Tier List

• $5 a month - Earn a sponsorship badge on your profile.
• $10 a month - Gain access to my private Sponsors repository
• $10 one time - Get a shout out on Twitter (X)
• $25 a month - Gain access to the DragonBot private repository

Hello, I'm Dylan Evans 👋

I'm a passionate cybersecurity professional, dedicated to continuous learning and mastery in the field 🎓. My certifications include:

• Offensive Security Experienced Penetration Tester (OSEP),
• Offensive Security Certified Professional (OSCP),
• Certified Red Team Operator (CRTO) from Zero-Point Security.
• Certified Red Team Lead (CRTL) from Zero-Point Security.

My journey in cybersecurity has led me to delve deep into advanced topics, and I've spearheaded complex research into social engineering tactics, including proxy-in-the-middle attacks 🎣.

In my project, EvilGophish, I developed phishlets capable of bypassing multi-factor authentication for big names like Microsoft, KnowBe4, and Cisco VPN portals. I've also introduced social engineering features that are unavailable anywhere else at the time of writing including:

• QR code phishing
• SMS phishing
• Malleability

In addition to my public contributions, I've ventured into private malware development 🦠, crafting solutions that successfully evade detection from leading EDR/XDRs such as CrowdStrike, CyberReason, Cylance, Microsoft Defender for Endpoint (MDE) and SentinelOne. By keeping this code closed-source 🔒, I've ensured its effectiveness in bypassing security solutions. I have experience writing malware in various languages such as C/C++, Assembly, C#, Go, Python, PowerShell and Nim. I have researched and implemented various evasive malware tactics including:

• Process injection
• Process hollowing
• Module stomping
• DLL injection
• Shellcode loading
• Reflective PE/DLL loading
• Heap encryption
• Stack encryption
• Sleep obfuscation
• ROP chaining
• Direct/Indirect system calls
• Hardware breakpoints
• ETW/AMSI patching
• DLL unhooking
• Thread call stack spoofing
• PPID spoofing
• Token impersonation
• In-memory .NET assembly loading
• Developing BOFs and BOF loaders
• Shellcode fluctuation
• Threadless process injection
• Proxy DLL loading

My mission 🚀

I strive to build robust, user-friendly tools for the cybersecurity community and advance our collective understanding of the evolving threat landscape. Your sponsorship will enable more in-depth research, the development of new tools, and the sharing of knowledge, all aimed at creating a safer digital world.

Speech recognition 🎤

I am also a huge advocate, supporter, creator, and user of speech recognition products for the disabled or physically injured and in general. I think it is a creative way to reduce strain on the body after exploring it and I have found it to be even more efficient at times than if I were to be using a keyboard and mouse. I created DragonBot as an extension for Dragon NaturallySpeaking which can provide the complete hands-free control of a Microsoft Windows computer via voice commands. Watch the demo here and sponsor the tier for access.

Your support 💖

Every bit of sponsorship is appreciated and will be directly reinvested into the open-source community, enabling ongoing development and exploration of advanced cybersecurity topics.

Thank you for your support and for joining me on this journey.

Contact Information

Questions? Concerns? You can shoot me an email here.