About
A little something about me!
I work in Security and wish to contribute to the world by helping the society.
MS in Cybersecurity from New York Univeristy, Undergrad in Computer Science.
Love sports, a FC Barcelona (football/soccer) fanatic. Always ready for a game of CHESS (mrrobot2199 - Chess.com). Self-taught music producer (tracks supported by international artists).
In simple words, I am about Tech, Music and Sports (but not limited to it).
What i do
My Skills
Security
Kali
NMap
Metasploit
Burp Suite
Networks
OSINT
Programming
Data Structures
Python
C++
Bash
C
SQL
CLOUD STUFF
Web Development
HTML5
CSS3
Javascript
Bootstrap
PHP
UI/UX
OS Stuff
Linux
Windows
Android
Tails OS
Fl Studio
Trying to give back
Blogs
Publications
My MEDIUM Blog
- Check out a few stories I have written.
- I have started enjoying writing blogs as it gives you clarity on your thoughts. Should have done this earlier.
- Hope to write more blogs in the future. Do check out.
Here are a few things I've done!
Work
Experience
Security Intern, Synopsys May '22 - August '22
- Performed network penetration testing on a financial company's internal infrastructure manually using tools like NMAP, ldapsearch, Responder and with Nessus for automated testing. Assisted in report writing for the vulnerabilities found.
- Scanned for vulnerabilities on a web application by performing manual testing methods based on the OWASP checklist and automated testing using Netsparker & Burp Suite Pro. Triaged the scan results and found a DNS exfiltration vulnerability.
- Ranked 1st out of 110 participants in the internal hacking competition, presented a walkthrough to Consultants and Interns.
- Contributed, by finding a null byte vulnerability, in the HTB Business CTF 2022 (Ranked 26th/326).
- Deployed a Jenkins pipeline to integrate various tools - Truffle hog, OWASP dependency checker, SonarQube, OWASP ZAP, in the build process to secure the application with DevSecOps.
- Encrypted S3 buckets using KMS with key rotation and set up CloudTrail to log all data events for the S3 bucket. Setup the AWS secrets engine in hashicorp vault on an EC2 instance to manage keys. Configured Amazon GuardDuty and Lambda to update the AWS WAF WebACLs and VPC Network ACLs in response to GuardDuty findings and alarm with AWS SNS.
New York University
Course Assistant, Operational Technology Security Sept '22 - Dec '22- Graded assignments based on MATLAB, CODESYS and provided feedback to students for better conceptual understanding.
Course Assistant, Network Security Oct '21 - Dec '21
- Graded assignments based on Wireshark, mitmproxy and provided feedback to students for better conceptual understanding.
Cyber Fellow, Offensive Security, Incident Response, and Internet Security Lab (OSIRIS Lab)
- Monitored the 18th Annual CSAW '21 Capture the Flag competition hosted by OSIRIS and participated in by 1200+ teams.
- Ranked in the top 8% out of 1550+ players by completing OSIRIS web-exploitation CTF track.
Intern, LeadLife
- Analyzed, translated user requirements for the web application & its security to the developers & proposed a cost-time estimate.
- Strategized the process and workflow changes to streamline and reduced the site's accessing time by 20%.
- Content writing and development for go-to-market readiness
Publications & Research
SECURE AUTHENTICATION USING ZERO-KNOWLEDGE PROOF
- Spearheaded a team of 4, designed and built the backend and infrastructure of a new, secure authentication system based on Zero-knowledge proofs using Flask, Python and created a HTML/CSS, Bootstrap based frontend for the application.
- Developed endpoint APIs for login, registration, logout, and session handling which yielded an 80% increase in security over the previous password hashing authentication methods.
- Enhanced application responsiveness and speed to 2x by code refactoring and code reviewing.
- Tools: Python, Flask, MySQL, SRP, AES-128, jwt, HTML/CSS, JavaScript, Selenium, Cyberchef
BIBLIOMETRIC SURVEY ON ZERO-KNOWLEDGE PROOF FOR AUTHENTICATION
- A bibliometric survey paper that presents the various papers written on zero-knowledge proof and authentication.
- The paper provides an overview of the topic of Zero-knowledge proof concerning authentication. The related works are done using different protocols like Diffie-Hellman, PAKE. Data collection and analysis based on location, keywords, subject areas from the Scopus index.
A SURVEY ON METHODOLOGIES FOR INTENSIFYING THE SECURITY IN IOT ENVIRONMENT
- A paper written by my team and me regarding the importance of the Internet of Things in our lives. And its most alarming factor - the security aspect.
- Conducted research on various encryption algorithms pertaining to the IoT environment.
- Provided a survey report and presentation for the various algorithms studied.
- Compared encryptions based on their efficiency and results regarding to the attributes related to IoT (memory efficiency, energy consumption, resource allocation)
- This paper provides an overview of the various methods that can be used to provide security in the IoT environment and, in turn, help unleash the untapped potential of IoT in our lives.
Certified Ethical Hacker
CEH v11
- Training Completed and scheduled for test
- Studied the fundamental and the latest developments in CyberSecurity
- Studied modules like Recon, Scanning, Exploitation, Post Exploitation, Mobile Hacking, IoT Security, Social Engineering, Cloud Security and more
TryHackMe
Paths completed:
- Beginner
- Web Application Hacking
- PenTest+
- Through CTFs, topics like OWASP TOP 10, Juice Shop, Windows/Linux Hacking, OSINT, PrivEsc, Networking and more are learned and experienced
Achievements
Paper Publication
- “Secure Authentication using Zero-Knowledge Proof”, IEEE AsiaCon, 2021
- “Bibliometric survey on Zero-Knowledge Proof for Authentication”, DigitalCommons - University of Nebraska, Lincoln, 2021
- “A Survey on Methodologies for Intensifying the Security in the IoT Environment”, Journal of Critical Review, Vol 7, Issue 19, 2020.
Google Cloud Program
- Participated in the ‘Google Cloud Program’ at our college and won Google Merchandise for the same
TryHackMe
- Appeared in the ‘Top 20 – India’ for the month of November 2020
- 45-Day Hacking streak
Music Recognition
- Music supported by international artists like Syzz, R3SPAWN, Maurice West and more
Many more to follow..
Other Certs
GCP Security
- Studied the fundamentals of Google Cloud Platform and performed assignments in the GCP environment relating to security, ACLs, deployment
Practical Hacking by Heath Adams
- Modules like Networking, Scanning, Methodologies, AD, Wireless, Exploitation, Post EXP are taught by the renowned Security Researcher Heath Adams
Hacking with Python
- Created tools for various situations in the security field using Python (used libraries like scapy, optparse, subprocess etc.)
Online Anonymity, Privacy and Security
- Accessing dark net, private communication over the internet, how Cryptocurrencies work and using TailsOS for maximum anonymity
Windows/Linux Server Management
- Studied Kerberos, Active Directory and Access Control pertaining to Windows and Linux