0% found this document useful (0 votes)
34 views2 pages

SOC Resume

Sujal Machhale is an Aerospace Engineering student at IIT Bombay with a current CPI of 7.01 and notable achievements in competitive exams and cybersecurity competitions. He has completed several key projects related to web security, malware analysis, and SIEM setup, and has experience as a security researcher for Netflix. Additionally, he has undertaken various cybersecurity courses and possesses a wide range of technical skills in programming, operating systems, and web exploitation.

Uploaded by

sujalmachhale704
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
34 views2 pages

SOC Resume

Sujal Machhale is an Aerospace Engineering student at IIT Bombay with a current CPI of 7.01 and notable achievements in competitive exams and cybersecurity competitions. He has completed several key projects related to web security, malware analysis, and SIEM setup, and has experience as a security researcher for Netflix. Additionally, he has undertaken various cybersecurity courses and possesses a wide range of technical skills in programming, operating systems, and web exploitation.

Uploaded by

sujalmachhale704
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Sujal Machhale 22B0001

Aerospace Engineering B.Tech


Indian Institute of Technology Bombay Male
GitHub

Examination University Institute Year CPI/%


Graduation IIT Bombay IIT Bombay 2022-Present 7.01
Intermediate/+2 HSC Niralaya Junior College 2022 82.67
Matriculation CBSE Bhartiya Krishna Vidya Vihar 2020 91.6

ACHIEVEMENTS
• Ranked 18,052 out of 0.25 Million Candidates in JEE Advanced . [2022]
• Ranked 48,988 out of 1.02 Million Candidates in JEE Mains. [2022]
• Ranked 12,577 on the Hall of Fame for Web Exploitation on PortSwigger. [2024]
• Achieved a rank of 382 out of 10,000+ participants globally in the picoCTF 2024 competition. [2024]
• Ranked 346 out of 12,000 participants globally in Cyber Apocalypse CTF, organized by HackTheBox.[2024]

KEY PROJECTS
Website Security Testing Suite [July’24 - Aug’24]
Self - Project | GitHub
• Developed a comprehensive Flask application for security testing, including SQL and XSS injection detection.
• Added features for Nmap scanning and subdirectory discovery to enhance security analysis.
• Implemented detailed logging for SQL and XSS vulnerabilities with results saved in Log files.
Website Security | Course Project [Jan’24 - Apr’24]
Project Guide: Prof. Veerendrababu Vakkapatla, Department of Computer Science Engineering, IIT Bombay
• Implemented a transparent SSL-proxy server to intercept encrypted traffic between browser and web server.
• Developed and mitigated XSS and CSRF attacks on a custom Website using Apache2 and MySQL.
• Configured SSO authentication and client-side SSL-certificates for web application access.
SIEM Lab Setup [Aug’24 - Sep’24]
Self - Project | GitHub
• Deployed and configured Splunk Enterprise and Universal Forwarders in VirtualBox for real-time log collection.
• Configured Sysmon with custom rules and analyzed Windows events with Splunk for security detection.
• Implemented static IP and NAT networking for Splunk servers, enhancing SIEM capabilities.
IDS & Firewall Setup [Aug’24 - Sep’24]
Self - Project | GitHub
• Implemented pfSense firewall within Internal Network in Virtual Box with Specific Firewall Rules.
• Deployed Snort IDS , utilizing Community, Registered, and Subscription rule sets for real-time traffic analysis.
• Integrated pfSense firewall rules with Snort log monitoring to ensure comprehensive network security.
Malware Analysis [Aug’24 - Sep’24]
Self - Project | letsdefend.io
• Developed a malware analysis lab using VirtualBox and Flare-VM to analyze and investigate malware samples.
• Performed Static malware analysis to extract insights from file properties and code structures without execution.
• Conducted Dynamic malware analysis by executing malware to observe runtime behavior and identify threats.
EXPERIENCES
Netflix Unsubscribe Functionality Vulnerability [ Jul’24 ]
Company : Security Researcher, HackerOne
• Discovered a vulnerability in Netflix’s unsubscribe feature, allowing unauthorized email unsubscription.
• Found that the unsubscribe process lacked user authentication, posing a security risk.
• Reported the issue to Netflix’s responsible disclosure program on HackerOne for resolution.
Cybersecurity Job Simulation [Aug’24 - Sep’24]
Company : JPMorgan Chase & Co.
• Implemented a machine learning model with Scikit-learn for email classification using TF-IDF.
• Enhanced Django security by addressing OWASP vulnerabilities, and implementing CSRF & XSS Protection.
• Performed data preprocessing and visualization with Pandas, Numpy, and Matplotlib.
COURSES UNDERTAKEN
SOC Analyst [Aug’24 - Sep’24]
Course by : letsdefend.io
• SOC Fundamentals, Cyber Kill Chain, MITRE ATT&CK, Phishing Analysis, Web Attacks, SIEM, Malware Analysis,
Security Solutions, Network Log Analysis, Splunk, Threat Intelligence, Brute Force Detection, SOC Lab Setup.
CS 745 | Principles of Data and System Security [Jan’24 - Apr’24]
Course Instructor : Prof. Veerendrababu Vakkapatla, Department of Computer Science Engineering, IIT Bombay
• Cryptography, Data Security, Public-Key Systems (RSA, Diffie-Hellman), Digital Signatures, Certificates (CA),
PKI, Entropy, Perfect Secrecy, XSS, CSRF, SOP, Clickjacking.

IBM CyberSecurity Analyst | Professional Certificate [Dec’23 - Jan’24]


Course By : IBM Company, Coursera
• Experienced in cybersecurity practices including breach response, threat intelligence, network security, and
compliance frameworks. Completed IBM Cybersecurity Analyst Assessment. Proficient in penetration testing,
incident response, and forensics
TECHNICAL SKILLS
Languages • Python • JavaScript
• C++ • GoLang
• x86 Assembly • SQL
Operating System • Linux • Windows
Softwares • Burp Suite • Bettercap
• OWASP ZAP • Gobuster
• SQLmap • AMASS
• NMAP • John the Ripper
• WireShark • Hydra
• Metasploit • Ghidra
SOC • SIEM • SOAR
• IPS/IDS • Incident Management
• Log Analysis • Cyber Threat Intelligence
• Malware Analysis • MITRE ATT&CK Framework
Web Exploitation • SQL Injection • IDORs
• NoSQL Injection • Web LLM
• API Testing • JWT Attacks
• Cross Site Scripting • GraphQL Vulnerability
• Cross-Site Request Forgery • File Path Traversal
• Remote Command Execution • Access Control Testing
• File Upload Vulnerability • Authentication Testing
• Race Condition Vulnerability • Business Logic Vulnerability

EXTRA-CURRICULAR ACTIVITIES
• Achieved a PicoGym Score of over 15,000+ on the picoCTF platform. [2024]
• Completed 42% of the Web Application Vulnerability Labs on PortSwigger Academy. [2024]
• Secured the 6th position in the TyroCTF competition organized by CSec at IITB. [2023]
• Ranked 87,588 out of 1,000,000 participants globally for Python Programming on HackerRank. [2024]
• Successfully finished the Advent of Cyber 2023 program organized by TryHackMe. [2023]
• Participated in a Capture The Flags Event organized by IITB Trust Lab with over 500 participants. [2023]

You might also like