kchitnis
Kshitij Chitnis.

A developer, hacker, CTF player and learner, with a masters in Cybersecurity and experience as a CyberSecurity Analyst and Penetration Tester. Also a huge GNU/linux fanatic and FOSS evangelist.

Skills

  • Programming Languages: Assembly, Bash, C, C++, Go, Java, Javascript, Perl, Python, Ruby, Rust, SQL.
  • Platforms: Linux, Windows, MacOS, AWS, GCP, Azure, Active Directory, FortiGate, Docker.
  • Tools: Git, Ghidra, GDB, IDA, BurpSuite, Metasploit, Wireshark, IBM Qradar, Splunk, Shodan, NetCat, Nessus, Nikto, Hydra, Yara.
  • Frameworks: NIST Cybersecurity Framework (CSF), OWASP Top 10, MITRE ATT&CK, ISO 27001, SANS, Cyber Kill Chain.
  • Others: IR, SOC, EDR, SIEM, Github, GitLab, IAM, SOAR, Automation, Log Analysis.

Certifications

  • CompTIA Security+
  • Fortinet Certified Associate in Cybersecurity
  • Google Cybersecurity
  • IBM Cybersecurity Analyst

Education

  • Masters of Science, Cybersecurity
    Stevens Institute of Technology, Hoboken, NJ

  • Bachelors of Engineering, Information Technology
    Pune University, Pune, India

Work Experience

Threat Detection Analyst @ FileHive.io

  • Created custom detections using threat feed sources, managed version lifecycles in a GitHub repository, and leveraged Git and GitHub Actions.
  • Used honeypots (T-Pot and RDP) to collect basic threat telemetry and leveraged Red Canary's Atomic Red Team for pre-deployed, mapped tests.
  • Utilized Terraform for infrastructure provisioning and Ansible for configuring the ELK stack, ensuring a minimal reproducible detections environment.

Penetration Tester @ Newton's Apple Security Solutions

  • Executed penetration testing on critical infrastructures, reinforcing security for multinational corporations across diverse technologies.
  • Identified and resolved 200+ vulnerabilities in micro-services, web applications, and IoT devices, boosting system resilience.
  • Developed automated tools, streamlining workflows and saving 500 hours annually, enhancing operational efficiency by 30%.

Research Fellow @ Muellners Foundation

  • Evaluated blockchain APIs and DAO governance, increasing fintech security robustness by 25% through secure implementations.
  • Authored smart contract documentation, reducing technical support requests by 30% and improving integration efficiency.
  • Achieved 40% reduction in potential security incidents by identifying vulnerabilities and implementing preventive measures.

Projects

Automated Subdomain Recon Tool

  • Designed a custom automated tool named Poseidon for comprehensive subdomain enumeration for any given domain, tested with over 50,000 subdomains.
  • Identified open ports on these subdomains, reducing the reconnaissance phase time by 50% in penetration testing.
  • Enhanced subdomain mapping and increased the efficiency of identification of assets by 40%.

Firmware Dumping

  • Extracted live firmware from embedded devices using the UART interface, analyzing firmware from over 10 different consumer devices like routers.
  • Conducted real-time system analysis and reverse engineering, identifying 6 critical firmware vulnerabilities and potential exploits.
  • Delivered critical insights into firmware vulnerabilities, reducing potential exploit risks by 30%.

Network Intrusion Detection System with Suricata

  • Installed and configured a Network Intrusion Detection System (NIDS) using Suricata on a virtual machine.
  • Developed a custom rule to detect ICMP ping traffic, enhancing the system's ability to monitor specific network activities..
  • Successfully tested the system by generating alerts and analyzing the detection results to ensure accurate threat identification.

ADS-B Aircraft Radar

  • Implemented a real-time ADS-B aircraft radar system utilizing RTL-SDR technology.
  • Used the system to identify aircraft flying over the location, capturing real-time data.
  • Visualized aircraft movements, providing a clear representation of air traffic in the vicinity.

Awards

  • Awarded a prize in the highly competitive Cytaka New York Capture The Flag (CTF) cybersecurity challenge.
  • As part of an elite CTF team, secured the top global ranking on CTFTime.
  • Achieved a solo rank in the top 14.8% at the DownUnderCTF and ranked within the top 11.6% at the H@ctivityCon CTF.