Aswin Sundar
Hi! I am Aswin. I have a Master's degree in Cybersecurity from Northeastern University (USA). I got my Bachelor's degree in Computer Science and Engineering from Anna University (India), after which I worked at Honeywell Technology Solutions Lab Pvt. Ltd. (India) as a Software Engineer I. During my Masters, I also got to work at FM Global (USA) as a Cyber Lab IT/IIoT/OT Testing Intern - Tech IV.
I have an intense passion for the field of Cybersecurity and love learning new stuff about it everyday. I firmly believe that this continuous learning is the only way that will help me achieve my goal of becoming an ardent contributor to the field. My topics of interest include Web, Systems and Network Security. I love solving security challenges in platforms like Hack The Box [my HTB profile] and TryHackMe [my THM profile].
"Aswin showed an incredible amount of integrity, knowledge, professionalism, and technical capabilities."
- Scott Bartlett
Senior Research Scientist - Cybersecurity, FM Global
[The complete recommendation can be found in my LinkedIn profile]
CTF Activities
I play for the CTF team lagoon-shells. I predominantly solve Web based challenges but I also solve challenges in other categories (like Misc, Rev, etc.) based on the team's needs.
Notable Participations
- Secured the 192nd place (out of 2632 teams) in NahamCon CTF 2024.
- Secured the 448th place (out of 5694 teams) in Cyber Apocalypse 2024: Hacker Royale.
- Secured the 96th place (out of 1074 teams) in LA CTF 2024.
Open Source Initiative
A-CTFplayer-s-Humble-Notebook
Created an open source repo to serve as a living notebook containing the details of frequent as well as unique attack techniques, cmds for various security tools etc., gathered from my experiences of playing CTFs, solving HTB & THM Challenges and also based on my learnings from other interesting CTF writeups/security resources.
Created the repo to serve as a learning resource for CTF players and members of the cybersecurity community [Repo's Link].
A-CTFplayer-s-Humble-Toolkit
Developing a growing collection of handy tools to help in various CTF scenarios [Repo's Link].
Publication
Deep Learning and NLP based Side Channel Attack for Text Inference in Smartphones
- Worked on a PoC for a side channel attack, using which the information typed on an Android smartphone's keyboard can be inferred by any background process.
- Proved that it is possible to predict the letters typed by a victim by exploiting the readings from motion sensors like accelerometer and gyroscope and by using a Recurrent Neural Network.
- Published this in IJEAT [Paper's Link].
Technical Skills
Skills |
Web Application Exploitation (using techniques like XSS, SQL injection, Command injection, IDOR, SSRF etc.), Binary Exploitation, Linux and Windows Privilege Escalation, Active Directory, Azure, DevSecOps, Container Security |
Languages |
Python , Rust, C, C++, Java, HTML, JavaScript, SQL, Bash, PowerCLI, C# |
Operating Systems |
Linux, Windows, Android |
Tools & Technologies |
Nmap, Burp Suite, Metasploit, OWASP Top 10, Mimikatz, GDB, Kerberos, Cisco Switches, Wireshark, Docker, Kubernetes, Git, OpenSSL, osquery, Spiderfoot, Hydra, pfsense, Snort, Splunk, Node.js, React, Censys, Shellter, Clang static analyzer, YARA, winPEAS, linPEAS, Terraform |
Projects
Passwordless Authentication System for Web Apps
January 2023 - April 2023
- Developed a system that facilitates the passwordless authentication of users on web apps.
- The system is based on asymmetric cryptography and challenge response protocol.
- The system consists of three components: a Key Store Wallet (a Windows App that generates and manages the key pairs), a Client-side SDK and a Server-side SDK that help developers utilize the system in their Front-end and Back-end apps.
- The system supports various "Passwordless user actions" such as account creation, authentication, changing credentials and account deletion which traditionally require a password.
- The Key Store Wallet also supports the secure export (as well as import) of the user's private keys. This helps the user access their existing "Passwordless accounts" for various domains from a different device.
Implementation of a Kerberos realm using Docker
February 2022
- Implemented Kerberos authentication for services running inside Linux Docker containers.
- Configured a Linux docker container to serve as a Kerberos server using the packages krb5-kdc and krb5-admin-server.
- Added the needed user and service principals to the database of the Kerberos server and generated keytab files for the service principals.
- Configured a Linux Docker container to serve as a Kerberos client using the packages krb5-user and krb5-config.
- Configured the services running in the containers to use Kerberos authentication.
An ELF file infecting virus
December 2021
- Developed a computer virus to understand the methodology that a typical malware writer utilizes to develop a virus.
- Designed the virus to look for an uninfected ELF file in the current directory. On finding one, the virus copies itself into the host file while preserving it's original functionality. When the infected ELF file is executed, the file functions as usual but the virus code in it is designed to repeat the process of infecting an ELF file in the background.
Implementation of a Secure Internal Network
October 2021
- Implemented a secure Internal Network using Virtual Machines, in which a Linux VM acted as the Gateway for a Windows VM on the internal network.
- Configured the Internal Network Interface of the Linux VM (Gateway) using Netplan and then enabled IP forwarding.
- Configured bind9 as a caching DNS server in the Linux VM.
- Configured the network settings on the Windows VM appropriately to achieve the internal network setup.
- Utilized iptables to implement a firewall that controlled the traffic between the internal network and the external network.
Privacy focused Chrome extension for phishing detection
July 2018 - September 2018
- Developed an extension for detecting phishing websites using Random Forest Classifier.
- Ensured user's privacy, by designing the extension to not collect and send user's browsing data for classification. Instead the classification is performed on the client side with a one time download of the classifier model.
Event Management Application (Android App)
June 2017 - July 2017
- Developed an Android application to create and manage events.
- Introduced additional features such as sharing of event's information with friends, group chat and participants' live tracking.
Crop fields Monitoring Bot (IoT)
February 2017
- Developed an Android application that controlled a Raspberry pi driven bot which was developed to survey a field at specific intervals and send the field's environment data (like soil moisture, air quality etc.) back to the application.
Certifications
DevSecOps Learning Path (TryHackMe) [Cert's Link]
![[Cert's Link]](https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-5Z0NVUGLLC.png){kind=link}
April 2024
Microsoft Certified: Azure Fundamentals (AZ-900) [Cert's Link]
March 2024
Windows Privilege Escalation for Beginners (Udemy) [Cert's Link]
September 2023
Fundamentals of Backend Engineering (Udemy) [Cert's Link]
July 2023
Web Fundamentals Learning Path (TryHackMe) [Cert's Link]
![[Cert's Link]](https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-ZQ7UQKLWIF.png){kind=link}
June 2023
Linux Privilege Escalation for Beginners (Udemy) [Cert's Link]
April 2021
Learn Website Hacking / Penetration Testing From Scratch (Udemy) [Cert's Link]
March 2020
Real-Time Cyber Threat Detection & Mitigation (Coursera) [Cert's Link]
March 2019
Neural Networks and Deep Learning (Coursera) [Cert's Link]
January 2019
Cyber Attack Countermeasures (Coursera) [Cert's Link]
January 2019