Futaba _ Webs πΈπΈππΈπΈ
- The Hacker Who Laughs πΈπΈππΈπΈ, Founder at Futaba_Webs πΈπΈππΈπΈ
Cyber Security Professional profecient in Offensive Security and Penetration testing, I offer a wide range of services ranging from: Penetration Testing - Offensive Security Auditing, Cyber Security Analyst - Vulnerability Assessments, SOC Analyst - Incident Response, Cyber Security Engineer - Secure Coding, and even Network Security Testing.
π Dark Mode π Light Mode π Word Mode π Download All π Search Mode π Experience π Glossary π About Me π Homeπ ABOUT FUTABA_WEBS
Founder at Futaba_Webs πΈπΈππΈπΈ | Cyber Security Professional | Penetration Tester | Cyber Security Engineer & Researcher | Software & Electrical Engineer | Reverse Engineer | Gray & Purple Hat Hacker
Self-Taught Cyber Security Professional with a background in Software Engineering, IT Technical Support, Security Engineering, and proficiency in Electrical engineering and Reverse Engineering.
I have a love and passion for offensive security. I reverse engineer various core APIβs and technologies in order to explore and fabricate new ideas that will make my projects come to life.
I use my Software Engineering skills to design custom exploits and penetration testing tools, and CTF servers that demonstrate my Security Engineering skills and ingenious ingenuity.
My Electrical Engineering skills allow me to devise various custom tools such as keyboard injection exploits that manipulate the virtual keyboard API of a system in order to inject payloads and bypass security measures for security testing, some with the ability to write their own code, which I use to extend further C/C++ Win32API and LinuxAPI exploits along with python scripts.
On top of being proficient in C/C++ Iβm also proficient in 13 programming languages in total, my main ones being: C/C++, Python3, Bash, SQL, HTML/CSS/JS, PHP, and of course a bit of Powershell scripting as well.
My IT skills are on par with level 4 tier experience. I use my reverse engineering skills in order to deduce probable causes and solutions for technical problems.
Reverse engineering is my specialty and is how I learn. Given my level of ingenuity, I was allowed to operate above my tier level and demonstrate my skill sets to the fullest and solve lots of complex technical problems at the companies that I worked at, including the infamous Pfizer Pharmaceutical company, which I have thorough documentation of in my research portfolio.
My skill sets wonβt disappoint you! Check out my work and my research. I take pride in what I do as a professional hacker.
- The Hacker Who Laughs πΈπΈππΈπΈ
π WHAT I DO
πΈ White Paper Research πΈ
I create research material focused on Penetration Testing and Offensive Security: Exploit guides, Tool Guides, Tool Development, Malware/Code Analysis, Reverse Engineering, as well as mentoring services, where I show you how to apply it on both a PRACTICAL and REAL WORLD level! I also run a CTF server with bundle material to help train Cyber Security professionals. You can find out more about that here! Free to play version can be found here! You can find out more about my research in my Patreon here! Reviews can be found here!
My research was also recently featured at the University of Washington, where I covered DLP mitigation strategies to prevent Ransomware!πΈ Penetration Testing πΈ
One of my main specialisites is Offensive Security and Penetration testing. I do also happen to provide other services ranging from: π Vulnerability Assessments π Incident Response Services π Secure Coding Assessments π Malware Analysis & Forensics π Threat & Risk Assessment Iβm currently partnered with a company called CypSec as a part of their Security center, where I also provide said services to them and their clientele! You can find out more about that here!
πΈ Red Teaming πΈ
I design custom Penetration testing tools from scratch, whether it be digital tools via Software Development, or physical ones via Electrical Engineering/Robotics. Exploit development is also one of my specialties, since part of my job is not only to perform various Threat & Vulnerability assessments against infrastructures, but to craft various exploits that further simulate them in order to properly demonstrate and raise awareness of the dangers should a system be exposed to one! You can sample some of my custom tools here! that are up for display and SAFE to test out! My exploitation development research was also featured at "Wild West Hacking Fest" here! in my "Evil Twin" custom exploit!
