Summary
Overview
Work History
Skills
Certification
Additionalinformation
Timeline
Generic

Herry Hernandez

Las Vegas,NV

Summary

Certified Web Exploit Specialist and Junior Penetration Tester with hands-on experience in 40+ enterprise and web application penetration tests. Adept at uncovering and exploiting complex vulnerabilities including SSRF, XSS, SQL Injection, and Active Directory attacks. Proficient in using industry-standard tools (Burp Suite, Nmap, BloodHound, Impacket) and scripting (Python, Bash) to automate security assessments. Recognized for delivering actionable security reports and maintaining a top global ranking on Hack The Box. Currently expanding expertise in red teaming and offensive security operations.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Penetration Tester

Synack Red Team
12.2025 - Current
  • Conducted IT audit assessments for systems or applications to recommend solutions to mitigate risks.
  • Developed risk assessment reports to identify threats and vulnerabilities.
  • Developed solutions to security issues such as temperature, humidity, vandalism and natural disasters.
  • Collaborated with external vendors to perform penetration tests on network devices, operating systems and databases.
  • Recommended IT security improvements to achieve system confidentiality, integrity and availability.

Vulnerability Assessment and Penetration Tester

Independent Cybersecurity Researcher
03.2022 - Current
  • Analyzed security policies for usefulness and value to suggest security policy improvements.
  • Designed tests and tools to break into security-protected applications and networks to probe for vulnerabilities.
  • Conducted risk analysis, system certifications, auditing, security documentation and security testing.
  • Conducted and participated in annual disaster recovery exercises.
  • Conducted 40+ penetration tests on enterprise-style networks and web applications in controlled lab environments, simulating real-world adversary tactics and techniques.
  • Performed end-to-end attack chains, from initial access to full domain compromise, by exploiting misconfigurations, weak permissions, and common web vulnerabilities.
  • Exploited web application flaws (SSRF, SQL Injection, XSS, SSTI, XXE, insecure deserialization) to achieve unauthorized access, data extraction, and remote code execution.
  • Specialized in Active Directory exploitation, including privilege escalation through ACL abuse, LDAP misconfigurations, and persistence via shadow credential techniques.
  • Leveraged tools such as Burp Suite, Nmap, BloodHound, Impacket, and custom Python scripts to automate reconnaissance and exploitation workflows.

OFFICE/DRIVER MANAGER

Global Transport
02.2020 - 02.2022
  • Created client route plans to ensure timely delivery of goods to customers
  • Managed a fleet of vehicles to optimize performance and minimize downtime
  • Oversaw and supervised drivers to uphold company standards and safety protocols
  • Provided exceptional customer service to address inquiries and resolve issues in a timely manner
  • Supported daily operations with administrative tasks such as scheduling and record keeping
  • Ensured safety compliance by conducting regular checks and training sessions for staff.

Ethical Hacking and Penetration Testing Challenges

Hack The Box (HTB) | Online Platform
  • PermX Machine: Exploited a web application vulnerability using Burp Suite
  • Elevated privileges to root utilizing a SUID binary exploit
  • Gained proficiency in web application penetration testing and Linux privilege escalation techniques
  • Jerry Machine: Identified and exploited a vulnerability in the Apache Tomcat service using Metasploit
  • Deployed a JSP web shell for post-exploitation activities
  • Escalated privileges to root, showcasing proficiency in Windows privilege escalation
  • Cap Machine: Exploited a directory traversal vulnerability in a misconfigured web server
  • Elevated privileges by exploiting a vulnerable service
  • Demonstrated skills in web server security assessment and Windows privilege escalation
  • Greenhorn Machine: Identified a weakness in the web server configuration to gain initial access
  • Successfully escalated privileges to root by exploiting a system misconfiguration
  • Showcased Linux privilege escalation expertise and attention to detail
  • Crack the Hash Room: Cracked various password hashes (MD5, SHA-1, SHA-512) using John the Ripper and Hashcat
  • Demonstrated proficiency in password cracking techniques and tools
  • C4ptur3-th3-fl4g Machine: Exploited a file inclusion vulnerability to gain access to sensitive information
  • Utilized Burp Suite to craft payloads and manipulate file paths
  • Highlighted skills in web application security assessment and file inclusion exploitation
  • Pickle Rick Machine: Gained initial access through weak RDP credentials
  • Elevated privileges to SYSTEM using a kernel exploit and tools like WinPEAS and PowerUp
  • Demonstrated proficiency in Windows privilege escalation and post-exploitation techniques.

Skills

  • Penetration Testing
  • Web Application Security
  • Vulnerability Assessment
  • Active Directory Security
  • Red Teaming
  • Threat Modeling
  • Network Security
  • Cloud Security
  • Burp Suite
  • OWASP ZAP
  • SQLmap
  • ffuf
  • Responder
  • BloodHound
  • Python
  • Bash
  • JavaScript
  • PHP
  • HTML
  • CSS
  • C
  • NIST Cybersecurity Framework
  • OWASP Top 10
  • FedRAMP
  • FISMA
  • PaaS
  • SaaS
  • Security Reporting
  • Automation Scripting
  • Privilege Escalation
  • Post-Exploitation
  • Reconnaissance
  • Remediation Planning

Certification

  • Certified Web Exploitation Specialist, HACK THE BOX - 2025
  • Certified Penetration Testing Specialist (CPTS), HACK THE BOX - 2025

Additionalinformation

Active member of cybersecurity communities, regularly engaging in discussions, sharing knowledge, and learning from other professionals. Dedicated to continuous improvement, consistently studying new attack techniques, security research, and emerging tools. Experienced in documenting technical findings clearly and concisely, including exploitation steps, tool usage, and reasoning behind methodologies. Maintains an organized approach to research and problem solving, grouping related techniques and lessons learned for improved understanding. Demonstrates strong practical experience through hands-on work, frequently completing full attack chains and detailing successful exploitation or privilege escalation paths.

Timeline

Penetration Tester

Synack Red Team
12.2025 - Current

Vulnerability Assessment and Penetration Tester

Independent Cybersecurity Researcher
03.2022 - Current

OFFICE/DRIVER MANAGER

Global Transport
02.2020 - 02.2022

Ethical Hacking and Penetration Testing Challenges

Hack The Box (HTB) | Online Platform

Similar Profiles

CREATE PROFILE
Herry Hernandez