Tobias Lingl

Pentester & IT Security Consultant


Contact

About Me

I am an IT Security Consultant with expertise in penetration testing at Sogeti Germany. I have a solid background in software engineering, having worked as a software engineer (working student) for one and a half years. This experience has provided me with a good understanding of software development and security, which I leverage in my current role as a penetration tester.


In addition to my job, I am dedicated to staying current with industry developments and best practices. I regularly participate in CTF (Capture the Flag) challenges, where I can put my skills to the test. This allows me to stay sharp and stay up-to-date with the latest techniques and tools used in the industry.


Currently, I am working on various projects involving web and IoT penetration testing. I am experienced in both black-box and grey-box testing methods. I am familiar with the common methodology of security assessments and the best practices in documenting results. This knowledge enables me to identify vulnerabilities and weaknesses in systems, and to provide recommendations for mitigations.

Skills

Certificates

Pentesting

  • Web Applications
  • Networks
  • IoT

Coding

  • Python
  • Bash
  • JavaScript
  • HTML
  • Go
  • Java

Databases

  • MySQL
  • SQLite
  • PostgreSQL

Offensive Security Certified Professional (OSCP) - 2022

  • Active and passive enumeration
  • Enumerate and exploit Active Directory
  • Create exploit scripts
  • Analyze, correct, modify and cross-compile public exploit code
  • Conduct remote, local privilege escalation, and client-side attacks
  • Identify and exploit web applications (XSS, SQLi, LFI, RFI, ...)
  • Leverage tunneling techniques to pivot between networks

Offensive Security Web Assessor (OSWA) - 2023

  • Perform black box assessments of web applications
  • Discover common web application vulnerabilities (XSS, SQLi, SSTI, CSRF, XXE, ...)
  • Exploit web application vulnerabilities using manual and automated techniques
  • Conduct client-side attacks

Planned for 2023:

  • Foundational Wireless Network Attacks (OSWP) by Offensive Security
  • Security Operations (SOC-100) by Offensive Security