π Experience
CypSec: Cyber Security Researcher & Penetration Tester
11/2024 - Present (8 mnths)
11/2024 - Present (8 mnths)
My collaboration with CypSec aims to significantly enhance the cybersecurity posture of our clients in the Northern American region. Integrating my advanced auditing techniques and forensic capabilities into our offerings effectively empowers organizations to adopt proactive security measures that mitigate risks before they escalate.
I also collaborate with them on various secure coding processes across all joint initiatives, providing expertise in secure development.
The following services are provided through my cooperation with CypSec, which directly stems from my personal brand "Futaba_Webs"
π Penetration Testing
π Exploit Development
π Vulnerability Assessments
π Incident Response Services
π Secure Coding Assessments
π Malware Analysis & Forensics
π Threat & Risk Assessment
π Brainnest: Cyber Security Internship (Remote)
Feb 2023 - Mar 2023 (2 months)
Feb 2023 - Mar 2023 (2 months)
I was a part of the Cyber Security Internship under Brainnest Consulting for their industry standard cyber security training. During the training and instruction, I received real hands-on experience in a variety of formats: Programming, Web application pentesting, and CTF challenges. I was one of their top interns and solved many complex problems and challenges during my time there.
I Participated in simulated hacking exercises, utilizing Python and OSINT to discover potential exploit vulnerabilities on live web servers, further growing and expanding my pentesting methodology. I got to work with tools such as: dirbuster, gobuster, dirsearcher for web server enumeration, Burp Suite for brute forcing web application login pages and pitch fork brute forcing to bypass login timeout mechanics, Fuzzing, and various forms of critical vulnerability assessment tools such as nikto, and additional tools like httrack to further analyze any and all files that come from web server applications ton parse them for sensitive information during a pentest. I even participated in advanced high level forensics challenges that involved Python programming, data compressions/decompressions, database files, and even data encryption. I also got experience with stuff like hashcat and john the ripper for cracking passwords and hashes via the use of word lists, as well as cookie session hijacking and working with robot.txt files from web applications in order to uncover various site maps that could allow me to secure sensitive data.
π Participated in simulated hacking exercises, utilizing Python and OSINT to discover potential exploit vulnerabilities on live web servers.
π Developed expertise in reverse engineering methodologies and malware analysis to further engage in CTF challenges
π Applied advanced Python coding techniques to create custom scripts and tools for vulnerability assessment.
π Engaged in various competition style CTF challenges to further develop web application penetration testing skills, along
with tactical coordination with fellow peers in order to complete advanced CTF's.
π Soni-Resources(Pfizer): AV/IT Conference Room Technician
4/2021 - 4/2023 (2 years & 1 mnths)
4/2021 - 4/2023 (2 years & 1 mnths)
I worked as a AV Technician for βPFizerβ, where my role involved providing AV/IT support for Microsoft Teams conference rooms meetings with Crestron hardware integration. with the occasional Zoom or WebEx meetings integrated in to Microsoft Teams Rooms.
I took advantage of our reservation system to stay a head EVERYDAY, even arriving an hour early, so I could focus on optimizing high quality end user support without any distractions: Performing room sweeps, Staying ahead of tickets, contacting clients to further plan ahead support for them, as well as coordinating with the various coordinator admins to stay ahead of future bookings and scheduling, including room tests for the meetings in advance and any other specifications they might need for the meeting and such, and testing trouble shooting anomalies to prepare for onsite support.
Training the staff and faculty on how to use the equipment was one of my biggest strategies in that it made my job even easier, in that I could focus on the people that really do need the support. This thinned out the number of rooms I had to check up on, and reduced 80 tickets to sometimes 40 tickets, saving me so much time to work on other things and focus on supporting major meetings, as well as gaining a healthy client based, and of course getting more tickets in since I had time to help more people. raising my ticket count higher.
πProviding AV/IT support levels 1-3 for any and all staff and faculty,
πPlan AV conference room bookings for staff and executives: Microsoft Teams/Rooms, Webex, and Zoom
πProvide Training and support to staff and faculty, as well as fellow AV support technicians, including any and all documentation write-ups
πCoordinating with coordinator admins to plan ahead for future bookings days, weeks, and months in advance.
