About me

Hey there, I am a Security Consultant from India working at Payatu, a cyber-security startup. Currently, I am co-leading the Red Team Tower within my organization, where I am fortunate to manage and collaborate with a team of highly skilled Cyber Security Engineers. I have a deep interest in solving complex cyber-security problems that present themselves through different mediums, be it work-related Projects, CTFs, Boot2Root Machines, or personal Homelab projects

As someone who is entrusted with the task of protecting organizations from cyber risks and vulnerabilities, I evaluate their products and infrastructure, pinpoint potential issues, and offer comprehensive remediation plans to minimize the risk of cyber-security incidents. Moreover, I maintain a platform where I share my views on different Cyber Security matters. Interested readers can explore my blog to find such articles.

P.S: If it interests you to know why I go by the alias 0xpurecha0s, read this.

What i'm doing

  • Red Teaming

    I can help perform adversary emulation exercises against a target organization. Such an exercise can help establish the current cyber-security posture of the organization and establish scopes of improvement. I have been involved in performing such exercises against many organizations including a few in the Fortune 500.

  • Website Pentesting

    With a very strong background in Web Application Pentesting, I can help an organization in identifying and addressing security issues in their Web Application by leveraging a combination of manual testing and advanced automated security testing tools.

  • Mobile Application Pentesting

    I also have some background in testing for security issues in Mobile Application (iOS/Android).

  • Cloud

    I have a very strong background in testing for security issues on cloud platforms like Azure and AWS. I have highlighted very serious configuration issues which have helped organization in securing their Cloud Infrastructure.

Resume

Education

  1. Dronacharya College of Engineering, Gurgaon

    2015 — 2019

    Bachelors of Technology (B.Tech) - Information Technology

Work Experience

  1. Payatu

    October 2021 - Present

    Senior Security Consultant April 2023 - Present
    1. • Managed multiple projects involving Red Team/Adversary Simulation, Network, and Cloud Security assessments concurrently, offering guidance on understanding their business implications and devising actionable remediation strategies.
    2. • Automated provisioning and configuration of Red Team infrastructure, including C2 servers, GoPhish, and Evilginx, utilizing Terraform, Ansible, and Docker automation. Achieved a 67% reduction in weaponization efforts through streamlining processes.
    3. • Undertook comprehensive security measures for both AWS cloud and on-premise infrastructure within the Red Team, ensuring complete protection and responsible red teaming practices.
    4. • Crafted a documentation framework employed as a collaborative knowledge repository for Red Team Assessments, facilitating the generation of timelines, recording significant events and details, ensuring thorough documentation of assessment’s activity.
    5. • Conducted client training sessions aimed at safeguarding against social engineering threats. Delivered comprehensive instruction on various techniques and tactics to fortify defenses against these types of attacks.
    Security Consultant May 2022 - March 2023
    1. • As a Co-Lead, provided guidance and oversight within the Red Team. Developed strategies for continuous training to ensure Red Team remained current with the latest technologies, resulting in a highly effective team within the organization.
    2. • Communicated and collaborated with clients, vendors, and relevant authorities to contribute to strategic planning, identify potential vulnerabilities, and devise effective risk mitigation strategies.
    3. • Developed and documented strategies and Standard Operating Procedures (SOPs) to optimize Vulnerability Assessments/Penetration Testing (VAPT) and Adversary Simulation (Red Team) practices within the organization, enhancing efficiency and effectiveness.
    4. • Crafted numerous Capture The Flag (CTF) challenges centered around Network and Cloud domains to support a recruitment campaign.
    Associate Security Consultant October 2021 - April 2022

    1. • Performed comprehensive security evaluations on client infrastructure and web applications through vulnerability assessments, penetration tests, red team simulations, and social engineering attacks. To identify security vulnerabilities, expedited remediation processes, and minimized overall risk exposure.
    2. • Automated internal and external network vulnerability and service scanning using wrapper scripts for tools like nmap, masscan, and nuclei, optimizing workload distribution and improving result accuracy while reducing scan time by 52% and inaccuracy by 3%.

  2. Web and Solution Architect (Intern) at Panchsheel Pvt. Ltd.

    January 2019 — May 2019

    Interned as a Web and Solutions Architect at Panchsheel Pvt. Ltd. Introduced many changes to their website incorporating many performances and security issues. Created several tests and scripts for optimisation & deployment of production-level changes eventually leading to faster deployments according to requirements from the Marketing and Sales team.

  3. Solutions Architect and Android Engineer (Intern) at Orgzit

    June 2018 — July 2018

    Interned as a Solutions Architect and Android Engineer at Orgzit. Created close to 50 Unique Solutions and Project Templates specially catering to the requirements and problems faced by Clients from various sectors/industries. Resolved some performance issues on Orgzit's mobile platform leading to better end-user satisfaction.

My skills

  • Web Application Security
    75%
  • Adversary Simulations / Red Teaming
    85%
  • Network VAPT
    90%
  • Active Directory
    80%

Contact

Get in Touch ?

Send Me an Email At :


Find my PGP Key :

As another option, you could choose to complete and submit this form.