Tao IDR | IT & Cybersecurity Specialist

// 01 — What I Do

Services

Comprehensive IT & cybersecurity solutions — from threat detection to blockchain advisory and payment assistance.

🛡️

IT & Cybersecurity Consulting

Tailored security solutions protecting your entire digital attack surface.

Threat Detection & Response
Penetration Testing & VA
Incident Response & Forensics
Firewall & SIEM Management
24/7 Monitoring & Threat Hunting
Risk Assessments & Policy Dev

CORE SERVICE

🔍

Penetration Testing

Simulate real-world attacks on web apps, networks, and Active Directory to find vulnerabilities first.

Web App & API Testing (Burp Suite)
Network & Infrastructure Pen Tests
AD Privilege Escalation & Kerberos
Buffer Overflow & Firewall Evasion
Detailed Remediation Reports

OFFENSIVE SEC

🚨

Digital Forensics & IR

Rapid investigation and recovery from breaches — PCAP analysis, malware extraction, root-cause identification.

PCAP & Log Analysis
Backdoor & Malware Identification
Hash Cracking & Credential Recovery
Lateral Movement Reconstruction
Forensic Reports for Recovery

DFIR

💻

Endpoint Maintenance & Security

Proactive device protection for laptops, desktops, mobile, and IoT — 99%+ uptime guaranteed.

24/7 Health Monitoring
Patch Management (OS / Firmware)
EDR: CrowdStrike, SentinelOne
Full-Disk Encryption (BitLocker / FileVault)
Zero Trust & MFA Enforcement
Ransomware Detection & Threat Hunting

ENDPOINT

☁️

Cloud Security

Harden your AWS, Azure, or GCP environment with IAM audits, misconfiguration scanning, and Zero Trust design.

Cloud Misconfiguration Review
IAM Policy Auditing
Oracle Cloud OCI Security
Secrets Management (Vault)
Cloud-Native Threat Detection

CLOUD & INFRA

🎓

Security Awareness Training

Transform your team into a human firewall — phishing simulations, workshops, and security culture programs.

Phishing Simulation Campaigns
Security Hygiene Workshops
Credential Management Training
Executive Security Briefings

TRAINING

🖥️

IT Support Services

Reliable day-to-day technical support for individuals and small businesses — hardware, software, and everything in between.

Hardware & Software Troubleshooting
OS Installation & Configuration (Windows / Linux)
Network Setup & Router Configuration
Remote & On-Site Support
Data Backup & Recovery
Performance Optimization & Diagnostics

IT SUPPORT

🔐

Blockchain & Crypto Advisory

Securing your crypto assets and guiding smart investment decisions — wallets, audits, and literacy workshops.

Portfolio Strategy & Risk Assessment
ICO / IDO / STO Due Diligence
Cold Storage & Multisig Wallet Setup
Whitepaper & Tokenomics Audits
Phishing Prevention Training
Crypto Literacy Workshops

CRYPTO SEC

🌍

Payment Assistance Services

Bridging global payment gaps — especially for underserved regions with currency or geo-restriction challenges.

Subscription & Purchase Processing
Declined Card / Currency Resolution
Geo-Blocked Gateway Bypass
Hidden Fee & Exchange Rate Advisory
Secure Cross-Border Payment Bridge

GLOBAL ACCESS

// 02 — Real Engagements

Portfolio & Projects

Real-world engagements and lab-proven scenarios from 100+ hands-on cybersecurity operations.

PROJECT_01 DFIR

Digital Forensics & Incident Response

// Post-Breach Investigation · Compromised Server

Full post-incident forensic investigation: PCAP analysis, backdoor identification, hash cracking, and lateral movement reconstruction — ending in documented, clean recovery.

// KEY FINDINGS & OUTCOME

Identified scripted backdoor and attacker-controlled listener via PCAP. Extracted salted hash; cracked local account password with Hashcat. Traced entry point to a vulnerable web service and fully documented attacker persistence cleanup.

WiresharkHashcatPCAP Analysisss / netstatForensic Reporting

PROJECT_02 RED TEAM

Red Team Operations & Adversarial Simulation

// Full-Scope Adversarial Campaign · Enterprise Simulation

Threat-intel-driven red team campaign with strict OPSEC — C2 administration, stealthy persistence, and lateral movement across a distributed enterprise network simulation.

// METHODOLOGY & OUTCOME

Configured secure C2 listener (Metasploit/Armitage), managed multi-agent network. Used PowerView & Bloodhound for AD path mapping. Implemented traffic obfuscation below EDR/AV detection threshold — zero alerts triggered throughout engagement.

MetasploitArmitageBloodhoundPowerViewOPSECC2 Admin

PROJECT_03 WEB & NETWORK PENTEST

Penetration Testing — Web & Network

// Vulnerable CMS + Jenkins · SQL Injection · Privilege Escalation

Deep-dive web and network security assessment — SQL Injection, file upload bypass, and misconfigured Jenkins exploitation — demonstrating full chain from initial access to root.

