Utkarsh Agrawal

City: Bangalore, India

DOB:- **th Aug 1998

Phone: +91-701*******

Email: adjthl@r.postjobfree.com

Github: https://github.com/agrawalsmart7/

Twitter: https://twitter.com/agrawalsmart7

Working: CloudSEK (1.5 Years)

Objective

Looking for an opportunity through which I can apply my skills to secure the Company Infrastructure.

Skills

Web Applications Reconnaissance, Scanning, OWASP Top Ten attack vectors like SQL injection, XXE, XSS, LFI, RFI, PHP Object Injection (New), Broken Authentication and Session Management, Security Misconfiguration like CORS Misconfiguration Exploitation, Open S3 Bucket Exploitation, Access Control Management System (IDOR’s, Direct Browsing, etc.), CSRF, Command Injection, File Upload Exploitation, Subdomain Take Over, etc. Networking DHCP, DNS, FTP, SSH, SSH Port Forwarding, HTTP, TCP/IP, SMB, Active Directory Exploitation, Privilege Escalation, etc.

Language HTML, PHP (OWASP Top 10 Mitigation), Python. Mob Applications Android (Static & Dynamic Analysis, OWASP Mobile Top 10, Analyzing Activities, Content Providers, etc.).

Tools/Software Nmap, Sublist3r, Netcat, Metasploit, PowerView, Mimikatz, Burp Suite, SQLMAP, Putty, Auto-Recon., ApkTool, Enjarify, Empire, Ettercap, Wireshark, Nikto, BloodHound, Responder, git, etc. Container

Pentesting Mainly on Docker ( Github Repo )

Cloud Security

(Basic 101 ) Amazon Web Services, Google Cloud Platform ( Github Repo ) Achievements:

● Author of AutoRecon [https://github.com/agrawalsmart7/autorecon]

● Presented at Owasp SeaSides 2019, Goa.

● Won awards presented by CloudSEK:

* Employee Of the Year

* Outstanding Performer.

● Performed Pentest for an Online Residents Communication Portal with more than 74k Users resulting in Unauthorized Admin Access, Compromise of user’s privacy, and server compromise.

● Wrote multiple blogs:

Understanding XXE from Basic to Blind [Blog]

Enumerating AD with BloodHound and SharpHound [Blog]

Steal CSRF/Auth/Unique key Header with XSS [Blog]

How I hacked 74k users of a website. [Blog]

SQLi is everywhere [Blog]

What is CSRF, Preventions? And How to bypass CSRF protection via XSS? [Blog]

From Local-file-inclusion to CMD injection.[Blog]

● Hall of Fame(s) / Bug-Bounty (Accenture, HackerOne, WikiLoc, HoneyWell, Shopclues)

● Received goodies and swag for finding security vulnerabilities from different Platforms.

● Contribution in Open bug bounty platform.

https://www.openbugbounty.org/researchers/agrawalsmart7/ Educational Qualifications

Exam Institution Year of Passing Percentage B.Com Agra University 2019 62%

12th

RLVM, Hathras (C.B.S.E) 2016 71.9%

10th

RLVM, Hathras(C.B.S.E) 2014 60%

Contact this candidate