• Designed & Developed multiple versions of EXAM labs for HTB CPTS (HackTheBox Certified Penetration Testing Specialist) Certification.• Designed & Developed a scalable Ansible structure from scratch that can fully automate & streamline the building process of HTB Academy module Labs/Vms. [VM Provisioning (Creating/Cloning) -> Configuring -> Final Hygiene (Production)].• Automated building multiple versions of CPTS Exam labs & Academy Module labs by stitching multiple stuff together (Ansible, Powershell, Python, Bash, Docker, Flask, Php...)• Made reusable dynamic Ansible Roles to completely automate Active Directory Configuration (Advanced AD Attack vectors) with Ansible & Powershell.• Helped Develop & Automate Labs for some of the HackTheBox Academy Modules: - Active Directory Enumeration & Attacks - Attacking Enterprise Networks - Vulnerability Assessment - Using the Metasploit Framework - Pivoting, Tunneling, and Port Forwarding - Kerberos Attacks - Using CrackMapExec - Discretionary Access Control Lists Abuse

• Conducted Red Team Assessments, successfully compromising domain and enterprise admin on one of the engagements• Conducted security assessments on Operational Technology (OT) controller devices, including RTUs, Relays, and PLCs, to identify vulnerabilities and ensure the resilience of industrial systems. Collaborated with clients to implement cybersecurity best practices in OT environments, enhancing access control and network segmentation. Performed resilience testing and delivered detailed reports to help clients make informed decisions about securing critical infrastructure.• Conducted in-depth security assessments of web applications, encompassing a wide range of attack vectors, using OWASP Web Application Security Testing Checklist and finding security misconfigurations. Leveraged both automated tools and manual testing techniques to uncover vulnerabilities, aiding clients in safeguarding their online assets.• Assessed the security of APIs used for data exchange and integration. Evaluated authentication, authorization, and data integrity to identify potential security weaknesses and recommend mitigation strategies. This work helped clients secure their data-sharing interfaces and maintain the integrity of their API-driven systems.• Automated Red Team infrastructure configuration using Bash and Python scripts, streamlining operations.• Successfully set up Command and Control (C2) infrastructure for macOS (Mythic) and developed persistent MacOS payloads.• Configured a robust phishing infrastructure on AWS, utilizing EC2, Route53, Cloudfront, and S3 services for security testing and assessments.

• Designed and chained Vulnerable UNIX machines with concealed vectors simulating real-world penetration testing scenarios, to help build up aspiring penetration testers' skills. • Created challenging virtual machines out of discovered vectors by adding an engaging storyline to accompany the created virtual machine

• Worked with Departments and managers to analyze technical resource effectiveness.• Conducted Penetration Testing for Web applications.• Worked to perform Vulnerability Assessment and Penetration Testing.• Did Research related to the Cyber Security domain. (Finding Concealed Vectors)• Gave training to the Internal team on using Azure and Administering Azure Infrastructure• Performed Documentation & created POC for techniques from MITRE ATT&CK• Performed Installation & Configuration of Gophis & C2 server on cloud (Vultr/AWS)• Performed OSINT & Phishing for red team assessments