Jan Hoersch
IT Security Consultant, Penetration Tester
Career Profile
I’m an IT Security Consultant & Penetration Tester with 10 years experience in IT Security and 8 years of professional experience in IT Security Consulting targeting various companies in FinTec, Chemical Industries, Banking, Automotive Industry. With at least basic knowledge in a wide variety of IT Security topics, my major focus is on penetration testing and reverse engineering of various devices. I’m highly motivated to learn new tricks, broaden my knowledge getting to know other work environments.
Core Competencies
Burp Suite, CANAPE, IDA Pro, CobaltStrike, Metasploit, Immunity, Wireshark, Linux/Unix Administration, Security Monitoring, Hardware Hacking (SPI, JTAG, etc.), Docker, Python, Bash, Social Engineering, Lockpicking (pending)
Education
2017
OSCE, Offensive Security
2015
MASPT, eLearnSecurity
2014
OSCP, Offensive Security
2011-2013
IT Specialist for System Integration
Experience
2021-present
Senior Security Consultant, SSE - Secure Systems Engineering GmbH
Penetrationtests (Web-Applications, Infrastructure, Mobile, Cloud, Code Review), scenario based tests and Redteams for various customers (FinTec, Chemical Industries, Banking, Automotive), internal tool development
2018-2021
Lead Security Consultant, Context Information Security Ltd.
Penetrationtests (Web-Applications, Infrastructure, Mobile, Cloud, Code Review), scenario based tests and Redteams for various customers (FinTec, Chemical Industries, Banking, Automotive), internal tool development
2014-2018
IT Security Consultant, Securai GmbH
Performing penetration tests and reverse engineering tasks on mobile application, web applications and rich clients for various customers.
2011-2014
Network & Security Engineer, TMT GmbH & Co. KG
During 2.5 years as a trainee as a network engineer, i managed several tasks, mainly system programming, server monitoring as well as internal software audits based on network environment and web applications.
2011
Founder, Kouponki
During the 5-Euro-Business competition i founded with 4 fellow students the Kouponki GbR. With a lot of engagement we managed to win the comptetion with this start-up company.
Publications
I hate you, WD, blog.nv1t.me
Recovering a failing HDD by swapping the bios chips on a PCB and disabling the re-location list for faster transfer speed.
IoT Pentest - Der Weg von der Firmware zur Shell, Securai Blog
Demonstrating an IoT attack path from downloading firmware to remote code execution on the device.
Binary Patching von Java fuer Rich-Client Penetrationtests, Securai Blog
Patching Java Rich-Clients to circumvent checks during security assessments.
SQLi after order by in less than 22 chars, blog.nv1t.me
Solving a SQLi challenge by using the order by feature and known content.
IoT Security Nightmares - 20 minutes, 10 devices, Kaspersky Security Analyst Summit, 2017
Talk about easy exploitation of IoT devices and current state of responsible disclosure due to bad communication with vendors.
I like trains, MRMCD 2015
Accessing undocumented APIs from big companies is fun. Especially if you get loads of data to store and analyze from them.
Men who stare at bits (Part 2), 29th Chaos Communication Congress
Reverse Engineering of multiple RFID payment systems from different universities. Most of these systems were based on Mifare Classic Cards with custom encryption on the card.
Men who stare at bits, Sigint12
Reverse Engineering of one RFID payment system with custom encryption of the credit sector of the card.
Douding Document Sharing, blog.nv1t.me
Reverse Engineering of the Douding Document Sharing Network Reader
Projects
Standing Desk Interceptor - Reverse Engineering my standing desk to create more functionality. It consists of two UART Communication channels and a custom protocol running between two Microcontrollers.
iliketrains - Accessing undocumented APIs from big companies is fun. Especially if you get loads of data to store and analyze from them. (See publication for talk on this project)
FreeElmo - Reverse Engineering an Elmo Document Camera and writing MultiOS Client.
Personal
Birth date: 28. July 1988
Citizenship: German
Residence: Dresden, Germany
Last updated: May 2021