Aswin Sundar
Hi, I'm Aswin. I've been genuinely fascinated by cybersecurity for as long as I can remember, not just as a career but as a field I actively enjoy, from understanding the technical intricacies of how systems and protocols are designed to appreciating the ingenuity behind how they can be subverted.
I currently work as an Information Security Analyst at Hirezon, where my work spans threat detection, building LLM-based security workflows, access risk management, and security compliance. Lately I've been personally drawn toward applying machine learning to security telemetry and detection problems. I'm early in that journey, working on strengthening my math foundations, but it's the direction I'm most excited about.
"Aswin showed an incredible amount of integrity, knowledge, professionalism, and technical capabilities."
- Scott Bartlett
Senior Research Scientist - Cybersecurity, FM Global
[The complete recommendation can be found in my LinkedIn profile]
CTF Activities
I am a member of the CTF team lagoon-shells. I predominantly solve Web based challenges but I also solve challenges in other categories (like Misc, OSINT, Rev, etc.) based on the team's needs.
Notable Participations
- Secured the 100th place (out of 1360 teams) in PatriotCTF 2024.
- Secured the 192nd place (out of 2632 teams) in NahamCon CTF 2024.
- Secured the 448th place (out of 5694 teams) in Cyber Apocalypse 2024: Hacker Royale.
- Secured the 96th place (out of 1074 teams) in LA CTF 2024.
Open Source Initiative
A-CTFplayer-s-Humble-Notebook
Created an open source repo to serve as a living notebook containing the details of frequent as well as unique attack techniques, cmds for various security tools etc., gathered from my experiences of playing CTFs, solving HTB & THM Challenges and also based on my learnings from other interesting CTF writeups/security resources.
Created the repo to serve as a learning resource for CTF players and members of the cybersecurity community [Repo's Link].
A-CTFplayer-s-Humble-Toolkit
Developing a growing collection of handy tools to help in various CTF scenarios [Repo's Link].
Publication
Deep Learning and NLP based Side Channel Attack for Text Inference in Smartphones
- Worked on a PoC for a side channel attack, using which the information typed on an Android smartphone's keyboard can be inferred by any background process.
- Proved that it is possible to predict the letters typed by a victim by exploiting the readings from motion sensors like accelerometer and gyroscope and by using a Recurrent Neural Network.
- Published this in IJEAT [Paper's Link].
Technical Skills
Skills |
Threat Detection & Analysis, Web Application Security, DevSecOps (SAST, SCA, DAST), Access Control & Privilege Management, Network Security, Security Hardening, Vulnerability Management, Container Security |
Languages |
Python, Bash, SQL, Java, C, C++, C#, Rust, CUDA |
Operating Systems |
Linux, Windows, Android |
Tools & Technologies |
Cloudflare, Burp Suite, Git, Wireshark, Nmap, Claude Code, Snort, Kubernetes, Docker, osquery, pfsense, Active Directory, OpenSSL, Kerberos, Splunk, Metasploit, Hydra, winPEAS, linPEAS, Spiderfoot, Mimikatz, GDB |
Frameworks & Standards |
NIST SP 800-53 Rev5, OWASP Top 10, GovRAMP (aka StateRAMP), SOC 2, HECVAT, Zero-Trust Architecture |
Projects
Passwordless Authentication System for Web Apps
January 2023 - April 2023
- Developed a system that facilitates the passwordless authentication of users on web apps.
- The system is based on asymmetric cryptography and challenge response protocol.
- The system consists of three components: a Key Store Wallet (a Windows App that generates and manages the key pairs), a Client-side SDK and a Server-side SDK that help developers utilize the system in their Front-end and Back-end apps.
- The system supports various "Passwordless user actions" such as account creation, authentication, changing credentials and account deletion which traditionally require a password.
- The Key Store Wallet also supports the secure export (as well as import) of the user's private keys. This helps the user access their existing "Passwordless accounts" for various domains from a different device.
Implementation of a Kerberos realm using Docker
February 2022
- Implemented Kerberos authentication for services running inside Linux Docker containers.
- Configured a Linux docker container to serve as a Kerberos server using the packages krb5-kdc and krb5-admin-server.
- Added the needed user and service principals to the database of the Kerberos server and generated keytab files for the service principals.
- Configured a Linux Docker container to serve as a Kerberos client using the packages krb5-user and krb5-config.
- Configured the services running in the containers to use Kerberos authentication.
ELF file infecting virus
December 2021
- Developed a self-replicating ELF virus to study a classical approach to malware propagation.
- Designed the virus to locate uninfected ELF binaries, inject itself while preserving original functionality, and continue spreading on execution.
Implementation of a Secure Internal Network
October 2021
- Implemented a secure Internal Network using Virtual Machines, in which a Linux VM acted as the Gateway for a Windows VM on the internal network.
- Configured the Internal Network Interface of the Linux VM (Gateway) using Netplan and then enabled IP forwarding.
- Configured bind9 as a caching DNS server in the Linux VM.
- Configured the network settings on the Windows VM appropriately to achieve the internal network setup.
- Utilized iptables to implement a firewall that controlled the traffic between the internal network and the external network.
Privacy focused Chrome extension for phishing detection
July 2018 - September 2018
- Developed an extension for detecting phishing websites using Random Forest Classifier.
- Ensured user's privacy, by designing the extension to not collect and send user's browsing data for classification. Instead the classification is performed on the client side with a one time download of the classifier model.
Event Management Application (Android App)
June 2017 - July 2017
- Developed an Android application to create and manage events.
- Introduced additional features such as sharing of event's information with friends, group chat and participants' live tracking.
Crop fields Monitoring Bot (IoT)
February 2017
- Developed an Android application that controlled a Raspberry pi driven bot which was developed to survey a field at specific intervals and send the field's environment data (like soil moisture, air quality etc.) back to the application.
Certifications
Linear Algebra for Machine Learning and Data Science (Coursera) [Cert's Link]
February 2026
DevSecOps Learning Path (TryHackMe) [Cert's Link]
![[Cert's Link]](https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-5Z0NVUGLLC.png){kind=link}
April 2024
Microsoft Certified: Azure Fundamentals (AZ-900) [Cert's Link]
March 2024
Windows Privilege Escalation for Beginners (Udemy) [Cert's Link]
September 2023
Fundamentals of Backend Engineering (Udemy) [Cert's Link]
July 2023
Web Fundamentals Learning Path (TryHackMe) [Cert's Link]
![[Cert's Link]](https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-ZQ7UQKLWIF.png){kind=link}
June 2023
Linux Privilege Escalation for Beginners (Udemy) [Cert's Link]
April 2021
Learn Website Hacking / Penetration Testing From Scratch (Udemy) [Cert's Link]
March 2020
Real-Time Cyber Threat Detection & Mitigation (Coursera) [Cert's Link]
March 2019
Neural Networks and Deep Learning (Coursera) [Cert's Link]
January 2019
Cyber Attack Countermeasures (Coursera) [Cert's Link]
January 2019