Sharing a blog post from my Synack work, a reminder that solid offensive security is about process, persistence, and details.

🔓 Boot files weren't supposed to talk. But they did. RSA keys. /etc/passwd. Admin/Admin in production firmware. No CVE. No exploit. Just a misconfigured web server. My latest writeup on Synack Exploits Explained 👇 🔗 synack.com/exploits-explaine…

here are the top 9 things i’ve learned in my first 6 months working as a senior cybersecurity consultant for @CrowdStrike: 1. github is terrifying. parse your own repos for hard coded creds, thank me later 2. great companies still exist, crowdstrike is one of them 3. the hallmark of a great manager is someone who listens to understand, and teams up with you to work to solve the problem you face. not someone who works against you 4. consulting doesn’t have to drain you. a mature, well-run consulting firm provides you the necessary resources (including sufficient staffing) to commit 110% to each of your clients without overworking yourself 5. identity-based attacks are what keep most security practitioners awake at night nowadays 6. i am under-skilled in networking and AD, but that’s ok because i have colleagues who are geniuses in these areas and a solid consulting firm balances out talents/skills. my talents/skills are just as valuable. comparing yourself to everyone around you achieves nothing positive 7. having a job that you genuinely enjoy, working for people and a company that treat you with kindness and respect does wonders for your mental health. i didn’t realize how poor my mental health was due to struggles at my previous job 8. the best consultants are the ones who genuinely care and want to provide actionable, realistic solutions 9. the color changing, dancing dino emoji in slack is elite. you can’t change my mind

IMPORTANT DEVELOPMENT... 'CHUP' ₹ 100 TICKET FROM MON - THU... #Chup tickets at ₹ 100 from 26 to 29 Sept 2022 [#Navratri]... OFFICIAL ANNOUNCEMENT... Note: *T&C apply. Offer applicable in select cities. linktr.ee/ChupMovie

Had worst experience with #kfcuae #kfc chicken was not fresh, fries seems to be weeks old, no ketchup, no spoons, no plates. We had to throw half of the food. Its very hard to waste food. But out of options. None eats this food @kfc

The structure of my videos will be to first exploit the vulnerability manually and then script it. Here's a sample video of me scripting an SQLi exploit. Since the scripting portion takes up most of the video time, I'd like to know if that's something that you would find useful?

Sad to see this is not clear for people in 2021 (CISO & co) but: Vuln. Assessment != AppSec AppSec != Pentest Pentest != RedTeaming Redteaming != internal pentest (AD) Adversary simulation != Adversary emulation that != Purple Teaming. Each approach is complementary, thank you😤

It's wonderful to have @daemon_user from @niiconsulting to give a talk in our upcoming @Hackers_Meetup on 19 july Register now forms.gle/scj9gKwSukAaQom1A #TheHackersMeetup #THMIndia

We are glad to announce that our Subject Matter Expert @daemon_user (Sukesh Shetty) will be speaking on 'Firewall Rule-set and Configuration Review' at @Hackers_Meetup on 19th July (Sun) at 10:00 AM (IST) #cybersecurity #firewall #webinar #hackers #onlinemeetup #onlineconferences

Thanks to our wonderful team of @gharbhejo n tremendous on ground support from @khaanachahiye Ninjas we got1000 people who had reached out to us for help onto trains to UP. Many thanks to @MumbaiPolice @RailMinIndia. And eternal gratitude to the rockstar @SonuSood n @NeetiGoel2

Shout out to the great initiative started by YashpalSinh Sisodiya - a non-profit organization to help Cyber crime victims. We as a CyberNGO would like to help Cybercrime victims, spread awareness to avoid users being victimized i…lnkd.in/dX5EgDX lnkd.in/d85dzmw

⭕ *68,000 crore* of loan waiver given to big corporates ⭕ *20,000 crore* being spent for central vista project Dear Government of India, show your priority. Ensure free transport to workers. #NoFareForWorkers

Thanks to our wonderful donors, we were able to distribute ration kits of essential food grains, oil, salt, sugar, etc to 26 families in this slum on RTO Road, Andheri West. #lockdown #Coronavirus @projectmumbai1 @rubenmasc @HelpingHandsTwt @swaraj1983

The single best way to overcome Covid-19 anxiety is to engage yourself in charitable work. Spending an hour or two every day doing something for others takes you completely out of your egocentric viewpoint. There's so much remote work that needs to be done.

This is a slum of nearly 1000 people, called Madraswadi right on JVLR. They are all daily wage workers and don't have ration cards or any other safety net. Totally dependent on handouts. @OfficeofUT @AUThackeray @MantralayaRoom @rubenmasc @projectmumbai1

Homeless people under the Amar Mahal flyover are now completely dependent on handouts for their survival. #Lockdown #MumbaiSlums @projectmumbai1 @thebohrikitchen @rubenmasc

As we have completed the first 6 months of the FY 2019 - 20, we would like to thank you for your business & support in scaling new heights. During this period, we achieved a 59% growth compared to the same period over the last year. We look forward to your continued support!

What are some endpoints that make you excited when it pops up while performing a directory brute force? Here are some of mine: /api/proxy /swagger-ui /demo /metrics

Received the prestigious Employee of the year from the company!! Thank you all the seniors and my comrades for supporting and believing in me to achieve this feat!! Cheers!!! #employeeoftheyear #networkintelligence #nii #cybersecurity #informationsecurity

Cleared ISACA CISA certification today!!! #cybersecurity #infosec #isaca #cisa