Rohit Singh

OSCE, OSCP, CISE

(91)-9145027767 1107 Amanora Park Town, Pune rohit@rockmail.co

Career Abridgement
Overall 6+ years of experience in Penetration Testing, Vulnerability assessment, Red Teaming attacks for network,
web applications, mobile assessments, wireless security, internal infrastructure configuration reviews, RFID security.
Performs Grey, Black and White box security assessments for top corporate giants.

Highlights of Expertise
• Network Assessment for endpoint devices such as IDS/IPS, Cisco firewalls, VPN endpoints, network printers,
webcams and other network endpoints.

• Performing reconnaissance and information gathering against given network.

• Escalating privileges post gaining foothold of the network.

• Testing thick client applications for Vulnerabilities such as stack based overflows and using egg hunters,
ROP gadgets etc. to bypass memory protections.

• Utilizing dockers flexibility and scalability for security

• Exploiting Web Application Vulnerabilities such as XSS, SQL Injection, XSRF, Template Injections etc.

• Hands on experience with OWASP vulnerabilities.

• Writing scripts/tools to assess the security of complex applications.

• Performing source code analysis using manually and automated tools.

• Working with clients on fixing vulnerabilities.

• Assessing network infrastructure for vulnerabilities.

• Testing wireless encryption such as WEP, WPA/2, WPA enterprise.

• RFID LB/HF passive access cards and their security.

• Having hands on IoT security with HackRf device

Security Awareness Programs:

• Regular attendee at “Black Hat Singapore”

• Gave Presentations on “Bypassing WAF for XSS” in Null Hyderabad chapter meets.
• Gave CTF's in “Null Humla” Session on HTTP Methods, SQL Injections, Pivoting via Proxy Servers etc.
• Contributed vulnerable machines to Vulnhub (SickOs Series)

Tools

• Languages: Python, Bash Scripting, PHP, SQL, HTML, JavaScript

 • Operating System: Kali 2.0, Ubuntu Servers, Windows 7, macOS

• Framework: Metasploit, SQL Injection Labs, XAMPP on windows, LAMP

• Databases: MySQL, SQLite, Microsft SQL Server

• Tools: Nmap, Wireshark, Snort, Squid Proxy, Immunity Debugger, Olly Debug, Burp-suite, Paras Proxy,
OpenVas, Maltego, BeEf, Shelter, Social Engineering Toolkit, AirCrack-ng suite, Nessus, Qualys, SSlite,
Netcat, Mimikatz, Metasploit Framework, Docker

Professional History

• Worked as Security Consultant for many corporate giants such as Capgemini, TCS on contract bases to
assess security for their clients.
• Trained Security professionals in and outside India, groomed their skills.
• Helped and worked closely with many financial sectors organizations including corporate banks and
addressed key loop holes in their security.
• Collaborated with organizational end-users and CFO/CEO to set foundation for reliability and security,
working within the budget to formulate and implement strategic technology solutions.

Declaration:

I hereby declare that the information stated above is correct up to my knowledge and I bear the responsibility for
the correctness of the same.

Place: Pune
Date: 30th November, 2018 Rohit Singh