About Me
Me, Myself and More....
Last updated
Me, Myself and More....
Last updated
I am a graduate student at UTS Sydney, majoring in Cybersecurity. My passion lies in malware research, exploit development, and malware analysis. As an OSCP, CRTO and CRTL professional, I actively engage in vulnerability assessments, malware research, and cybersecurity projects.
Links: | | |
โข Designed a distributed system that incorporates an agent-controller architecture to prevent data poisoning attacks. โข Incorporated ECDH and zk-SNARK based authentication measures in the distributed system. โข Implemented the distributed system in Golang using Gnark and Openssl libraries.
Developed Active Directory internal assessment modules for RedTeam Copilot, enhancing the toolโs capability to simulate real-world attack scenarios
Created custom scripts for enumeration and exploitation in Sliver C2 using Sliverpy.
Automated deployment of expendable payloads, C2 redirectors, and SMTP relays using Terraform.
Contributed to the design and development of a custom C2 framework with AI-based agents.
Integrated netexec tool into the copilot agent for automated deployment when run on a target system.
Conducted VAPT assessments on Government of India infrastructure.
Performed vulnerability scans for critical industrial sectors such as aviation, power, and finance.
Documented and responsibly disclosed proof-of-concept exploits for discovered vulnerabilities.
Promoted to team leader after two months, managing a team of interns and coordinating vulnerability assessments.
Demonstrated how RATs, keyloggers, and registry keys compromise systems together.
Explored persistence techniques used in modern malware.
Provided detection and mitigation strategies to counter these threats.
Research Paper was published in Springer Lecture Notes in Networks and Systems - LNNS
Developed a ransomware prototype leveraging Elliptic Curve Cryptography (ECC) to encrypt files with high efficiency.
Implemented advanced anti-analysis techniques such as API hammering and compile-time Import Address Table (IAT) randomization for enhanced evasion.
Utilized process hollowing by leveraging clean ntdll.dll copies from suspended processes to bypass security hooks.
Embedded mechanisms for escalating privileges dynamically, including token manipulation and abuse of high-privileged processes, to extend ransomware capabilities.
Incorporated DcSync attack capabilities to dump all username-NTLM hash combinations in an Active Directory network.
ShadowChain is designed as a modular DLL injector, allowing flexibility in injecting DLLs into target processes.
Implements DRM features to protect the payloads and their functionality, ensuring controlled distribution and execution.
Utilizes Thread Local Storage (TLS) callbacks for anti-debugging mechanisms and makes it difficult for reverse engineers and debuggers to analyze the injector.
ShadowChain utilizes the Windows Startup folder as a persistence mechanism by creating a copy of the injector at runtime into the startup folder which the system automatically executes whenever the user logs into Windows.
Supports a wide range of payloads, making the tool adaptable to various use cases while maintaining a high level of security and obfuscation.
BlueNovember is designed as an offensive driver with capabilities to bypass kernel-level security measures including antivirus defenses and built-in Windows protection mechanisms like Kernel Patch Protection (KPP) and callbacks.
The driver is capable of modifying process protections and privileges, enabling actions that typically require higher permissions such as changing process tokens and disabling kernel callbacks.
It includes techniques to evade Microsoftโs PatchGuard that protects kernel integrity, by exploiting race conditions and operational gaps in its monitoring processes.
Developed a handler using C++ with WinAPI wrappers to execute commands and manage the driverโs operations.
๐
๐
๐ป
