About me


Why you'd want to go on a date with me

Pwn-Eat-Sleep-Repeat

Hi there! I see, you are interested in knowing about me :)

I’m an undergraduate student in the Computer Science department at IIT Roorkee.
Inspired by Jay Bosamiya and Dhaval Kapil, I started exploring Information Security as a freshman and have ever since been learning and researching various fields within it.

The purpose of this blog is to document my researches and readings.

Interests I have invested my time into (in chronological order):

  • Binary Exploitation as a CTF player
  • Software Security Researcher
  • Fuzzing JavaScript Engines
  • Android Malware Analysis
  • Android Application Security Testing
  • Web Application Security Testing
  • Bug Bounty

Projects I have worked on as a sophomore:

1. Malware Detection by Network Behavioral analysis:
Working on honeynet traffic datasets and benign traffic datasets to perform feature extraction and apply the features on a classifier to identify a malware’s communication with a Command & Control Server. This is aimed at battling advanced malwares bypassing anti-viruses and using C&C for infection and spreading.
— Dr.Partha Pratim Roy, CSE Dept, IIT Roorkee, India

2. Network and login Credentials Harvester:
Deploy Evil twin attack to launch DoS against legitimate AP and force users to connect to evil AP. Perform MITM to harvest login credentials and modify network traffic. Uses phishing technique to perform a full fledged intrusion and browser hooking.
—Dr.Sandeep Kumar Garg, CSE Dept, IIT Roorkee, India

3. Exploiting Software Vulnerabilities & bypassing mitigations:
Research and implementing attack vectors to exploit software vulnerabilities. Vulnerability identification, exploit development, bypass security mitigations in Linux, Windows and launch attack to get arbitrary code execution.
—Dr. Supid Roy, CSE Dept, IIT Roorkee, India

4. Breaking RETGUARD, advanced kernel hardening in OpenBSD
Analyze the effectiveness of RETGUARD and kernel hardening methods in openBSD. Successfully bypassed the latest mitigation by use of unremovable implicit gadgets in randomized libc.
—Dr. Claudia Eckert, Chair IT Security, TUM, Germany

These were the beginner friendly projects I did apart from taking part in CTFs, later on moved to reading researching new techniques in android malwares, android & web application testing and fuzzing softwares for 0-days.

My experience at Technical University of Munich, Germany as a Semester Exchange student was of great importance in motivating me to gain a broad knowledge of Security. A special thanks to Julian Kirsch, my mentor at TUM and a member of the HXP team.

Then I joined twitter to find a wonderful community sharing their experience, researches, findings. Thanks @0xabc, @logicbomb_1, @LibraAnalysis.

Since am working at Payatu Technologies as Security Researcher, I will publish blogposts every weekend on my personal research work and findings.

Happy reading and Happy hacking :)

comments powered by Disqus