Kshitij Chitnis
Skills
Programming Languages:
Assembly, C, C++, Python, JavaScript, Bash, SQL, Go, Rust
Platforms:
Linux, Windows and MacOS security hardening; x86-64, ARM, AWS, GCP, Azure, Active Directory
Tools:
Ghidra, GDB, GEF, IDA, BurpSuite, Metasploit, pwntools, Wireshark, IBM Qradar, Splunk, UART, JTAG
Frameworks:
NIST Cybersecurity Framework (CSF), OWASP Top 10, MITRE ATT&CK, ISO 27001, SANS
Other Skills:
Incident Response (IR), Security Operations Center (SOC), Endpoint Detection and Response (EDR)
Work Experience
Feb 2020 - Aug 2022
Pentester & Security Analyst @ Newton’s Apple Security Solutions
Conducted penetration testing of critical infrastructures of MNCs, identifying and rectifying over 200 vulnerabilities across more than 100 micro-services, web applications and IOT devices. Lead the development of custom automated tools, enhancing operational efficiency by 30% and saving an estimated 500 hours of annual time savings in pentesting workflows.
Mar 2020 - Mar 2021
Research Fellow @ Muellners Foundation
Spearheaded the evaluation of Open Blockchain API and DAO Governance Models, increasing fintech application security robustness by 25%. Authored standardized documentation that facilitated the adoption of blockchain smart contracts, contributing to an estimated 40% reduction in potential security incidents.
Education
2022 - 2024
Stevens Institute of Technology, Hoboken, USA
Master’s Degree in Cybersecurity
2018 - 2022
University of Pune, Pune, India
Bachelor’s of Engineering in Information Technology
Projects
Automated Subdomain Recon Tool
Developed an automated tool named “poseidon” that finds subdomains for any given domain and finds open ports on those subdomains.
Firmware Dumping
Accessed and dumped live, unencrypted firmware from devices utilizing UART (Universal
Asynchronous Receiver-Transmitter) interface, enabling real-time system analysis.
Network Analysis
Used Wireshark and the Bettercap framework to execute MITM (Man-In-The-Middle) attacks to intercept
and analyze network traffic.
ABS-B Aircraft Radar
Implemented a real-time ADS-B aircraft radar system using RTL-SDR to identify aircrafts flying over my location and visualize their movements.
Awards & Recognition
- Won a prize in Cytaka New York CTF
- CTF team ranked #1 globally
- Achieved a solo rank of 316 out of 2135 in DownUnderCTF 2021
- Achieved a solo rank of 294 out of 2527 in H@ctivityCon 2021
Blogs & Publications
- Blog
- CTF-WriteUps
- Role of smart contracts in secure software development
Extra
Sep 2020 - Aug 2021
Google Development Student Club PVGCOET
Design & Production Head
May 2020 - Nov 2020
TEDx Kothrud
Media & Production Team Member
Dec 2019 - Jul 2021
TEDx PVGCOET
Media & Communications Head