πWePlayed Sports: Cyber Security Researcher & Penetration Tester
4/2021 - 4/2023 (2 years & 1 mnths)
4/2021 - 4/2023 (2 years & 1 mnths)
During my time there, I focused on finding any and all possible vulnerabilities within their main domain, as well as any and all other possible sub domains that they had. I got to spend a giant chunk of my time getting experience with the overall phases of the pen-testing methodology: Information gathering and recon with tools like: Nmap, dirbuster, gobuster, checking DNS records and various port configurations, and a lot more.
During my time there I also found a critical flaw in their systems, a Zero day exploit, one that allowed you to bypass a login timeouts, as well as a critical flaw in the system that allowed you to easily grep end user login information to better test against for the exploit.
I also got to various services that were on their systems and get a good feel on how to navigate various domains and keep track of it, as well as learn how to develop my own personal documentation style for reporting information.
π Web Application Pen-Testing via Gray-Box testing and OWASP
π Threat, Risk, and Vulnerability assessments
π Exploitation design for Offensive Security Testing and Recon
π Root cause of analysis diagnosis and Security mitigation design
π The Bachrach Group/SourceLab Search: IT Level 1 Helpdesk
11/2021 - 02/2022 (4 mths)
11/2021 - 02/2022 (4 mths)
During my time at βThe Bachrach Groupβ, as well as its sister company βSourcelab Searchβ. I served as their main level 1 support technician and played a vital role in ensuring all technical equipment is constantly maintained and provided technical and hardware support to all staff and faculty via on site as well as remotely for various end users in the company, as well as providing a series of hardware and software installations and topology designs.
Although my title indicates I was a level 1 tech support, due to my past experience with technology and cyber security/reverse engineering skill set, I took part in a lot of investigations regarding a lot of technical issues that went on in the company, as well as writing documentation on said matters, essentially being a well rounded level support technician operating at any and all levels: 1, 2, and 3.
I also ran a few security audits/assessments on their infrastructures, offering remedies to address any issues related to their: Citrix remote desktop setup, network topology, and even security solutions that mitigate potential risk factors for remote employees.
π Provided onsite/remote technical support (Team-Viewer/Zoho)
π AV Conference room setups (Teams/Zoom) and Network Support
π System Administrator: Fresh Service, Office 365 Active Directory
π Technical write ups and training for staff and faculty
π Threat, Risk, and Vulnerability assessments
π Futaba_Webs Cyber Security & IT Consulting: Founder
3/2020 - Present (4 years & 3 mths)
3/2020 - Present (4 years & 3 mths)
Futaba_Webs is a Cyber Security/IT firm I run where I provide the following services
π Penetration Testing
π Exploit Development
π Vulnerability Assessments
π Incident Response Services
π Secure Coding Assessments
π Malware Analysis & Forensics
π Threat & Risk Assessment
Iβm currently partnered with two Cyber Security companies, one named βCypSecβ, and another soon to be announced.
I also create research material focused on Penetration Testing and Offensive Security: Exploit guides, Tool Guides, Tool Development, Malware/Code Analysis, Reverse Engineering, as well as mentoring services, where I show you how to apply it on both a PRACTICAL and REAL WORLD level! I also run a CTF server known as βFutabaβs Playgroundβ, its purpose being train up and coming Cyber Security professionals.
My research was also recently featured at the University of Washington, where I covered DLP mitigation strategies to prevent Ransomware, as well as βWild West Hacking Festβ, where I did a live demonstration of some of my network security research featuring my custom βEvil Twin Attackβ exploit.
Part of my brand also involves the creation of physical tool development.
Another aspect of my brand is that I build gaming PCβs and provide home setups for people.
π Junior C++ Dev Intern - Durst Sebring Revolution
3/2017 - 6/2017 (4 mths)
3/2017 - 6/2017 (4 mths)
During my time at βDurst Sebring Revolution(DSR)β I was heavily involved in the overall API development and automation process of proprietary SONY cameras that were releasing at the time, the SONY DSR-100 via Gphoto in the Ubuntu Linux environment.
