I am a database security researcher and penetration tester, with more than 2 years of professional experience and 2 years of independent self-teaching and pursuit of bleeding-edge tactics, techniques, and procedures (TTPs). Combined with 4 years of former software and database development experience, I possess a total of 8 years of working with, developing, and reverse engineering the latest in database technology. I look forward to expanding my skill set and experience in the cyber and information security space, and bringing my passion and diligence to your organization!

core competencies

  • operating systems: windows, macOS, kali linux, ubuntu server

  • networking: TCP/UDP/IP, FTP, SSH/Telnet, NFS, SMTP, Routing, DNS, PKI, SSL/TLS, Wireshark

  • databases: MS SQL Server, MySQL/MariaDB/Percona Server, PostgreSQL, MongoDB, Amazon Aurora/RDS, Oracle, CosmosDB, Teradata, Cassandra, DynamoDB, AzureDB

  • cloud + DevOps: Git, Apache SVN, Kubernetes, Redhat OpenShift, Docker, Terraform, Jenkins, AWS ECS/EC2/S3, Azure DevOps, Jira, SAST/DAST, NUnit

  • scripting + programming: Shell (zsh, Bash, Powershell), Python, C++, C#, PHP, XML, SQL, Javascript, Ruby, Go, Groovy

  • web: cookie stealing, session hijacking, Burp Suite (credential stuffing, fuzzing, proxy)

  • information gathering: subdomain/directory/file enumeration, sublist3r, amass, dirb, dirbuster, netcat

  • footprinting + scanning: nmap, enum4linux, smbclient, sqlmap, Shodan, linPEAS

  • vulnerability assessment: Nessus, Nexpose, GFI LANGuard, dbProtect

  • attack vectors: brute-force/dictionary attacks (john, Hydra, hashcat), buffer overflows, active directory, XSS, sql injections, null sessions, ARP poisoning/spoofing, backdoors + reverse shells, local/remote file inclusion, remote code execution, privilege escalation + persistence, Metasploit, shellcodes, reverse engineering + malware analysis, OWASP Top 10

  • defense: firewalls, logging, IPS/IDS, SIEM, SOAR, system + device Hardening

  • frameworks + principles: MITRE ATT&CK, Cyber KillChain, NIST, SOC2, FISMA, GDPR, ISO 27001/2, DISA-STIG, CIS Benchmark, Zero-Trust (Data Loss Prevention), CIA Triad

work experience

database security researcher @ Trustwave SpiderLabs

  • responsible for discovery and investigation of the latest attacks and vulnerabilities pertaining to 17 (and counting) major relational database management systems on behalf of our clients, who occupied key sectors such as telecommunications, energy, and national security & defense.

  • provided the engineering team with hard technical research and data gleaned from the vulnerability assessment engine and other automation platform, based on various needs communicated by the product team, to develop full protection against current and future threats.

  • developed and improved our vulnerability assessment engine, by adding over 300 unique check scripts and over 66 framework scripts. the engine is implemented in C#, running under the .NET platform, and uses IronPython to execute Python scripts (checks) that look for vulnerabilities and report the findings in an event-driven manner.

  • developed and tested our automation platform that parses software vendor security advisories (ETL) and extends project functionality to better support new platforms, by leveraging vast amounts of threat intelligence and telemetry data to develop new automation patterns and algorithms and provide critical patch updates to clients.

  • closely studied the most current DISA-STIGs and CIS Benchmarks to close any gaps in our clients’ compliance requirements. Personally added detection and support for MongoDB 4.x/5.x/6.x, PostgreSQL 13.x, MariaDB 10.x, Oracle 12c, and more.

  • in-depth research of whitepapers, statistics, conference presentations and blog articles to bolster both work-related and individual research efforts. published internal research pertaining to MongoDB Buffer Overflows, Honeypots and Malware Analysis, Attacks on the Healthcare Sector, and more.

lead database developer @ Veryon

  • authored, validated, and maintained high-quality, guided troubleshooting solutions for a reasoning engine based on several maintenance manuals for a variety of equipment and systems.

  • developed entire libraries and databases, Powershell scripts, and Tableau data visualizations to collect analytics and deliver engagement reports to our clients. Worked well with a wide range of personalities and roles, and actively participated in project roadmaps and discussions, providing technical suggestions, including estimates and priorities.

  • gained ability to be flexible to shifting priorities and workloads, and to work on multiple time-sensitive projects.

education

bachelor of engineering @ Western U

majored in electrical and computer engineering, with a specialization in information communication and transmission.

languages

  • english: native
  • hindi: native
  • urdu: native
  • arabic: intermediate
  • french: intermediate
  • mandarin: rudimentary

interests

  • homelab
  • philosophy
  • reading
  • photography
  • dancing
  • basketball