Engineer Security

ABHISHEK GUPTA, M.S. CYBER SECURITY

***** ******** ****, *** *, Charlotte, NC 28262-8874 704-***-**** adkc84@r.postjobfree.com https://www.linkedin.com/in/abhishek-muralidhara-gupta/ SUMMARY

• Highly determined to develop my career as a Cyber Security Engineer and strive to achieve success for the organization and myself, thus improving my skills thereby.

• A passionate cybersecurity grad student who discovered a zero-day vulnerability while working on my semester project.

• Team player, team builder, team motivator and compassionate engineer with leadership qualities and problem solving abilities.

• Articulate, accountable, adaptable, committed, honest and a trustworthy individual.

• Currently Pursuing Security+ certification by CompTIA TECHNICAL SKILLS

Programming: Python, C programming

Networking/Network Sniffing: Wireshark, Cisco Packet Tracer Cloud Services: AWS (EC2)

Softwares/Tools/Technologies: Splunk, Burp Suite, Kibana. Penetration testing tools: Nessus, Ettercap, nmap, OWASP ZAP, Snort, netcat, hashcat, cain and able. Operating Systems: Windows 10, Linux (Ubuntu, Fedora, Kali Linux) Virtualization: VMWare Workstation Pro, Oracle VirtualBox Forensics: FTK Imager, Autopsy, HxD Editor

EDUCATION

M.S. Cyber Security, University of North Carolina at Charlotte, 2019 - 2021 GPA: 4.0

– Penetration Testing and Secure Programming

– Network Security

– Competitive Cyber Defense

– Security Analytics

– Computer Forensics

– Enterprise and Infrastructure Protection

– Malware Analysis

– Applied Cryptography

– Computer Communication and Networks

– Principles of Information Security and Privacy

B.E. Electronics and Communication Engineering, VTU, Belgaum, India, 2011 - 2015 GPA: 3.4

– C programming

– Computer Networks

– Network Security

– 8086 Microprocessor and Programming

– Real time Operating Systems

– Embedded Systems

WORK EXPERIENCE

University of North Carolina at Charlotte Charlotte, United States Teaching Assistant Jan 2021 to Present

• Graduate Teaching Assistant for Competitive Cyber Defense ITIS 5246, a graduate level course.

• Mentor 52 students for any queries and problems related to course.

• Developed training materials, assignments, helping other activities like grading, evaluation, etc. Rove Labs Bengaluru,India

Research and Development Engineer Jun 2018-Jul 2019(1 year 2 months)

• A startup involved in academia oriented on IoT and robotics that pulled me towards cybersecurity.

• As an instructor had been a part of the team that has conducted workshops for more than 500 engineering students. ACADEMIC PROJECTS

Configuring, Exploiting and Defending a SmartHome Router Aug 2019 - Dec 2019

• A semester long project, successfully completed in 3 phases throughout the semester. (Network Security, Web Security and Software Security)

• Network security phase emphasised on Configuring firewall using iptables.

• Web security phase emphasised on discovery of XSS and CSRF vulnerabilities, exploiting and defending the vulnerabilities.

• Software security phase emphasised on analysing and exploiting dnsmasq buffer overflow vulnerability intended to crash the router.

Configured a Secure Apache Web Server and strong Swan VPN server in a Linux environment Oct 2019

• Generated OpenSSL keys, self-signed certificates, and allowed HTTPS to configure a secure Apache web server.

• Set up a VPN server to use an internal CA certificate and start a VPN connection from the client to access a protected VPN web server.

Simulated a DDoS Crossfire attack Nov 2019

• Created a simulation of a network flooding crossfire attack.

• Developed a network design with the help of NS bench in order to simulate scripted DDoS attack using bots to flood paths of servers to deny legitimate service to genuine users. Configured a secure Corporate ecosystem utilising Single-Sign-On Services Feb 2020

• Enforced the Kerberos service that provides single-sign on services.

• Developed the framework for an enterprise network consisting of Master and Slave DNS servers, an LDAP directory service, a Kerberos service, an SSH server that authenticates users using Kerberos, and a client that can access Kerberos tickets that allow the client to authenticate services (like SSH) via Kerberos. Developed a secured communications network. Mar 2020

• Enabled DNSSEC and signed forward and reverse zones for DNS servers.

• Created a root CA and configured it for use on a web server, LDAP server, SQL server in a variety of containers.

• Configured and setup WordPress to use MYSQL for storage and LDAP for authentication using Nginx in a container.

• Configured a TLS certificate from your root CA for a web server and an LDAP server, reconfigured the containers to use the TLS-protected LDAP server.

Full Penetration Test of the purposely insecure Web Application-Tunestore. Oct 2020

• Manual penetration checks conducted to identify XSS, CSRF, SQL Injection, Failed Authentication, and click jacking.

• Proposed prevention methods and applied on the application.

• Automatic vulnerability tests were conducted using OWASP ZAP to detect vulnerabilities. Security analytics using Kibana data visualisation dashboard . Dec 2020

• DNS log analysis to detect anomaly detection.

• Log enrichment using python program and ingested into elastic SIEM for Net Flow analysis to detect data ex filtration.

• Endpoint detection through analysis of login activities and vulnerability scanner logs. ACHIEVEMENTS

• Co-discoverer of CVE-2019-18992-Multiple XSS Vulnerabilities in OpenWrt Firmware (2019)

Contact this candidate