Mike Czumak

Welcome!
I'm a CISO, father, servant leader, and lifelong learner.
[Views are my own]

My Why:
To invest in the success and well-being of others, so that they never have to settle for anything less than great

Pentesting

Chaining bugs for maximum impact

October 21, 2021 Mike Czumak

12 minute read

Whether its’s for a bug bounty or a penetration test, it’s very important to demonstrate the impact of a vulnerability. Not only do most organizations have limited resources and competing priorities (so turning over a report with a long list of low impact vulnerabilities isn’t very helpful), but in the case of bug bounties, it also dictates payouts.

peCloak.py - An Experiment in AV Evasion

March 9, 2015 Mike Czumak

22 minute read

I just wrapped up the Offensive Security Cracking The Perimeter (CTP) course and one of the topics was AV evasion. Although I write a lot of custom scripts and tools, when it comes to AV evasion, I typically rely on the tools and methods of others (Veil, powershell, python, custom shellcode). That said, the great thing about courses like CTP is they give me an excuse to investigate a topic that I haven’t had an opportunity to delve into in much detail.

Mike Czumak

Pentesting

Chaining bugs for maximum impact

peCloak.py - An Experiment in AV Evasion

Recent posts

Chaining bugs for maximum impact

Building A Successful Security Program - Part 5: Aligning With The Business

Building A Successful Security Program - Part 4: Measuring Performance

Building A Successful Security Program - Part 3: Measuring Capability

Building A Successful Security Program - Part 2: Scoping and Organizing

Categories

About