Education
- Master of Engineering (M.Eng.) in Cybersecurity @ University of Maryland, College Park - UMD [Current]
- Bachelor’s degree in Information Technology @ Sikkim Manipal Institute of Technology - SMU [Graduated 2023]
Work Experience
- Cybersecurity Intern @ Authbase
- Azure Security Engineer Intern @ NoShitSecurity
- Penetration Testing Intern @ Virtually Testing Foundation
- Intern @ Qualitykiosk
Talks and CTF
OWASP Mumbai Talk - Introduction to Malware Analysis
- Presented at: OWASP Mumbai Online Meetup, Date: 26th October 2024 - Virtual
- Windows architecture and internals, PE (Portable Executable), Static and Dynamic Analysis, RC4, AES, XOR, Live Demonstration, Payload Encryption/Obfuscation Techniques,CTF Binaries.
- Watch the recording here: Zoom Recording Link Passcode: Y..ff$2B
Defcon 32 2024 CTF with Cloud Village - Key of Lost Secrets - Azure CTF
- Azure supports versioning for both keys and secrets. In this challenge, the flag is divided into two parts. One part is encrypted with versioned keys, and the other part is stored in versioned secrets. Participants must write a Python script to decrypt the encrypted message using the versioned keys for one half of the flag and the versioned secrets for the other half.
- You can verify my contributions here: dc32.cloud-village.org and find the Challenge Repository: Github
RSA 2024 CTF with Cloud Village - BotSilverQuest - Azure CTF
- I created a CTF challenge where participants had to find a flag in a zip backup file stored in Azure Blob Storage. Despite the zip file being deleted, the storage had versioning enabled and it could be recovered.
- This challenge highlighted how blob versioning can lead to sensitive data leakage through previous versions of the blob.
- You can verify my contributions here: rsa2024.cloud-village.org and find the Challenge Repository: Github
Certifications & CVEs
CVE-2023-47184
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <= 1.2.8 versions.
More information about CVE-2023-47184 here
CVE-2023-49743
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dashboard Widgets Suite <= 3.4.1 versions. More information about CVE-2023-49743 here
Certifications
CTFs
- 2nd Place SANS x WICYS 2024
- 5th BuckeyeCTF 2024
- 4th SwampCTF 2024
- 10th LA CTF 2024
- 1st CSAW CTF Qualification Round 2023
- 8th vsCTF 2023
- 20 BlueHens CTF 2023
Have any questions
Do you have any questions? Feel free to reach out to me on Twitter or on LinkedIn.