Get in touch
asdas

CyberSecurity Consultant

|

About

Rajat

Here is a little background

I'm Rajat, You might also know me as r3tr0! Step into the world where technology meets innovation, and cybersecurity takes center stage. This blog is your go-to destination for exploring the ever-evolving digital landscape, with insights, stories, and practical tips to keep you ahead of the curve. From unraveling the mysteries of penetration testing to demystifying DevSecOps practices, I'm here to empower you with knowledge and tools to tackle cyber threats head-on. Whether you're a seasoned pro or a curious learner, there's something for everyone in this dynamic space. Let's dive into cutting-edge strategies, explore the latest tools, and discover how to harness the power of the digital world for good. Together, we'll navigate the complexities of cybersecurity and unlock the boundless possibilities of technology. Thanks for visiting my webapp - let's secure, one byte at a time!

Experience

Phew

Security Consultant

Phew

2023-07-31 - Present

  • Web Application Penetration Testing
  • Source Code Review [PHP, Ruby, Go, Python, JavaScript, dotNet, GraphQL, Java]
  • Network Penetration Testing
Phew

Senior Security Engineer

Xplor Technologies

2020-11-02 - 2023-07-28

  • Web Application Penetration Testing
  • API Penetration Testing
  • Mobile Application Penetration Testing
  • Develop DevSecOps pipelines
  • Build, deploy and maintain security tools
  • Scoping penetration tests with the product team
  • Source Code Review for Web Applications and Android Application
Phew

Quality Assurance Engineer

Zambion

2020-03-16 - 2020-10-30

  • Automation Testing of Web Application [Cypress]
  • Automation Testing of Android Application [Expresso]
  • Automation Testing of IOS Application [XCTest and XCUITest]
  • Integration, performance, unit testing
  • Vulnerability Assessment using Nessus, OpenVas, Nitko
  • Source Code Review
Phew

Technical Developer

Waikato Link

2018-11-05 - 2019-11-15

  • Developed and Designed a prototype for the visualization of IDS software
  • PERN Stack
  • Vulnerability Assessment
  • Case Study - Establishing SOC using tools including Wazuh, ELK Stack, Alien Vault, and MozDef

Skills & Certs

Hover over a skill for current proficiency

100%

100%

100%

100%

60%

80%

75%

82%

80%

69%

70%

65%

55%

80%

70%

80%

Blogs

Active

Active is a Windows-based machine that provides an excellent introduction to Active Directory exploitation techniques. This box demonstrates common misconfigurations and vulnerabilities found in real-world Active Directory environments. The box follows a logical progression from initial enumeration to domain compromise, making it an ideal learning environment for beginners in Active Directory penetration testing. The techniques demonstrated are realistic and commonly encountered in corporate environments. Detailed key learning points and takeaways from this machine are provided at the end of this writeup.

Resolute

This Hack The Box machine offers an engaging challenge, focusing on SMB enumeration and Windows privilege escalation using DLL injection attacks. While it’s included in the Active Directory track, it doesn’t quite feel like it belongs there—probably because SMB is the only AD-related component. That said, it’s still a great machine to learn from and have some fun with. Let’s jump in and get started!

Top Ten Active Directory Attacks

Active Directory (AD) serves as the backbone of enterprise IT infrastructures, managing authentication, authorization, and identity services for millions of organizations globally. Developed by Microsoft, AD provides centralized control over network resources such as file shares, databases, and cloud applications. Its importance makes it a prime target for attackers, who exploit its inherent complexity and vulnerabilities to gain access, move laterally, and escalate privileges within the network.

Contact Me

I have got just what you need. Let's Talk

rrokhade27@gmail.com

Auckland, New Zealand