// EXPLOIT CHAIN & REMEDIATION

Used SQLMap for login bypass via Python exploits. Established reverse SSH tunnels exposing internal services. Achieved root via Metasploit. Recommended multi-layered file validation (MIME, Magic Number, Extension) to prevent future upload bypasses.

Burp SuiteSQLMapNmapNcatMetasploitSSH Tunneling

PROJECT_04 ACTIVE DIRECTORY

Active Directory Security & Privilege Escalation

// Windows AD · Kerberos · Domain Admin Path

Full AD assessment targeting path-to-Domain-Admin via Kerberos exploitation, AS-REP Roasting, token impersonation, and weak service permission abuse in a simulated enterprise network.

// KEY ACTIONS & REMEDIATION

Used Kerbrute + enum4linux for enumeration; GetNPUsers for AS-REP Roasting; cracked hashes via Hashcat. Exploited unquoted service paths; used Incognito for token impersonation. Delivered Least Privilege transition roadmap and service account restriction policy.

KerbruteImpacketMimikatzBloodhoundHashcatPowerView

// 03 — Credentials

Certifications & Education

Verified credentials from globally recognized platforms — 100+ hands-on labs.

🟦

Google Cybersecurity Professional

Google · Coursera

SIEM · Python · SQL · IR

🔴

Jr. Penetration Tester

TryHackMe

Network · Web Hacking · PrivEsc

🟨

CompTIA PenTest+

TryHackMe

Vuln Mgmt · Industry Toolsets

🛡️

Cyber Defense

TryHackMe

Log Analysis · Threat Detection

☁️

Oracle Cloud Infrastructure 2023

Oracle · Certified Foundations Associate

OCI · Cloud Core Services

🌐

Certified AppSec Practitioner

The SecOps Group

Web App Security · OWASP

🎓

B.S. Computer Science (In Progress)

University of the People · Dean's List

Sept 2023 – Aug 2027

🇬🇧

EF SET C2 Proficient

EF Education First · Score: 72/100

English · C2 Level

// 04 — Arsenal

Tools & Tech Stack

Battle-tested tools across 100+ real-world and lab engagements — offensive, defensive, cloud, and beyond.

Offensive Tools

🐉Kali Linux

🔥Metasploit

🕷️Burp Suite Pro

🔭Nmap / Nessus

💉SQLMap

🔑Hashcat

🎯Armitage

AD & Post-Exploitation

🩸Bloodhound

🪟PowerView

🐍Impacket Suite

💀Mimikatz

🔓Kerbrute

🔄enum4linux

Defensive / DFIR

🌊Wireshark

🟡Splunk SIEM

🦅CrowdStrike Falcon

🌑SentinelOne

🔒BitLocker / FileVault

🌐OWASP / AppSec

Cloud & Languages

☁️AWS Security Hub

🔵Azure Sentinel

🏛️Oracle Cloud (OCI)

🐍Python (Security Scripting)

🗄️SQL

☕Java

// 05 — Questions

Frequently Asked

What clients commonly want to know before we work together.

What services do you offer as a freelancer?+

I offer IT & Cybersecurity Consulting, Penetration Testing, Digital Forensics & Incident Response, Endpoint Security, Cloud Security, Blockchain & Crypto Advisory, Payment Assistance, and Security Awareness Training. Every engagement is scoped individually so you only pay for what you need.

How long does a penetration test take?+

Timeline depends on scope. A focused web application pen test typically takes 3–5 days. A full network + web assessment runs 1–2 weeks. Complex red team simulations can last 2–4 weeks. A clear scope, timeline, and Rules of Engagement document are always agreed upon before work begins.

Do you work with small businesses or individuals?+

Absolutely — most of my freelance clients are small businesses and individuals. I've spent 5+ years securing SMB infrastructure in Lomé & Kara, Togo, and beyond. Services are proportionally scoped to deliver the most impact for your situation and budget. No client is too small for good security.

What is the Blockchain & Crypto Advisory service?+

This service helps individuals and teams navigate the crypto space securely and strategically. I assist with portfolio diversification planning, ICO/IDO evaluation and whitepaper audits, cold storage and multisig wallet setup, phishing prevention, and crypto literacy workshops for teams or investors.

What is the Payment Assistance service?+

This service helps clients — especially in Africa and underserved regions — access global digital services that may be blocked or unavailable locally. I help process subscriptions, resolve declined card and currency issues, bypass geo-blocked payment gateways, and avoid hidden fees or unfair exchange rates. Think of it as a secure, trusted payment bridge.

How do you handle sensitive data during engagements?+

Every engagement is governed by a signed NDA and clearly defined Rules of Engagement. Sensitive data is handled on a strict least-privilege basis — accessed only as required, never retained post-engagement, and disposed of securely. A full engagement charter is provided before testing begins.

Do you work remotely and in what languages?+

Yes — all services are available fully remotely worldwide. I'm based in Lomé & Kara, Togo, and have delivered engagements for clients across Africa, Europe, and beyond. I communicate fluently in French, English, and Spanish.

// 06 — Let's Work