I'm atheltic build; 6'2", love high activity sports like martial arts and ocasional swimmer. I spend time in hacking and do vulnerability research and security bug bounty otherwise.
With that said, I love flying drones and driving cars. Driving a manual vehicle is a blessing in disguise for those who understand the spirit of it. I have created dozens of websites for fun and profit and have been occasional speaker at security conferences. Those who understand technical jargon: I have many zerodays associated to my name. And with the experience I had with reporting issues; I have decided to keep future zerodays to myself only. Money is not a deterministic factor for the decisions I take.
I've Got Some skills.
-
80%
Zeroday Research
-
70%
Coding
-
90%
Web Pentest
-
80%
Network Pentest
-
75%
Wireless Pentest
-
90%
Mobile Pentest
-
75%
Reverse Engineering
My Work Experience (in chronological order).
VAPT of Web Applications (Thick / Fat client, Rich client, Thin client), Daimler Network /
Infrastructure security, mobile (Android, iOS) and various CMS and implementing configurations while providing mitigation techniques to application owners as per OWASP and DREAD standards.
● Enforcing DISC (Daimler Information Security Compendium) policies.
● Conducting Kick-Off calls with Product Owners (VPs / Senior VPs).
● Completed security assessments of 15 applications singlehandedly with worth of € 4.5K each.
● Completed security assessment as network PT for 4 geographical locations as a team.
VAPT of Web Applications (Thick / Fat client, Rich client, Thin client) and vulnerability chaining
with post-exploitation of various CMS (Content Management Systems) and OSL (Open Source
Libraries).
● Triage with developers while maintaining security : efficiency trade-off.
● Threat Modelling (design and implementation viz. CVSS).
● Completed security assessments of 20 applications singlehandedly.
VAPT and SAST of Web Applications, Mobile Applications and RESTful APIs and services and of
various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Penetration Testing of third-party payment gateways and plug-ins as per OWASP, SANS …
● Completed security testing and ‘Sign-Off’ of 15+ applications 100+ enhancements
singlehandedly.
● Responsible for addressing ‘Security Bug Bounty’ and rewards program.
LVAPT, Blackbox pen-test of in-house applications primarily or a third-party integration covering
broadly multiple clients pertaining to Web Applications, Mobile Applications, Network /
Infrastructure, IoT, Rich Clients, Thick Clients and System.
● Handling client products like Tenable, AttackIQ and supporting Carbon Black, LogRhythm.
● Digital Forensics and Incident Response to security incidents, violations and potential threats.
● Simulating attack scenarios to test the implemented setup of security monitoring teams.
● Leading Red-Team activity and creating post-exploitation scenarios with execution.
● Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
● Mentoring / managing technical resources for PenTest and skill development.
● Performing malware analysis for in-house app installation requests and apps that have clear
public record but have potentially malicious behavior.
● Completed security assessment of 100+ projects singlehandedly.
● Provided secure design structure for Security and Network Operations.
Red-Teaming, VAPT of Web, Mobile, Networks and IoT based applications and devices.
● Audit of security controls in place.
● Performing Red-Team activity, creating strategies and relevant scenarios for it.
● Creating secure design / architecture for the new concepts and AI based applications.
● Leading / guiding the security team for security assessments and red-team activities.
● Completed 5 security assessment and counting…
