Rachit Arora

whoami

I’m Rachit and I like Cybersecurity. I’m currently an international graduate student @ University of Maryland, College Park studying M.Eng Cybersecurity.

I’m currently looking for hybrid internships/co-op in the Washington, D.C. area for the Spring of 2025.

I post blogs here and my LinkedIn ->  

Education

• Master of Engineering (M.Eng.) in Cybersecurity @ University of Maryland, College Park - UMD [Current]
• Bachelor’s degree in Information Technology @ Sikkim Manipal Institute of Technology - SMU [Graduated 2023]

Work Experience

• Cybersecurity Intern @ Authbase
• Azure Security Engineer Intern @ NoShitSecurity
• Penetration Testing Intern @ Virtually Testing Foundation
• Intern @ Qualitykiosk

Talks and CTF

OWASP Mumbai Talk - Introduction to Malware Analysis

• Presented at: OWASP Mumbai Online Meetup, Date: 26th October 2024 - Virtual
• Windows architecture and internals, PE (Portable Executable), Static and Dynamic Analysis, RC4, AES, XOR, Live Demonstration, Payload Encryption/Obfuscation Techniques,CTF Binaries.
• Watch the recording here: Zoom Recording Link Passcode: Y..ff$2B

Defcon 32 2024 CTF with Cloud Village - Key of Lost Secrets - Azure CTF

• Azure supports versioning for both keys and secrets. In this challenge, the flag is divided into two parts. One part is encrypted with versioned keys, and the other part is stored in versioned secrets. Participants must write a Python script to decrypt the encrypted message using the versioned keys for one half of the flag and the versioned secrets for the other half.
• You can verify my contributions here: dc32.cloud-village.org and find the Challenge Repository: Github

RSA 2024 CTF with Cloud Village - BotSilverQuest - Azure CTF

• I created a CTF challenge where participants had to find a flag in a zip backup file stored in Azure Blob Storage. Despite the zip file being deleted, the storage had versioning enabled and it could be recovered.
• This challenge highlighted how blob versioning can lead to sensitive data leakage through previous versions of the blob.
• You can verify my contributions here: rsa2024.cloud-village.org and find the Challenge Repository: Github

Certifications & CVEs

CVE-2023-47184

• Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <= 1.2.8 versions.
  More information about CVE-2023-47184 here

CVE-2023-49743

• Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dashboard Widgets Suite <= 3.4.1 versions. More information about CVE-2023-49743 here

Certifications

• Certified Red Team Professional (CRTP)
• OffSec Certified Professional (OSCP)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• AWS Certified Cloud Practitioner
• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• eLearnSecurity Junior Penetration Tester (eJPT)
• All certifications can be verified on credly here

CTFs

• 2nd Place SANS x WICYS 2024
• 5th BuckeyeCTF 2024
• 4th SwampCTF 2024
• 10th LA CTF 2024
• 1st CSAW CTF Qualification Round 2023
• 8th vsCTF 2023
• 20 BlueHens CTF 2023

Have any questions

Do you have any questions? Feel free to reach out to me on Twitter or on LinkedIn.