Rakesh B.

## BIO **Academic profile:** • Completed CBSE 10th in the year 1999 with an 88.4% aggregate. • Completed CBSE 12th in the year 2001 with a 91.6% aggregate. • Completed B’TECH (Computer Science - CUSAT) in the year 2005 with a 76.3% (with distinction) aggregate. **Work profile:** 1.) Currently working as a Security Analyst as part of a niche-skilled group in a top MNC. Was the primary analyst in the security testing of projects belonging to [login to view URL], Singapore Exchange, Intuit Quicken, Molina Healthcare and American Automobiles Association. Security testing primarily focused analyzing application/network level vulnerabilities and performing penetration tests. 2.) Worked as a C/C++/x86 Assembly programmer and malware analyst at an anti-virus firm with a user-base of over 10 million for a period of two years. Was involved in scanning and analyzing vulnerabilities present on the company home. 3.) Worked as a C#/ASP.NET developer for two years at a top Indian MNC **Extra curricular profile:** • Demonstrated and reported that it was possible to uncap a local ISP's cable modems and obtain arbitrary bandwidth allocations. Kochi, 2001. • Demonstrated and reported that the ISP's switched network was vulnerable to ARP poisoning attacks allowing an attacker to monitor any subscriber’s network activity. Kochi, 2001. • Reported that the ISP's Content Management System was unguarded and an attacker could obtain the recent browsing history of all ISP's subscribers. Kochi, 2001. • Was 1st in the “Access Denied†competition held at an inter-college level. The competition involved reversing the protection of two Win32 applications and exploiting a Linux box with a buffer-overflow vulnerability. Kochi, 2004 • Discovered and reported SQL Injection vulnerabilities in two of the MNC’s internal applications. One was the department’s employee allocation program and the other was an internal Fantasy-Team game website. Obtained root access to both machines. Chennai, 2006 • Discovered a code-injection vulnerability in the MNC's internal application that allowed root access to all fourteen servers that maintained most of the MNC’s organization-wide internal applications – inclusive of salary, appraisal, employee information and project allocations. Reported vulnerability and steps to fix it. Chennai, 2007 • Discovered a SQL Injection vulnerability in a popular antivirus company's website and obtained root access to the web server. Reported vulnerability which was subsequently fixed. Also received Job offer! Chennai, 2007 • Discovered subsequent SQL injection vulnerabilities in the antivirus company's website and aided in fixing them. Chennai, 2008 • Discovered a Joomla vulnerability in the revamped antivirus company's website that allowed an attacker to reset the Administrator password. Reported the vulnerability which was fixed by updating a few Joomla components. Chennai, 2008 • Discovered a bug in Gmail’s MX servers that allows an attacker to send mails as any Gmail user. Also wrote a proof of concept program. Chennai, 2009 • Was part of the team that completed the maximum levels in the InfySEC Hackintosh Capture The Flag Tournament. The challenges included obfuscated Javascript, cookie-injection, win32 application reversing, whitespace steganography and password/hash cracking. Chennai, 2009 • Currently ranked in the Top #50 of the [login to view URL] website. An ethical hacking challenge website with over 35,000 members. **Personal projects:** • ChessMaster – A graphical chess program with a minimalistic AI made in Turbo C++ for a 10th grade project • ZeroDotOne – A graphical window manager for DOS made in Turbo C++ for a 12th grade project. Featured a couple of games, a paint program and an Explorer-ish file manager for DOS. • PhakeIt – A proof of concept tool written to demonstrate a misconfiguration in Gmail’s MX servers that allows a person to send a mail as any Gmail user. Written in C#. • Gidly – An “idler†program that injects itself into Google Talk and displays your status as Idle even if you’re not. Written in VC++. • Reckless in Space – A 32-bit DOS game written using the DJGPP C compiler and the Allegro graphical toolkit. • Escape From School – Wrote a 3D game in Visual Basic 6 using the Tegosoft OCX controls. • Nuke Da Madmaludawg – A DirectX game written with VC6. Also later ported the same game to OpenGL and GCC. • TypingCheater – A program that parsed IE’s DOM, extracted text and sent the text back to another input control on the page. The primary use was to get a 175+ wpm record in a Social Networking site’s typing speed game. • Anhedonia – An IRC bot written with GCC in order to maintain ChanOp privileges in a few personal IRC channels. • WebRAT – A remote administration tool (using only a web browser) written for a college project. Remote file management was provided using a Web interface and Remote Desktop control and Telnet usage were served via embedded Java applets. The server code was written using GCC and the QT toolkit on Linux. • Magnetic Card Based Attendance System – Wrote the serial port interface code in VC++ and the ASP.NET/MSSS backend. • Find A Friend – A PHP/MySQL based pen pal website written for a college project. • TrySpy – A password extractor for Internet Explorer and Firefox that revealed asterisked passwords by parsing the browser DOM as well as dumping saved passwords in the Firefox signons file and Internet Explorer’s protected storage. Written in VC++. • Key loggers – Wrote a couple of user-mode key loggers and an experimental kernel-based one for private usage. • Blunt – A blind SQL injector brute-forcer for penetration testing purposes. Written in C#. • OCSZombie – An artificially intelligent chat-bot leveraging AIML that integrates into Office Communicator and handle an IM conversation. • Misc. – Wrote POP, IMAP, SMTP clients and a HTTP server for personal usage. In C# and VC++. ## Area of Expertise **Strong with:** • Languages: C, C++, x86 Assembly, C# • Scripting: JavaScript, VBScript, ASP • Markup: HTML, XML • Technologies: .NET/ASP.NET • Databases: SQL Server • Tools: IDA Pro, OllyDbg, Wireshark • VAPT Tools: Nmap, Nessus, Metasploit, Acunetix WVS, Fortify • Operating Systems: Win32/64 **Comfortable with:** • Languages: JAVA, Visual Basic • Scripting: PHP • Technologies: J2EE • Databases: MySQL, Oracle • Tools: WinDBG, GDB • VAPT Tools: eEye Retina, BackTrack Distro • Operating Systems: Most *nix variants.