Ivan Jedek

Senior Security Researcher | Red Team & Offensive Security | OSCP | OSCE | Speaker @ BlackHat MEA | CVE Author | Creator of PolarDNS

Abu Dhabi Emirate, United Arab Emirates

About

🚀 I’m a Senior Security Researcher with 20+ years of deep expertise in red teaming, malware analysis, penetration testing, and offensive security R&D. I lead advanced adversarial simulations, discover zero-day vulnerabilities (2x CVE author), and engineer custom tooling like PolarDNS and other offensive security tools to support red team and vulnerability research ops. 💡 Key Highlights: • Speaker at BlackHat MEA • OSCE / OSCP certified • Author of multiple security advisories including issues in Zitadel SSO, Knot-Resolver, and Cloudflare DNS • Creator of PolarDNS and other tools • Founder of InfosecMatter.com I'm a passionate advocate of AI-driven security, I leverage tools like ChatGPT and other LLMs daily to: • Accelerate malware and exploit analysis • Assist with penetration testing and vulnerability research • Generate custom code snippets and PoCs 📍 Currently based in Abu Dhabi, open to Principal / Lead Security Consultant roles with global product-driven companies, cybersecurity advisory teams, or tech-forward enterprises seeking deep offensive security expertise.

Experience

  • Senior Security Researcher at OryxLabs
    Mar 2022 - Present · 4 yrs 5 mos

  • Senior Security Consultant - Adversary Simulation Lab, Cyber Advisory Services at Digital14
    Jan 2020 - Mar 2022 · 2 yrs 3 mos

    As a senior cybersecurity consultant, I lead and executed advanced offensive security engagements for diverse clients, with a focus on real-world threat simulation and strategic security posture enhancement. 🔍 Key Responsibilities & Achievements Conducted a wide range of offensive security assessments, including: • Red teaming and adversarial simulations (covert, goal-oriented exercises) • Social engineering campaigns, including phishing and vishing • Internal and external infrastructure penetration testing • Web and mobile application penetration testing following OWASP Top 10 • Host configuration reviews, VDI testing and compliance audits (e.g., CIS benchmarks) • Wireless network testing, network access control testing • Testing of air-gaped and strictly isolated environments • Asset discovery via OSINT Led multiple complex engagements end-to-end: • Scoped and designed tailored assessments • Managed project delivery, timelines, and subcontractors when necessary • Facilitated detailed technical briefings and executive-level presentations • Translated technical findings into clear, actionable reports with executive summaries and detailed recommendations • Delivered client presentations to C-level stakeholders, aligning technical insights with business risks and objectives • Applied various testing methodologies (Black-, Grey-, White-box) aligned with industry standards such as OWASP, CVSS, NIST, and CIS • Developed custom scripts, tools and procedures to automate tasks and improve team's efficiency • Mentored and coached junior team members, fostering skill development and knowledge sharing

  • Security Consultant - Cyber Network Defense at DarkMatter LLC
    Mar 2017 - Jan 2020 · 2 yrs 11 mos

    Penetration testing, vulnerability assessments, red teaming, and other offensive security assignments aimed at helping organizations strengthen their security posture.

  • Information Technology Consultant at Self-Employed
    Dec 2014 - Mar 2017 · 2 yrs 4 mos

    Performing mostly system administration tasks for couple of clients on ad-hoc basic and remotely. I was helping administering clients' server infrastructure, ensuring their services are up and running in a stable and secure manner. Tools and technologies used: Linux, Solaris, Xen, NFS, LDAP, Jenkins, Gitlab, SeaFile, Google Apps for Business, WordPress, Postfix, Dovecot, ClamAV, SpamAssasin, RoundCube, MySQL, Redmine, ownCloud, Icinga, WebDAV, Apache, Tomcat, PHP, Bash, VPN, Netfilter/Iptables, Docker, Amazon AWS, Microsoft Azure, Cloudflare..

  • Malware Analyst at AVAST Software
    Jan 2011 - Oct 2016 · 5 yrs 10 mos

    Malware analysis and automation development. My main duties were to perform reverse-engineering of malware samples and analysis of potentially malicious binaries. These tasks included disassembling, debugging or deobfuscation of the binaries, network traffic data analysis, searching for various useful information such as URLs, encryption keys or patterns of attribution. This also included hunting for persistence mechanisms in the system or evasion tricks used by the malware authors in attempt to avoid detection and so on. Vital responsibility was consequent writing of detection signatures appropriate for the most effective remediation of the threat utilizing various AV engine detection mechanisms (e.g. sandbox, emulator, URL/network block, heuristics, binary pattern etc). During my time with the company, I have also designed and built a custom Automated Malware Analysis environment consisting of multiple VM farms with virtual machines running entirely in RAM (disk-less) for high-volume malware analysis. I have also developed a custom network traffic analysis tool (pcap parser/dumper) for analyzing malicious network traffic and several other smaller utilities. Tools and technologies used: Windows, Linux (Debian, CentOS, Kali), Ollydbg, Windbg, IDA Pro, Pin, Yara, Assembler (x86), Bash, Cygwin, Perl, Python, C/C++, AutoIt, Wireshark/Tcpdump, Snort, P0f, Fiddler, Ngrep, VPN, Netfilter/Iptables, OpenSSL, VirtualBox, Sysinternals Suite..