Do web application penetration testing with the latest methodology like OWASP Top-10 , SANS top 25. Perform both manual and automated penetration testing. Perform manual testing with various controls like Configuration and Deployment Management Testing; Identity Management Testing; Authentication Testing; Authorization Testing; Session Management Testing; Input Validation Testing; Testing for Error Handling; Testing for weak Cryptography; Business Logic Testing; Client Side Testing. Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM Appscan, Microfocus Fortify, w3af etc.

Provide Network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing. Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus, Password etc. Tools that use for automated network penetration testing: OpenVAS, Wireshark, Nessus, Metasploit, Armitage, Scapy etc.

Have intermediate experience in exploit development for windows and linux. Use various techniques to exploit buffer overflow vulnerability like stack base exploitation; heap based exploitation etc. Bypass windows mechanism protection like bypass /GS; bypass SafeSEH; Bypass ASLR; Bypass DEP; Bypass SEHOP etc. Develop user space shellcode like port bind shellcode; reverse shellcode; staged shellcode; egg-hunt shellcode etc. Design shellcode functionality like File transfer; download and execute; process injection shellcode etc.Use various techniques to encode and encrypt the shellcode like XOR; rolling XOR etc, AES, DES algorithm etc. Modify the existing exploit code as per the need. Tools: IDA Pro, GDB Debugger; Immunity Debugger; Mona.py etc.

Have 2 years of experience in reverse engineering and malware analysis: Hands on experience in Intel x86: Architecture, Assembly. Use reverse engineering analysis (Static analysis and Dynamic analysis) to decompilation of application and find software vulnerabilities.Analysis the header of binary program for malware analysis. Analysis PE File Format to understand How windows loader loads the executable in memory; How loader build the import and export table for a module in memory; From where to start the execution or Address of entry point. Experience with packer, crypters.

Follow the standard methodology to perform the penetration testing: i)Information gathering: In this step, gather the information about the target like whois; port scanning; technology used; services identification; sensitive data etc. Tools: NMAP, Maltego, Whois, Wireshark, theHarvester , Dmitry,Dig, GHDB etc. ii) Vulnerability Assessment: In this step, find the vulnerabilities existing in the target. Tools: Nessus, Netsparker, Nexpose, Acunetix, Burp-Suite, OpenVAS, IBM Appscan,Microfocus Fortify. iii) Exploitation: in this step, exploit the vulnerabilities. Tools: Metasploit, SQLMAP, Burp-Suite, Armitage, THC-Hydra etc. iv) Reporting: The final step is reporting.

Perform source code reviews for .NET and PHP language. Perform vulnerability analysis on .net based websites using standard methodology like OWASP Top-10, SANS top 25 etc. Perform manual and automated source code reviews for various web based security vulnerabilities like SQL Injection, Cross site scripting (XSS) , CSRF, LFI, RFI, Broken_Authentication etc. UseMicrofocus Fortify and IBM Appscan source tool to analysis source code. Analysis about false positive results generated by the scanner tools like HP fortify, IBM Appscan source. Use Burp-suite in manual web pen testing like session token analysis, SQL injection payload, Check token strength etc. Suggest coding mitigation to the web-developers.

Internet

Believes in practical knowledge rather than collecting certificates

Netaji Subhas Institute of Technology(NSIT), New Delhi

B.E. in Electronics and communications

School

Central board of secondary Educations, New Delhi