges including identifying hackers from forensic data, pentesting and auditing vulnerable websites, and more.

  • Flag Capturer

    BarSides CTF

    Sep 2023

    Competed and collaborated in 15+ public CTF events for the BarSides team, ranking 121st place in 2023.

     

    Created a writeup for the We Need to Break Free challenge during Trellix HAX 2023. Performed RCE by exploiting unsanitized inputs to gain a reverse shell and obtain the flag.

  • Speaker

    From John Jay to Cybersecurity Excellence Alumni Panel

    Sep 2023

    Guided 30+ aspiring cybersecurity professionals studying at CUNY John Jay College of Criminal Justice on key skills and early achievements to focus on and gain before leaving college in order to maximize their chances at landing desired positions in the field.

  • Offensive Security Projects

  • LetMeowIn

    GitHub Link

    Cyber Security News Article

    Feb 2024 - May

    Created a sophisticated, covert Windows-based credential dumper using C++ and Microsoft Macro Assembly x64.

     

    Historically has (and may presently still) bypassed Windows Defender and commercial security solutions Malwarebytes Anti-Malware and CrowdStrike Falcon EDR Complete.

     

    Avoids detection by manually implementing NTAPI operations through indirect system calls, disabling telemetry, obfuscating API function names and pointers, creating offline copies of the LSASS process to perform memory dumps on, and corrupting the signature of dropped files.

     

    Project has gained >300 stars from other members of the red teaming community on GitHub since initial release.

  • etwunhook

    GitHub Link

    Jan 2024 - Feb 2024

    Created a Windows-based ETW unhook PoC using C++ and Microsoft Macro Assembly x64. Overwrites NtTraceEvent opcode by performing indirect system calls with NtProtectVirtualMemory and NtWriteVirtualMemory and ultimately disabling ETW at Nt* function level.

     

    Avoids detection by bypassing EDR hooks on the Windows API with manual implementation of Nt* functions and finding unhooked opcodes to use as trampolines.

  • Higher Education

  • CUNY John Jay College of Criminal Justice

    B.S. in Computer Science and Information Security

    Minor in Cybercrime

    2018 - 2023

    Hacker - National Cyber League Spring 2023

    Speaker - From John Jay to Cybersecurity Exellence Alumni Panel

    Member - John Jay ISACA Student Group

Projects I've Worked On

Contact Form