GithubHelp home page GithubHelp logo

Hi, I'm Arun Nagath πŸ‘‹

Introduction

I'm a highly self-motivated individual with a deep passion for computer security, boasting a robust foundation in cybersecurity and a Bachelor of Technology degree in Computer Engineering. With over 4 years of hands-on experience, I specialize in various aspects of cybersecurity, including web application security, vulnerability assessment, penetration testing, and mobile application security for both iOS and Android platforms.

About Me

I am a highly self-motivated individual with a passion for computer security, boasting a robust foundation in cybersecurity and a Bachelor of Technology degree in Computer Engineering. With over 4 years of hands-on experience, I specialize in areas such as web application security, vulnerability assessment, penetration testing, and mobile application security for iOS and Android platforms.

My expertise extends to both black-box and white-box security testing methodologies, enabling me to conduct thorough security assessments on web applications, APIs, enterprise, and engineering applications. I am well-versed in dynamic application security testing (DAST) tools like Burp Suite Professional, Qualys, and Traceable, as well as Static Application Security Testing (SAST) tools such as GitHub Advanced Security and Mobile Security Framework (MobSF).

I have a keen understanding of web security principles, techniques, and technologies, utilizing a diverse range of penetration testing tools. My hands-on experience includes executing attack vectors from the OWASP Top 10 and working with various open-source security tools, including proxies and fuzzers.

Actively engaging in security-specific conferences, webinars, and Capture The Flag (CTF) contests, I stay abreast of the latest developments in the field. Strong in documentation, I excel in delivering thorough penetration test reports. My skills and knowledge equip me to tackle complex security challenges with a creative and out-of-the-box thinking approach.

  • 🌱 Always learning and staying up-to-date with the latest trends in cybersecurity.
  • πŸ’¬ Ask me about web security, penetration testing tools, or mobile application security.

Experience

  • πŸ’Ό ZEE - Technology & Innovation/Security Engineer

    • β€’ Performed Manual and Automated Web application security (Black Box, White Box), Vulnerability assessment (Static application security testing (SAST) and Dynamic application security testing (DAST)), Penetration testing, API security, Mobile Application security for iOS and Android platforms in line with OWASP TOP 10 Network Penetration testing. β€’ Successfully led the organization-wide adoption of DevSecOps practices, enhancing collaboration between development, security, and operations teams for streamlined and secure software delivery. β€’ Managed enterprise level automated tools like GitHub Advance security for securing enterprise repositories. β€’ Provided developer support in securing applications and assisting in the identification and remediation of vulnerabilities of the applications. β€’ Hands-on experience with commercial and open-source tools e.g., Burp suite Professional, Metasploit, SQLMAP, Nmap, Qualys, FUFF, Dirsearch, Objection, Frida, MobSF, iOS Jailbreaking tools, GitHub Advanced Security, Strobes etc.

  • πŸ’» Ernst & Young/Security Analyst

β€’ Conducted Black Box, Grey Box, White Box Web Application and Network Penetration Testing β€’ Created reports and developer support in securing applications and assisting in the identification and remediation of vulnerabilities of the applications. β€’ Audits of third-party vulnerability reports for internal applications, ensuring proactive identification and resolution of potential security risks.

Skills

  • Cybersecurity: Web application security, penetration testing, vulnerability assessment.
  • Tools: Proficient in Burp Suite Professional, Qualys, Traceable, GitHub Advanced Security, and Mobile Security Framework (MobSF).
  • Methodologies: Black-box and white-box testing, OWASP Top 10, dynamic and static application security testing.
  • Platforms: iOS, Android, Apple TV.

Education

  • πŸŽ“ Bachelor of Technology in Computer Engineering

Certifications

  • πŸ† β€’ Microsoft Certified: Azure Fundamentals (AZ-900) β€’ Certified Ethical Hacker (CEH) β€’ Qualys Certified Specialist β€’ Rapid7 InsightVM Certified Administrator β€’ EY Cybersecurity Bronze

Security Community Involvement

  • 🌐 Actively participate in security-specific conferences and webinars.
  • 🚩 Regularly engage in Capture The Flag (CTF) contests.

Get in Touch

Thanks for stopping by my profile! Feel free to connect and explore my projects.

Arun Nagath's Projects

fuzzdb icon fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

howtohunt icon howtohunt

Tutorials and Things to Do while Hunting Vulnerability.

iloot icon iloot

OpenSource tool for iCloud backup extraction

jaqen icon jaqen

Jaqen - Simple DNS rebinding

json-flash-csrf-poc icon json-flash-csrf-poc

This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

lazyrecon icon lazyrecon

This script is intended to automate your reconnaissance process in an organized fashion

leaky-paths icon leaky-paths

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

learn365 icon learn365

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

lfisuite icon lfisuite

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

log4j-scan icon log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

mitm_relay icon mitm_relay

Hackish way to intercept and modify non-HTTP protocols through Burp & others.

nullinux icon nullinux

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

oscprepo icon oscprepo

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.

php-revershell icon php-revershell

This tool is designed for those situations during a pentest where you have upload access to a webserver that’s running PHP. Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser. The script will open an outbound TCP connection from the webserver to a host and port of your choice. Bound to this TCP connection will be a shell.

php-vulnerability-audit-cheatsheet icon php-vulnerability-audit-cheatsheet

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.

powermeta icon powermeta

PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.

seclists icon seclists

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

sqlmap icon sqlmap

Automatic SQL injection and database takeover tool

sslscan icon sslscan

sslscan tests SSL/TLS enabled services to discover supported cipher suites

ssrfmap icon ssrfmap

Automatic SSRF fuzzer and exploitation tool

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.