Kshitij Chitnis

A developer, hacker, CTF player and student, currently pursuing masters in Cybersecurity and having prior experience as a CyberSecurity Auditor and Pentester. Also a huge GNU/linux fanatic and FOSS evangelist.

Skills

Programming Languages:

Assembly, C, C++, Python, JavaScript, Bash, SQL, Go, Rust

Platforms:

Linux, Windows and MacOS security hardening; x86-64, ARM, AWS, GCP, Azure, Active Directory

Tools:

Ghidra, GDB, GEF, IDA, BurpSuite, Metasploit, pwntools, Wireshark, IBM Qradar, Splunk, UART, JTAG

Frameworks:

NIST Cybersecurity Framework (CSF), OWASP Top 10, MITRE ATT&CK, ISO 27001, SANS

Other Skills:

Incident Response (IR), Security Operations Center (SOC), Endpoint Detection and Response (EDR)

Work Experience

Feb 2020 - Aug 2022

Pentester & Security Analyst @ Newton’s Apple Security Solutions

Conducted penetration testing of critical infrastructures of MNCs, identifying and rectifying over 200 vulnerabilities across more than 100 micro-services, web applications and IOT devices. Lead the development of custom automated tools, enhancing operational efficiency by 30% and saving an estimated 500 hours of annual time savings in pentesting workflows.

Mar 2020 - Mar 2021

Research Fellow @ Muellners Foundation

Spearheaded the evaluation of Open Blockchain API and DAO Governance Models, increasing fintech application security robustness by 25%. Authored standardized documentation that facilitated the adoption of blockchain smart contracts, contributing to an estimated 40% reduction in potential security incidents.

Education

2022 - 2024

Stevens Institute of Technology, Hoboken, USA

Master’s Degree in Cybersecurity

2018 - 2022

University of Pune, Pune, India

Bachelor’s of Engineering in Information Technology

Projects

Automated Subdomain Recon Tool

Developed an automated tool named “poseidon” that finds subdomains for any given domain and finds open ports on those subdomains.

Firmware Dumping

Accessed and dumped live, unencrypted firmware from devices utilizing UART (Universal
Asynchronous Receiver-Transmitter) interface, enabling real-time system analysis.

Network Analysis

Used Wireshark and the Bettercap framework to execute MITM (Man-In-The-Middle) attacks to intercept
and analyze network traffic.

ABS-B Aircraft Radar

Implemented a real-time ADS-B aircraft radar system using RTL-SDR to identify aircrafts flying over my location and visualize their movements.

Awards & Recognition

Won a prize in Cytaka New York CTF

CTF team ranked #1 globally

Achieved a solo rank of 316 out of 2135 in DownUnderCTF 2021

Achieved a solo rank of 294 out of 2527 in H@ctivityCon 2021

Blogs & Publications

Blog

CTF-WriteUps

Role of smart contracts in secure software development

Extra

Sep 2020 - Aug 2021

Google Development Student Club PVGCOET
Design & Production Head

May 2020 - Nov 2020

TEDx Kothrud
Media & Production Team Member

Dec 2019 - Jul 2021

TEDx PVGCOET
Media & Communications Head

Socials

https://www.linkedin.com/in/kshitijchitnis/