Welcome to Vulnerabilities.in - Security Blogging with Ciph3r00t

CISA | CISM | OSCP | CRTP | eCPPT | eWPTX | CEH

Meet Ciph3r00t

Hacker

Pentester

Security Engineer

ABOUT

Meet Ciph3r00t.

With over a decade of experience in cybersecurity, I lead a team of highly skilled security engineers at ServiceNow. Together, we ensure the security of the Enterprise AppStore ecosystem by identifying and mitigating cyber risks across various domains and technologies. My strong background in computer engineering and software development enables me to design and implement effective and innovative penetration testing strategies. My daily responsibilities include threat modeling, design reviews, code reviews, software composition analysis, and dynamic analysis to ensure comprehensive security throughout the software development lifecycle.


I hold several credentials that demonstrate my expertise in offensive security, including OSCP, CISM, CISA, eWPTX, CRTP, eCPPT, CEH, and an M.Tech in Computer Science and Engineering. With extensive experience in adversarial techniques, Red Teaming activities, network penetration testing, and enterprise security assessments, I have developed a deep understanding of the complexities of information security.


I have participated in and won numerous CTF challenges held at security conferences like MSRF BlueHatIndia, BlackHat Asia, and Nullcon. Furthermore, I play an active role as a speaker at the null Hyderabad chapter and have conducted security training sessions and workshops at prominent engineering colleges in Hyderabad, including CBIT and VJIT. My contributions to identifying and reporting security vulnerabilities have garnered recognition from esteemed organizations globally, including Apple, Microsoft, Google, SANS Institute, CERT-EU, Dell, SAP, Eset, Intel, LinkedIn, TrendMicro, Amazon, Blackberry, NASA, and the U.S. Department of Defense.

EXPERTISE

What I can do.

With extensive experience in Adversarial techniques, Red Teaming activities, and enterprise security assessments, I have developed a deep understanding of the complexities of information security.

  • Application Security

    Application security involves securing software applications by identifying and mitigating vulnerabilities throughout their lifecycle. This includes static and dynamic testing (SAST and DAST), secure coding practices, integrating security in the software development lifecycle (SDLC), and conducting penetration tests to ensure applications are resilient against attacks.

  • Penetration Testing

    Penetration testing simulates cyberattacks on systems, networks, or applications to identify and exploit vulnerabilities. This practice helps uncover security weaknesses before malicious actors do, covering various types such as network, web, mobile, and cloud penetration testing, to ensure comprehensive security.

  • Security Engineering

    Security engineering focuses on designing and building secure systems and infrastructure, integrating security practices throughout the development lifecycle. It involves secure architecture design, threat modeling, policy development, security code reviews, and validation through various security tests to ensure systems are robust against threats from the ground up.

  • Cloud Security

    Cloud security focuses on protecting data, applications, and services hosted in the cloud from cyber threats. It includes reviewing cloud configurations, conducting penetration tests, managing identities and access, ensuring data encryption and protection, and maintaining compliance with security standards and regulations.

  • Red Teaming Engagements

    Red teaming involves advanced, persistent attack simulations by a team of ethical hackers to test the effectiveness of an organization’s security defenses. It includes adversary emulation, physical security testing, social engineering, and cyberattack simulations to evaluate and improve detection, response, and mitigation capabilities.

  • Vulnerability Management

    Vulnerability management involves identifying, assessing, and mitigating security vulnerabilities in systems and applications. It includes vulnerability scanning, patch management, risk assessment, remediation, and continuous monitoring to ensure vulnerabilities are promptly addressed and risks minimized.

  • Risk Management

    Risk management in cybersecurity entails identifying, assessing, prioritizing, and mitigating risks to minimize the impact of threats. This process includes risk assessments, implementing mitigation measures, deciding acceptable risks, transferring risks (e.g., through insurance), and continuously monitoring and reassessing risks to maintain an effective security posture.

  • Security Awareness Trainings

    Security awareness training educates employees about security risks and best practices to reduce human error and increase vigilance. It involves phishing simulations, regular training sessions, policy education, updates on current threats, and reinforcing secure behaviors to ensure employees contribute to the organization’s overall security.

RESUME

Experience

My strong background in computer engineering and software development enables me to design and implement effective and innovative penetration testing strategies. My daily responsibilities include threat modeling, design reviews, code reviews, software composition analysis, and dynamic analysis to ensure comprehensive security throughout the software development lifecycle.

ServiceNow 2017-Present

Staff Security Engineer

Managing a team of security professional to secure Enterprise AppStore Ecosystem.

ZenQ 2014-2017

Senior Security Engineer

Ethically hacked various companies & delivered security projects.

Synack 2016-2021

Synack Red Team Member

Joined the Synack Red Team and began hunting on other platforms as well, such as bugcrowd and hackerone.

The Democratic News 2010-2014

Website Administrator

Managing digital assets of a news agency and published blog posts.

SKILLS

Skills I have collected
over the years and days.

WebApp Pentesting & Code Reviews

100%

iOS & Android Application Pentesting

90%

Cloud Security Pentesting

80%

Red Teaming

70%

AD, Network & Infrastructure Pentesting

90%

Smart Contract Auditing

50%

GenAI Security

80%

Wireless Network Pentesting

70%

Social Engineering

50%

Thick Client Application Pentesting

90%

Configuration Reviews

70%

CUSTOMERS

Acknowledgements

Click on the icons below to see the Hall of Fame entries for reporting security vulnerabilities.

logo
logo
logo
logo
logo
logo
logo
logo
logo

CONTACT


Let’s get in touch ;)