reveng007's Blog

Central Point for Research and Development

---

Project maintained by reveng007 Hosted on GitHub Pages — Theme by mattgraham

About Me:

• Hi, this is Soumyanil (aka reveng007).
• He has hands-on offensive security professional with a strong focus on endpoint security evasion, cloud attack automation, and red teaming.
• His work involves building offensive pipelines, performing stealthy assessments, and uncovering deep product blind spots across EDRs, AVs, privileged access management solutions and other Security products.
• Former Black Hat Asia, USA, SecTor & Europe 2024, Wild West Hacking Fest 2024 Arsenal Presenter and Former Speaker BSides Singapore 2023.
• Nowadays, he spends most of his time building scripts/open source malware dev evasion-based projects, digging deep into Windows system internals, and building automation scripts on On-prem and Cloud-based (like, AWS) Attack Vectors.

What I do:

1. Break and bypass endpoint defenses like Microsoft Defender for Endpoint, CrowdStrike, Cortex XDR, Sophos, Deep Instinct and BeyondTrust.
2. Simulate adversary behavior using offensive CI/CD pipelines to generate obfuscated payloads (.NET).
3. Perform deep assessments in enterprise environments using live SharePoint exploitation via KQL hunting, and AD abuse (evading Microsoft Defender for Identity).
4. Build malware and mini-ransomware strains to test real-world detection and prevention systems.
5. Automate adversary emulation in cloud platforms like AWS for continuous attack simulations.

Projects I have worked on:

1. SharePoint Keyword Hunting:
   Queried live enterprise SharePoint sites using Microsoft Graph API + KQL (Keyword Query Language) to identify exposed sensitive data.
2. WPAD Assessment:
   Investigated WinHttpAutoProxySvc attack surface under disabled WPAD configs.
3. MDE Exclusion Bypass:
   Evaluated Microsoft Defender Exclusion visibility and abuse even under “HideExclusionsFromLocalAdmins” policy.
4. Privilege Access Management Product Abuse:
   Discovered multiple UAC bypasses in Beyond Trust PAM solution while operating under restricted (low-flex) environments.
5. Windows 11 Endpoint Evaluation:
   Performed holistic endpoint security review including Zscaler, DLP, MDE, and Beyond Trust.
6. Assessment of MDI via AD Attacks:
   Ran 400+ test cases on Microsoft Defender for Identity involving ADCS, Kerberoasting, ACL abuse, and more.
7. Cloud Attack Automation (AWS):
   Built adversary simulation tooling for FireCompass’ automation platform.
8. Malware & Ransomware Tooling:
   Developed stealthy ransomware and evasive malware strains for internal red team assessments.

Courses/ Certifications:

• HackTheBox - Detecting Windows Attacks with Splunk (ongoing)
• Maldev Academy - Malware Development Modules (ongoing)
• DeepLearning.ai - Red Teaming LLM Applications
• ZeroPoint Security - Certified Red Team Operator/ CRTO
• Pentester Academy - Certified Red Team Professional/ CRTP
• AttackIQ Foundations of Operationalizing MITRE ATT&CK v13
• Sektor7 RED TEAM Operator: Windows Evasion Course
• Antisyphon Training SOC Core Skills

---

$ cat /var/www/html/index.html

View my My list of posts !

• How did I approach making linux LKM rootkit, “reveng_rtkit” ?
• CloudGoat Scenario 2: vulnerable_cognito (Small / Moderate): WalkThrough and Mitigation

$ cat /var/www/html/redirect/index.html

View my blogs on other platforms:

1. Kerberos Deep Dive (original website is sold, so had to add backup)
2. HTB Knife (original website is sold, so had to add backup)
3. THM Steel Mountain MrRobot
4. THM NinjaSkills
5. THM TheServerFromHell