This was also where I dived more into API security, since one of their biggest goals was to figure out online remote automation for various camera photo shoots, giving photographers the flexibility to perform photoshoots virtually anywhere.
I was also heavily involved in any and all main python projects that involved Graphical User Interface development via PYQT5. The purpose for this was to devise an app that would allow easy automation of photo shoots whether it be physically on site, or remotely.
Essentially, my goal was to reverse engineer and dissect the core API of the SONY DSR-100, automate, and set up a secure Linux environment where photo shoots can be pre-automated either physically on site or remotely off site.
π Software development and API programming for proprietary SONY camera hardware and software technology
π Quality assurance and Security testing for camera hardware and software using GPhoto2
π Developing graphical user interfaces using PYQT5
π Onsite technical assistance with camera equipment.
π Devised data diagrams to breakdown and explain hardware and software
π Sorted and organized files, spreadsheets and reports., and database entry
π Delivered clerical support by handling a range of routine and special requirements.
π Maintained organized inventory
π Analyzed problems, identified solutions and made decisions.
π CISCO Mouse Squad IT: Network Security & System Administrator/IT Help Desk Support - Intern
9/2010 9/2013 (3 yrs 1 mth)
9/2010 9/2013 (3 yrs 1 mth)
During my time as a Network Security & System Administrator/IT Support Technician intern for the "CISCO Mouse Squad Program" I was responsible for overall: network security, system administration for student and teacher accounts, as well as overall physical security and network topology design for school computer lab systems. I was also in charge of virus removal and data recovery operations where needed.
I was also responsible for answering phone calls and emails in regards to ticketing issues that might arise for technical problems on my school floor, and was responsible for troubleshooting: hardware, software, network issues, as well as any and all forms of issues that might arise.
I also managed and assisted various staff and faculty, including students and executives in any format. I also assisted with large technical setups for any official conference room and large scale AV setups and ran various tests each time. Any and all technical support was done either on site or remotely via Teamviewer.
π Network Security & System Administration for the school network
π Onsite Hardware/Software repairs, imaging systems, and support
π Apply security updates and firewall setups
π Switch and router configuration setups to enable MAC Filtering
π Creating allow and block list for applications on systems
π Perform regular: full, differential, and incremental backups.
π Imaging systems. and system recovery
ππ Cyber Security Portfolio
Pen-Testing Tools & Other Projects
π
π
π
π
π
π
π
π
π
π
π
π
π
π Cyber Security Tool Proficiency
π Nmap, Dirbuster/Gobuster/Dirsearcher
π Wireshark, Netcat, Metasploit/Meterpreter
π Burp Suite, OSINT, SQLMap, Nikto
π Shodan API, theHarvester/emailharvester
π OpenVPN, WPScan, GTFOBins
π Smbmap/Smbclient
π Macchanger/Arpspoof/Dnsspoof
π Evil-winrm, Parseo, Hydra, Patator
π John the ripper/Zip2john, Hashcat
π Aws, Settoolkit, Httrack, Searchsploit
π Sfuzz, zzuf, wfuzz, ffuf, strace, GDB Debugger
π Aircrack-NG, wash, reaver, wifite, besside-NG
π Hostapd, Bettercap, Hciconfig
π Hcitool, Blueranger, Sdptool, Btscanner
π Fang, Bluelog, Rkhunter, Cewl/Crunch
π Bkhive, Samdump2, Chntpwn, Md5sum
π Net,Nbtscan, Anon-SM, Dotdotpwn, Exiftool
π Fluxion, Hyperion, Impackets, Fragrouter
π Phoneinfoga, Routersploit, Venom, Tor, PEAS
π Technical Skills
π Kali Linux/Windows/Mac OS
π Penetration Testing /Offensive Security
π Software Engineering/Electrical Engineering
π Web/Network Pen-Testing
π Malware Analysis/Malware Development
π Malware Reverse Engineering
π Windows and Linux System Administration
π Network & System Administration
π Network Security
π Operating System Hardening
π Defensive Coding Practices
π Dynamic and Static Code Analysis
π Virtual machines (VirtualBox VMware)
π Vulnerability Management
π Security Strategy & Engineering
π User Awareness training
π TCP/IP, UDP, ARP, DNS, and DHCP
π Cyber Security Skills
Bypassing system security measures via BIOS
π Extracting SAM file password hashes on both Windows and Linux systems for decryption
π Excavating web browser configuration files for end user saved passwords
π Disabling security systems and antivirus software via trackbacking configuration files for them
π Popping in backdoors and other malicious companion type viruses to manipulate the end user
π Excavating the entire file system if needed for both data recovery purposes and exploits
GDB debugger: Code Flow Analysis/Buffer Overflow injections
π Checking system architecture info
π Disabling all DEP/ASLR protection
π Disabling all needed settings to buffer inject a program
π Finding the offset values for the program's registers: ESP/RSP, EBP/RBP, EIP/RIP, etc for the registers of the program
π Analyzing all: registers, function, variable addresses, etc.
