Cyber Security Expert (Career Profile)
Adam Ziaja has been in the IT security field for over a dozen years, both working in IT related positions and extending his knowledge and experience as part of his after-work activities. Currently working as an Principal Cyber Security Consultant at own company REDTEAM.PL with services such as penetration testing (pentest), red teaming, cyber threat hunting i.a. intelligence (CTI), computer forensics and incident response (DFIR).
During his infosec career he made expert opinions for law enforcement and justice authorities (computer forensics), worked as an ICT security specialist at a CSIRT (aka CERT) team where he actively tracked cybercrime activity (cyber threat intelligence) focusing on preventing attacks on government and critical infrastructure, and moreover, worked as a full time penetration tester for one of the world's largest banking groups Royal Bank of Scotland (RBS), as well as performed penetration tests for other financial institutions (i.a. international banks, payment card issuers, insurers and cryptocurrency exchanges) and well known e-commerce companies. Last times he worked as senior cyber security consultant at one of the big four companies Deloitte, where he was responsible for enterprise cyber risk services such as penetration testing, CPH red teaming and DFIR. Also worked as cyber security expert at a US startup focusing on new generation IDS/SIEM, responsible for research on cyber threat hunting.
Adam co-authored training materials for CERT teams in cooperation with European Network and Information Security Agency (ENISA) i.a. “Digital forensics” (Sep 2013; task 1-2), “Identifying and handling cybercrime traces” (Sep 2013; task 1-2, appendix 1-3) and “Common Framework for Artifact Analysis Activities” (Dec 2014; 2-4 chapter). He also took part in ENISA Cyber Europe 2014 exercise (in which over 100 teams from all around Europe participated), where his team scored first place. In 2019, he received thanks from the European national CERT teams (i.a. CERT-PL, CERT-EE and CERT-LV) for stopping the biggest badWPAD attack, this was also featured in a podcast by the SANS institute.
Author of the book “Praktyczna analiza powłamaniowa” (“Practical post-breach analysis”), Wydawnictwo Naukowe PWN (Polish Scientific Publishers PWN) – 2017, ISBN 9788301193478. He is also a frequent speaker (every year since 2014) at international scientific conference on “Technical aspects of ICT crime” (TAPT) organized by Polish Police Academy, as well as an IT Expert Witness in Poland (in Polish – biegły sądowy z zakresu informatyki), in the field of computer science at the District Court in Warsaw, with emphasis on general computer forensics, forensic analysis, hacking and cybercrime.
After work Adam is a successful bug hunter, who received acknowledgment and thanks from dozens of institutions and companies all around the world, i.a. and not only such as Adobe (2014), Apple (2012), BlackBerry (2012), DASAN Zhone (CVE-2019-10677), Deutsche Telekom, eBay, Github, Harvard University (i.a. SSRF 0day in GeoNode), HBO, Heroku, LastPass, MyBB (CVE-2015-2149), Netflix (2013), Nokia (2013), OTRS (CVE-2014-1695 PoC, CVE-2014-2554), PagerDuty, Prezi, Reddit, SoundCloud, VMware, Yahoo (2013), Yandex (2013), as well as the Polish ones – Onet, Interia, Wirtualna Polska, Empik, Gadu-Gadu, Nasza-Klasa, Home.pl and much more. [bug bounty URLs accessed June 2018]
He also holds several certificates of practical knowledge in ethical hacking such as Offensive Security Certified Professional, Offensive Security Wireless Professional, eLearnSecurity Web application Penetration Tester and practical knowledge in computer forensics such as X-Ways Forensics.
Adam is a member of MalwareMustDie non-profit association of security professionals and Information Systems Security Association (ISSA).
His experience and knowledge grants him an excellent understanding of both the attacking and defending sides of ICT security.
Adam is the author of the following security research and articles on the company's techblog:
- BadWPAD and spear-phishing using Battle.net Desktop App
- Spear-phishing campaign tricks users to transfer money (TTPs & IOC)
- Black Kingdom ransomware (TTPs & IOC)
- Kinsing cryptocurrency mining malware (TTPs & IOC)
- Sodinokibi / REvil / Maze ransomware (TTPs & IOC)
- DNS for red team purposes
- Deceiving blue teams using anti-forensic techniques
- Bypassing LLMNR/NBT-NS honeypot
- Internal domain name collision
- CVE-2019-10677 Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID
- Threat hunting using DNS firewalls and data enrichment
- BadWPAD wpad.software case and DNS threat hunting
- Sinkholing BadWPAD infrastructure - wpad.pl / wpadblocking.com case (part 4)
- Typosquatting in wpadblocking.com / wpadblock.com case (part 3)
- BadWPAD and wpad.pl / wpadblocking.com case (part 2)
- BadWPAD, DNS suffix and wpad.pl / wpadblocking.com case
- DNS based threat hunting and DoH (DNS over HTTPS)
- Czytanie karty płatniczej NFC (in Polish)
- Praktyczna analiza powłamaniowa. Aplikacja webowa w środowisku Linux (in Polish)
- Zatruwanie odpowiedzi LLMNR – Responder, llmnr_response (in Polish)
His security research was futured i.a. by Splunk, SANS and CERT Polska (in Polish). He received thanks from national incident response teams including CERT-PL (in Polish), CERT-EE and CERT-LV.