Security Researcher

Zscaler

About Me

A vulnerability researcher by trade, but a lifelong explorer of intricately engineered and crafted systems at heart.

I am passionate about exploring low-level systems in computers and specialize in program analysis and fuzzing techniques to uncover vulnerabilities in them. My work lies in exploring and identifying weird machines to reach different states than the anticipated ones which can impact the integrity of these softwares.

Currently, I am actively involved in finding and analyzing new vulnerabilities within the Windows operating system and associated software at Zscaler

Experience

 
 
 
 
 
Vulnerability Research Team, **Zscaler**
Security Reseacher I
Vulnerability Research Team, Zscaler
September 2023 – Present Bengaluru, Karnataka, India
  • Reverse engineered DWG file parsing in Microsoft Visio
  • Developed a harness for Visio which has similar exception handling and COM components
  • Performed fuzzing, triaged crashes, and reported findings to MSRC.
  • Created a DynamoRIO-based tool for generating contextual information and code coverage
  • Developed API hooking and debugging tools for a future snapshot-fuzzing framework.
 
 
 
 
 
Vulnerability Research Team, **Zscaler**
Associate Security Reseacher
Vulnerability Research Team, Zscaler
June 2022 – August 2023 Bengaluru, Karnataka, India
  • Developed a file-format fuzzing framework with custom parser and mutator
  • Reverse-engineered proprietary image and document parsing to develop fuzzing harnesses
  • Experimented with Intel Pin for code coverage capture and performance analysis
  • Researched and experimented with various file-format fuzzing techniques and tools
  • Streamlined vulnerability discovery by automating coverage log analysis with IDAPython
 
 
 
 
 
SEAL Lab, **IIT Kharagpur**
Undergraduate Researcher
SEAL Lab, IIT Kharagpur
December 2021 – May 2022 Kharagpur, West Bengal, India
  • Studied cache side-channel attacks e.g. Prime+Probe, Flush+Reload, Evict+Reload
  • Developed automation for profiling cache timings of x86 instructions on Intel CPUs
  • Applied machine learning and template analysis to identify side-channel leakage
  • Performed in-depth literature review on micro-op cache side-channel attacks
  • Implemented and validated the UC-Check paper
 
 
 
 
 
Digital Security Research Center, **TII**
  • Fuzzed open-source libraries, parsers, and programs with AFLPlusPlus and sanitizers
  • Explored QEMU emulation components and emulation-based fuzzing techniques
  • Experimented with symbolic execution (Angr) and taint analysis (Kirenenko, Triton) tools
 
 
 
 
 
Digital Security Research Center, **TII**
  • Developed a tool to automate the generation of PoC exploits for a vulnerable program
  • Firmware Analysis of embedded / IoT devices and their binaries
  • Utilized ARM-X, Qiling, and QEMU to partially emulate firmware from IoT devices for security research

Certifications

OpenSecurityTraining2
⇒ Arch2001 : x86-64 OS Internals
Mar 2024
⇒ Vulns1001 : C-Family Software Implementation Vulnerabilities
May 2023
⇒ RE3011 : Reversing C++ Binaries
Apr 2023
⇒ Arch4031 : x86-64 Reset Vector: coreboot
Sep 2022
⇒ Dbg2011 : Intermediate WinDbg
Feb 2022
⇒ Arch1011 : x86-64 Assembly
Aug 2021
Coursera
⇒ Hacking and Patching
May 2020
⇒ Web Application Security Testing with OWASP ZAP
Apr 2020
DataCamp
⇒ Advanced Deep Learning with Keras
Sep 2020
⇒ Introduction to Deep Learning with Keras
Sep 2020

Recent Posts

My Work Experience
Highlights of my diverse professional background, showcasing my expertise in both industry and academia
Writing technical content in Markdown

Hugo Blox Builder is designed to give technical content creators a seamless experience. You can focus on the content and Wowchemy handles the rest.

Highlight your code snippets, take notes on math classes, and draw diagrams from textual representation.

Writing technical content in Markdown