π Disassembling the program to find the mainline register addresses
π Bypassing x64/x86_64 system issues reading null bytes to overwrite using 6-bit byte sized addresses
π Overwritting the EIP/RIP of the program for buffer overflow injection
SQL Injections (Blind/Union)
π Searching and testing for injection points via: Burp Suite, Code flow analysis, and SqlMap
π Breaching login credentials using the 'or 1=1== method
π Testing for injections using the "and 1=1--, "and 1=2--, or the single quote method to uncover possible error messages
π Locating the version of the database server via union error response based or blind conditional based
π Uncovering the number of columns at play for a database query union or blind based
π Probing for possible columns in a database table using a series of Union placed NULL statements
Burp Suite
π Intercepting web data communications
π Using the repeater to study and more in depth analyze client and server-side responses
π Launching payloads for brute forcing using the intruder
π Analyzing HTTP history of data communications
π Analyzing web socket data to study possible heart beats that could be at play from SSL data communications
π Studying and intercepting various: HTTP headers, protocol at play, HTTP requests at play, URL/body/cookie
parameters, end user credentials, re-routing targets to desired locations
π SQL injecting through Burp Suite
π Configuring usage of proxy server via foxy proxy or OS system means
π Configuring proxy server manually within Burp Suite
Port scanning via NMAP
π Ping sweep and network analysis
π OS/Version fingerprinting
π Tracing data packets (traceroute)
π Evading detection systems for filter bypassing
π Understanding of NMAP service probes
Metasploit Framework
π Gathering information on potential exploits for service versions detected
π Setting and configuring exploits and payloads
π Using the exploit/multi/handler for reverse shell/meterpreter payload exploits
π Using msfvenom to generate shell code for payloads, as well as: set the architecture, escape bad characters, set
the encoder, format the payload, as well as setting the various payloads for implementation
π Cracking CCTV systems using the Shodan_search exploit
π Hijacking camera systems using the meterpreter payload's web_stream cmd
π Using the check option to probe and check whether the target system is vulnerable to an exploit
NetCat
π Banner Grabbing
π Pre-piping in command line execution for buffer overflow exploits
π Setting up listening ports, including command execution
π Setting up clients with code execution upon connecting to target system
π Piping in HTTP request types for further banner grabbing on web servers
Cracking Wireless data encryptions: WEP/WPA/WPA2
π Setting the NAC card of appropriate technology into promiscuous mode
π Studying data channels
π DE-authenticating systems in order to secure 4-way handshakes from access points
π Closing interfering processes
πCracking the handshake with John the ripper brute forcing algorithms/scripts
Programming Languages:
π C/C++
π Arduino
π Python 3
π Bash Shell Scripting
π PowerShell Scripting
π HTML, CSS, & JavaScript
π C#
π Java:
π MYSQL
π Assembly
π Special Features
π My Most Famous Article
π My Evil Twin Attack Demonstration
π My Women's History Month (2025) Article
