Conducted full scale forensic analysis in a team of 2 as part of a multi-week multi-phase exercise related to an enterprise breach. This exercise was simulated using a scenario with evidence handed out every week with a set of questions to be answered based on it. The investigation involved analyzing network capture using wireshark, filtering out suspicious connections, tracking lateral movement of attackers, conducting disk analysis of compromised systems, creating super timeline to correlate events and finding truecrypt container passwords which were exposed in the memory dump. As part of deliverables, documented entire investigation methodology and provided remediation steps to prevent future breaches and to harden overall security.

Leveraged PCA (Principal Component Analysis) using RapidMiner software to filter out interesting events in a linux firewall log consisting of over 300,000 events. The steps involved included parsing the log file using python to get field information and correct formatting errors, normalizing the field values, feeding the CSV into RapidMiner to get important components based on columns parsed and then looking at outliers to determine potential violations.

Forensically analyzed a suspect’s hard drive for evidence relating to an attack plan. Recovered graphic image files by file carving, user accounts, thumbnail databases, analyzed MSN and IRC chat logs, internet history and cookie information and decrypted encrypted evidence. Correlated gathered evidence to create a timeline of events. Created a professional forensic report outlining all findings and evidence

Analyzed a memory dump and IR data of a compromised windows web server running IIS. Leveraged volatility and its plugins to gather information about processes including potential rootkits, associated files and handles, network activity and suspicious connections. Detailed out findings in a report.

It is a research based project aimed at inferring firewall policies on a given SDN network. We experimented with random probing algorithm and smart probing algorithm which made use of machine learning (SVM classifier) to determine network access control policy. We also determined the effectiveness of the above algorithms in python and created a project report detailing theory, implementation and results of our research.

Implemented information assurance principles on a vulnerable virtual company network which included hardening servers, defending and responding to live injected attacks to ensure uptime of critical services on the network

Created a network scenario as a proof of concept to leverage IPv6 in order to compromise a windows server machine using Armitage(Metasploit) running on Kali Linux

Exploited buffer overflow vulnerability in C by writing shell code to change the runtime behavior of various programs (standalone, client-server) with and without ASLR protection

Built a simple stateful firewall using the modular software router Click which can be used for fast prototyping of routing protocols. Network traffic is inspected against a policy file and decisions are made by the firewall.

Induced DOS attack by sending random SYN packets to a switch connected to a SDN controller in mininet. The switch was not able to find the matching handling rules and thus forwarded the packet to the controller, thereby flooding it with requests which saturated the SDN control plane.

Implemented a dynamic taint checker for a programming language called SIMPLE (subset of C). The taint checker ensured that no value derived from a secret is ever printed. Developed several test cases that demonstrate that the checker worked correctly.

Gained first hand experience with running snort on network traffic capture files and detecting alerts. Wrote simple custom snort rules to detect a sample worm. Analyzed BGP update data using route_btoa tool and plotted graphs depicting BGP route announcements and withdrawal messages at the time slammer worm was launched.

Wrote custom static analysis checkers using the Coverity API to enforce desired program properties. Checkers detected usage of unsafe functions in C, modification of random variables, off-by-one and buffer overflow errors and negative shift values.

Gained hands on experience on various prominent web application attacks such as SQL injection, XSS, CSRF and Timing Attacks. Documented each attack, clearly explaining the vulnerability and how the exploit works.

Used the SPARK verification tools to explore verification of security properties. Added preconditions and postconditions to existing ADA functions to enforce desired properties.

Implemented and optimized the runtime of the algorithm described in the research paper titled “Digital Steganography for ASCII Text Documents” using C

A front end for the linux firewall with basic and advanced filtering features such as creating and modifying custom chains. Monitoring support to view firewall rules as well as active connections simultaneously is included. Incorportes features such as port scanning, information on IP, whois and reverse lookup.

A secure, cost effective and flexible remote control system that operated via sms service for performing day to day trivial tasks on one’s PC.