He has hands-on offensive security professional with a strong focus on endpoint security, cloud attack automation, and purple teaming.
Aside from the Offensive side, he also writes high fidility detection rules for EDR evasive malware techniques, signatures for malicious network traffic and AWS related attack vectors.
Break and bypass endpoint defenses like Microsoft Defender for Endpoint, CrowdStrike, Cortex XDR, Sophos, Deep Instinct and BeyondTrust.
Building detections of high quality attack techinques used by APT which normally goes under the radar of EDR products and Threat Hunters.
Simulate adversary behavior using offensive CI/CD pipelines to generate obfuscated payloads (.NET).
Perform deep assessments in enterprise environments using live SharePoint exploitation via KQL hunting, and AD abuse (evading Microsoft Defender for Identity).
Have built malwares and ransomware to test real-world environments for upgrdation of detection and prevention strategies.
Automate adversary emulation in cloud platforms like AWS for continuous attack simulations.
Projects I have worked on:
Detection Engineering via Event logs (high level), Kernel Callback and ETWTi based ELAM drivers (low level):
Built Kernel drivers POCs and ETWTi based ELAM (Early Launch AntiMalware) drivers to detect process injection techniques like, thread hijacking, EarlyBird APC Injections, LSASS memory access (also for Silent process exit and Duplicate handle technique), PPID Spoofing and Process Hollowing, Ghosting, Herpaderping, LLMNR poisoning, Ransomware detection workflow, Named pipe based privilege escalation and lateral movement.
SharePoint Sensitive Keyword Hunting:
Queried live enterprise SharePoint sites using Microsoft Graph API + KQL (Keyword Query Language) to identify exposed sensitive data.
WPAD Assessment:
Investigated WinHttpAutoProxySvc attack surface under disabled WPAD configs.
MDE Exclusion Bypass:
Evaluated Microsoft Defender Exclusion visibility and abuse even under “HideExclusionsFromLocalAdmins” policy.
Privilege Access Management Product Abuse:
Discovered multiple UAC bypasses in Beyond Trust PAM solution while operating under restricted (low-flex) environments.
Windows 11 Endpoint Evaluation:
Performed holistic endpoint security review including Zscaler, DLP, MDE, and Beyond Trust.
Assessment of MDI via AD Attacks:
Ran 400+ test cases on Microsoft Defender for Identity involving ADCS, Kerberoasting, ACL abuse, and more, having 89% success rate in bypassing MDI.
Cloud Attack Automation (AWS):
Built adversary simulation tooling for FireCompass’ automation platform.
Malware & Ransomware Tooling:
Developed stealthy ransomware and evasive malware strains for internal red team assessments.