penetration testing, vulnerability assessment, risk management

Karuna Kiran Hable

301-***-**** adb5x2@r.postjobfree.com https://www.linkedin.com/in/karuna-hable-b346a4105/ EDUCATION

George Mason University, Fairfax, VA 2018 – 2020

Master of Science, Applied information Technology: Concentration in Cyber Security 3.85 Relevant courses: Cloud computing security, Secure software development, Incident handling and Penetration testing, Identity and access management, Cybersecurity Fundamentals, Network and Systems security University of Mumbai, Mumbai, India 2013 - 2017

Bachelor of Engineering, Electronics and Telecommunication Relevant courses: Computer Networks, Mobile communication, Operating systems Skills

Programming Languages: C, Java, SQL, Python, Bash scripting Operating Systems: Windows, Kali Linux, Ubuntu Tools: Burp suite, Metasploit, Wireshark, SQL map, Hashcat, Nessus, Nmap, BeEF, FTK, VMware, VirtualBox, MS Office Suite Network Protocols: HTTPS, IPsec, SSL/TLS, S/MIME, SSH, TCP/IP, OAuth, OpenID Connect Frameworks: NIST, OSI model Technologies: Proxy, IDS, IPS, VPN, Router, Switch, Firewall, Load balancer Certifications: Pursuing CompTIA Security +

PROFESSIONAL EXPERIENCE

George Mason University, Fairfax VA Sep 2019

Precollege Instructor & Graduate Teaching Assistant (GTA)

• Teaching 25 high school student’s concepts of Computer Forensics with hands-on experience through lab exercises

• Held responsibility in grading quizzes, midterm, Final exam and term papers of 55 students for master’s level courses Cybersecurity Fundamentals and Cloud computing Security

George Mason University School of Business, Fairfax VA Jan 2019 - May 2019 Graduate Teaching Assistant (GTA)

Designed and constructed following Penetration testing materials/lab exercises for course Introduction to Cybersecurity using Kali Linux

• Identified and exploited SQL injection vulnerabilities in web applications, executed queries in the database in order to enumerate and extract data using SQL map & Burp Suite

• Brute force website login page by intercepting browser request using burp suite

• Intercepted data packets to sniff passwords using Wireshark

• Scanned target to build an effective attack plan, performed vulnerability scan using Nessus and identified known security flaws on target machine, exploited the weakness and gained an interactive shell session with target machine

• Hacking using BeEF XSS Framework

Majesco Software & Solutions India Pvt. Ltd. Jun 2017 – Jul 2018 Software Engineer

• Developed testing test plans, scenarios, scripts, or procedures that addressed areas such as database impacts, software scenarios, black box testing, regression testing, security testing, error or bug retests, or usability

• Documented software flaws, using JIRA, and reported defects to software developers

• Analyzed application log files to troubleshoot root cause of defect and to reproduce bugs

• Experience in working in an Agile environment

• Planned test schedules/strategies in accordance with project delivery dates and collaborated closely with developers which reduced 40% of bug fix time

• Provided value additions in decision making meetings with Project Lead & IT developers for gaps & defects found in testing

• Awarded by Spot Award as a Quick Learner for grasping project related concepts, along with other projects and contributing towards ensuring quality deliverables

ACADEMIC PROJECT

Risk Assessment on a fictional Company Sept 2019

• Performed security assessment, identified risks & categorized them based on critical, medium and low risk ratings

• Provided countermeasure to mitigate those risks & provided with impact to the company for those countermeasures Public-Key Cryptography [Python] May 2019

• Designed end-to-end encrypted file transfer between client and server.

• Developed client-server python script which is used to encrypt/decrypt multiple file types; used public-key cryptography; 512-bit RSA key pair is generated by OpenSSL on the server side XSS Worm Apr 2019

• Exploited cross-site scripting vulnerability to launch an XSS attack on Elgg an open-source web application used for social network

• Spread an XSS worm amongst users, such that whoever views an infected user profile will be infected and whoever is infected will add you to their friend list

Buffer-overflow Vulnerability Feb 2019

• Utilized buffer overflow vulnerability to gain root privilege

• Mitigated this attack using address randomization, stack guard protection & non-executable stack protection schemes implemented in Linux

Contact this candidate