LinkedinGithub

🕺About Me

Me, Myself and More....

👋 Hello There...

I am a graduate student at UTS Sydney, majoring in Cybersecurity. My passion lies in malware research, exploit development, and malware analysis. As an OSCP, CRTO and CRTL professional, I actively engage in vulnerability assessments, malware research, and cybersecurity projects.

Links: GitHub | LinkedIn | Twitter | Email Me

🏆 Certifications

CRTO
OSCP
CRTL
OSWP
Security +

💼 Experiences

Research Intern @ IIT Bhubaneswar

• Designed a distributed system that incorporates an agent-controller architecture to prevent data poisoning attacks. • Incorporated ECDH and zk-SNARK based authentication measures in the distributed system. • Implemented the distributed system in Golang using Gnark and Openssl libraries.

Security Engineer Intern @ Bugbase

  • Developed Active Directory internal assessment modules for RedTeam Copilot, enhancing the tool’s capability to simulate real-world attack scenarios

  • Created custom scripts for enumeration and exploitation in Sliver C2 using Sliverpy.

  • Automated deployment of expendable payloads, C2 redirectors, and SMTP relays using Terraform.

  • Contributed to the design and development of a custom C2 framework with AI-based agents.

  • Integrated netexec tool into the copilot agent for automated deployment when run on a target system.

Breach Point Intern @ ISAC

  • Conducted VAPT assessments on Government of India infrastructure.

  • Performed vulnerability scans for critical industrial sectors such as aviation, power, and finance.

  • Documented and responsibly disclosed proof-of-concept exploits for discovered vulnerabilities.

  • Promoted to team leader after two months, managing a team of interns and coordinating vulnerability assessments.

🎤 Conference Presentations

🎙️ The Threat Triplet: RATs, Keyloggers, and Registry Keys @ HINT-24

  • Demonstrated how RATs, keyloggers, and registry keys compromise systems together.

  • Explored persistence techniques used in modern malware.

  • Provided detection and mitigation strategies to counter these threats.

  • Research Paper was published in Springer Lecture Notes in Networks and Systems - LNNS

🏗 Notable Projects

CurveLock

🔐 CurveLock

  • Developed a ransomware prototype leveraging Elliptic Curve Cryptography (ECC) to encrypt files with high efficiency.

  • Implemented advanced anti-analysis techniques such as API hammering and compile-time Import Address Table (IAT) randomization for enhanced evasion.

  • Utilized process hollowing by leveraging clean ntdll.dll copies from suspended processes to bypass security hooks.

  • Embedded mechanisms for escalating privileges dynamically, including token manipulation and abuse of high-privileged processes, to extend ransomware capabilities.

  • Incorporated DcSync attack capabilities to dump all username-NTLM hash combinations in an Active Directory network.

ShadowChain

🛠 ShadowChain

  • ShadowChain is designed as a modular DLL injector, allowing flexibility in injecting DLLs into target processes.

  • Implements DRM features to protect the payloads and their functionality, ensuring controlled distribution and execution.

  • Utilizes Thread Local Storage (TLS) callbacks for anti-debugging mechanisms and makes it difficult for reverse engineers and debuggers to analyze the injector.

  • ShadowChain utilizes the Windows Startup folder as a persistence mechanism by creating a copy of the injector at runtime into the startup folder which the system automatically executes whenever the user logs into Windows.

  • Supports a wide range of payloads, making the tool adaptable to various use cases while maintaining a high level of security and obfuscation.

BlueNovember

💻 BlueNovember

  • BlueNovember is designed as an offensive driver with capabilities to bypass kernel-level security measures including antivirus defenses and built-in Windows protection mechanisms like Kernel Patch Protection (KPP) and callbacks.

  • The driver is capable of modifying process protections and privileges, enabling actions that typically require higher permissions such as changing process tokens and disabling kernel callbacks.

  • It includes techniques to evade Microsoft’s PatchGuard that protects kernel integrity, by exploiting race conditions and operational gaps in its monitoring processes.

  • Developed a handler using C++ with WinAPI wrappers to execute commands and manage the driver’s operations.

Previousroot@Swayam's BlogNextCurveLock

Last updated