$ ssh visitor@booteen.me [+] establishing secure channel… [+] access granted
Available for engagements — EU & US markets

Offensive Security Engineer.

I identify and validate real-world attack paths across applications, infrastructure, identity and cloud environments — and translate them into decisions your business can act on.

View capabilities i.am@booteen.me
0s
Successful penetration tests delivered
Critical
Findings validated — up to full domain compromise
0
Regulated industries — finance to energy
EU·US
Markets served — remote worldwide
Scroll
01 — Who am I

Attack paths,
not checklists.

Offensive security engineer working across European and US markets, from Kyiv, Ukraine.

I approach security assessments as more than a search for isolated vulnerabilities. My goal is to understand how weaknesses interact, how an attacker could move through an environment, and which technical issues create meaningful business risk.

My background spans penetration testing, network security, critical infrastructure, product security, cloud engineering and security automation — including highly regulated sectors such as finance, insurance, government, legal services and energy.

Alongside assessments, I build private platforms for phishing simulations, remote physical penetration testing, AI-assisted reconnaissance and security process automation.

  • [+]Multi-stage Active Directory compromise paths identified & validated — up to full domain compromise
  • [+]End-to-end attack-path validation with strict operational safety
  • [+]CPTS · ISC2 CC · Security+ · CCNA · HTB Dante Pro Lab
  • [+]Accelerated the performance of multiple business workloads by approximately 40%
booteen@kali — interactive shell
this shell is real — type help · explore the files · there's a flag hidden somewhere
02 — What I do

Core capabilities

Grouped by outcome — not an exhaustive tool list. Methodology aligned with OWASP, PTES and MITRE ATT&CK.

/01

Penetration Testing

External and internal assessments that validate realistic compromise paths — not just isolated findings.

InternalExternalSegmentation
/02

Active Directory & Identity

AD CS abuse, Kerberos attack paths, NTLM relay validation, hybrid AD / Entra ID environments.

AD CSKerberosEntra ID
/03

Web Application Security

Authentication, authorization, tenant isolation, business logic and API testing for multi-tenant apps.

OWASPAPIsMulti-tenant
/04

Cloud & Infrastructure

GCP, Azure and M365 assessments, container hardening, network segmentation and Zero Trust initiatives.

GCPAzureDocker
/05

Security Research & Tooling

Custom offensive tooling, reconnaissance automation and engagement-specific utilities that scale assessments.

PythonGoAutomation
/06

AI-Assisted Workflows

Human-in-the-loop AI pipelines for recon enrichment, finding correlation and attack-path identification.

ReconCorrelationHITL
03 — How I work

Anatomy of
an engagement

A representative multi-stage path — anonymized from a real internal assessment that ended in full domain compromise.

T01

Reconnaissance

Internal network mapping, identity and privilege analysis across the environment.

T02

Initial Foothold

Validating exposure: credential access, misconfigurations and exploitable services.

T03

Privilege Escalation

AD CS misconfiguration testing and certificate-based authentication abuse.

T04

Lateral Movement

Kerberos attack-path validation and domain replication privilege analysis.

T05

Impact & Reporting

Post-compromise impact analysis, safe evidence collection, remediation guidance.

Operational safety first

Sensitive exploitation always runs with human approval, evidence quality is preserved, and disruption is avoided — even in production-like environments.

04 — What I build

Private projects

Offensive security platforms kept private by design. Descriptions focus on purpose and capability, not implementation.

P—01

Phishing Simulation Platform

Controlled phishing assessment and security awareness platform — campaign lifecycle, analytics, behavioral metrics.

Private
P—02

Remote Physical Pentest Agent

Remotely managed hardware for authorized on-site assessments — secure operator channel, engagement isolation.

Private
P—03

AI-Assisted Offensive Tooling

Recon enrichment, finding correlation and attack-path identification with human-in-the-loop validation.

Private
P—04

Security Process Automation

Automation connecting pentest operations, evidence handling, reporting and internal security workflows.

Private
P—05

GCP Pentest Environment

Reusable cloud environment — engagement isolation, standardized tooling, rapid provisioning.

Private

$ some things stay private — confidentiality requirements & the sensitive nature of offensive tooling.

05 — Collaborations

Teams I've worked with

Trava Security

Penetration testing · AD security · internal tooling

Wirelane

Product security · cloud & identity · EV charging

Netwave

Network security · critical infrastructure · SecOps

Across banking, insurance, government, legal services, energy and technology — in Ukraine, Germany, the EU and the US.

06 — Credentials

Certifications & training

2025

HTB Certified Penetration Testing Specialist

CPTS
2024

ISC2 Certified in Cybersecurity

CC
2023

Hack The Box — Dante Pro Lab

Completed
2021

CompTIA Security+

SY0
2021

Cisco CCNA

R&S
B.Sc.

Cybersecurity — National Aviation University, Kyiv

2017–21
07 — Contact

Let's find
your weakest path

Penetration testing, adversary simulation, security research or tooling — if you need to know how attackers could actually reach your critical assets, talk to me.

GitHubIamBooTeen Hack The Boxb00t33n
BaseKyiv, UA — Remote worldwide
LanguagesEN · UA · RU · VN · DE