profile picture

Jan Hoersch

IT Security Consultant

Education

OSCE

Offensive Security
2017

MASPT

elearnsecurity
2015

OSCP

Offensive Security
2014

IT Specialist for System Integration

2011 - 2013

Languages

  • German (Native)
  • English (Professional)

Career Profile

I'm an IT Security Consultant & Penetration Tester with 6 years of professional experience. With at least basic knowledge in a wide variety of IT Security topics, my major focus is on penetration testing and reverse engineering. I'm highly motivated to learn new tricks, widen my knowledge and get to know other work environments.

Experiences

Lead Security Consultant

2018 - Present
Context Information Security Ltd.

Penetrationtests (Web-Applications, Infrastructure, Mobile, Cloud, Code Review) for various customers (FinTec, Chemical Industries, Banking, Automotive), internal tool development

IT Security Consultant

2014 - 2018
Securai GmbH

Performing penetration tests and reverse engineering tasks on mobile application, web applications and rich clients in various programming languages.

Network & Security Engineer

2011 - 2014
TMT GmbH & Co. KG

During 2.5 years as a trainee as a network engineer, i managed several tasks, mainly system programming, server monitoring as well as internal software audits based on network environment and web applications.

Founder

2011
Kouponki

During the 5-Euro-Business competition i founded with 4 fellow students the Kouponki GbR. With a lot of engagement we managed to win the comptetion with this start-up company.

Projects

Standing Desk Interceptor - Reverse Engineering my standing desk to create more functionality
iliketrains - Accessing undocumented APIs from big companies is fun. Especially if you get loads of data to store and analyze from them. (See publication for talk on this project)
FreeElmo - Reverse Engineering an Elmo Document Camera and writing MultiOS Client.
Douding Document Sharing - Reverse Engineering the Douding Document Sharing Network

Publications

I hate you, WD
Jan Hoersch
blog.nv1t.me
IoT Pentest - Der Weg von der Firmware zur Shell
Jan Hoersch
Securai Blog
Binary Patching von Java fuer Rich-Client Penetrationtests
Jan Hoersch
Securai Blog
SQLi after order by in less than 22 chars
Jan Hoersch
blog.nv1t.me
IoT Security Nightmares - 20 minutes, 10 devices.
Video
Kaspersky Security Analyst Summit, 2017
I like trains
Video
MRMCD 2015
Men who stare at bits (Part 2)
Video
29c3
Men who stare at bits
Video
Sigint12

Skills & Proficiency

I use a lot of different tools on a daily basis. I simply can't list them all, but some of these are:
Burp - Canape - IDA Pro - AppScan - Immunity - Wireshark

Web Applications

Rich Clients

Android Applications

iOS

Reverse Engineering

Forensic