reveng007's Blog

Central Point for Research and Development

Project maintained by reveng007 Hosted on GitHub Pages — Theme by mattgraham

About Me:

Hi, this is Soumyanil (aka reveng007).
Red mind. Blue mission.
Turning attack tradecraft into detections across Cloud & AD via Purple Teaming/adversary Simulation followed by Threat Hunting.
CRTP and CRTO
Former Black Hat Asia, USA, SecTor & Europe 2024, Wild West Hacking Fest 2024 Arsenal Presenter and Former Speaker BSides Singapore 2023.

What I do:

Perform Red/purple Team assessments on Client environments.
Perform Threat detections/hunting on Cloud and On-prem environments to help detection engineers in authoring detections for identified bypasses, reducing blind spots across MITRE ATT&CK techniques.
Developing and deploying custom detections based on analysis of incidents and relevant adversary TTPs via “Detection as Code”.
Different EDRs, MDI and other Security Product evaluation.
Created Offensive CI/CD Pipelines and automated hunting for sensitive keywords in O365 environments.
Perform Network PT and Thick Client Testing assessments.
Covert Custom C2 creation and Exfiltration related BOF development for BRC4 and Cobalt Strike.

Projects I have worked on High Level:

Purple Team Engagements —
Adversary Simulation to Detection Validation Ran 400+ AD attack test cases (ADCS abuse, Kerberoasting, ACL abuse, and more) against MDI’s ML-based detections — achieving an 89% alert hit rate and converting previously undetected techniques into validated alerts. Closed 10+ critical detection gaps and expanded SOC detection portfolio by 30% by bridging offensive findings directly into detection logic.
AWS Attack Simulation & Detection Lab + Research (Ongoing) -
End-to-end purple team lab mapping Stratus Red Team TTPs to MITRE ATT&CK, with production-ready Sigma and SQL-based detections built on CloudTrail, sysmon and windows eventviewer — covering Initial Access, Execution, and beyond. Actively publishing a blog series documenting each detection’s telemetry, pseudocode, query development, noise tuning, and simulation replay. During research, independently discovered a previously documented AWS API that can be abused to tamper with CloudTrail logging (blog coming soon). It is documented but not at all talked about before.
link - https://soumyani1.medium.com/
Security Product Assessment — EDR, MDI, MDE & PAM -
Evaluated detection coverage and abuse potential across enterprise security products. Assessed Microsoft Defender for Identity under real AD attack scenarios, analyzed MDE exclusion visibility and abuse under the “HideExclusionsFromLocalAdmins” policy, performed holistic endpoint security review across MDE, Zscaler, DLP, and BeyondTrust on Windows 11, and discovered multiple UAC bypass paths within BeyondTrust PAM under restricted low-flex environments — each with accompanying detection recommendations.
Offensive Automation — Cloud & CI/CD -
Built adversary simulation tooling integrated into organization’s automation platform for repeatable cloud attack scenarios and continuous detection testing. Separately, engineered a GitHub Actions CI/CD pipeline enabling remote download, compilation, encryption, and obfuscation of .NET payloads — delivering evasive payloads continuously during purple team engagements.
SharePoint Sensitive Data Hunting -
Hunted for exposed sensitive data across live enterprise SharePoint environments using Microsoft Graph API and KQL — identifying blind spots in DLP coverage and generating actionable remediation findings.
Malware & Ransomware Tooling -
Developed stealthy ransomware and evasive malware strains for internal red team assessments.

Courses/ Certifications:

`$ cat /var/www/html/index.html`

View my My list of posts !

`$ cat /var/www/html/redirect/index.html`

View my blogs on other platforms: