Sujal Machhale 22B0001

Aerospace Engineering B.Tech

Indian Institute of Technology Bombay Male
GitHub

Examination University Institute Year CPI/%

Graduation IIT Bombay IIT Bombay 2022-Present 7.01
Intermediate/+2 HSC Niralaya Junior College 2022 82.67
Matriculation CBSE Bhartiya Krishna Vidya Vihar 2020 91.6

ACHIEVEMENTS
• Ranked 18,052 out of 0.25 Million Candidates in JEE Advanced . [2022]
• Ranked 48,988 out of 1.02 Million Candidates in JEE Mains. [2022]
• Ranked 12,577 on the Hall of Fame for Web Exploitation on PortSwigger. [2024]
• Achieved a rank of 382 out of 10,000+ participants globally in the picoCTF 2024 competition. [2024]
• Ranked 346 out of 12,000 participants globally in Cyber Apocalypse CTF, organized by HackTheBox.[2024]

KEY PROJECTS
Website Security Testing Suite [July’24 - Aug’24]
Self - Project | GitHub
• Developed a comprehensive Flask application for security testing, including SQL and XSS injection detection.
• Added features for Nmap scanning and subdirectory discovery to enhance security analysis.
• Implemented detailed logging for SQL and XSS vulnerabilities with results saved in Log files.
Website Security | Course Project [Jan’24 - Apr’24]
Project Guide: Prof. Veerendrababu Vakkapatla, Department of Computer Science Engineering, IIT Bombay
• Implemented a transparent SSL-proxy server to intercept encrypted traffic between browser and web server.
• Developed and mitigated XSS and CSRF attacks on a custom Website using Apache2 and MySQL.
• Configured SSO authentication and client-side SSL-certificates for web application access.
SIEM Lab Setup [Aug’24 - Sep’24]
Self - Project | GitHub
• Deployed and configured Splunk Enterprise and Universal Forwarders in VirtualBox for real-time log collection.
• Configured Sysmon with custom rules and analyzed Windows events with Splunk for security detection.
• Implemented static IP and NAT networking for Splunk servers, enhancing SIEM capabilities.
IDS & Firewall Setup [Aug’24 - Sep’24]
Self - Project | GitHub
• Implemented pfSense firewall within Internal Network in Virtual Box with Specific Firewall Rules.
• Deployed Snort IDS , utilizing Community, Registered, and Subscription rule sets for real-time traffic analysis.
• Integrated pfSense firewall rules with Snort log monitoring to ensure comprehensive network security.
Malware Analysis [Aug’24 - Sep’24]
Self - Project | letsdefend.io
• Developed a malware analysis lab using VirtualBox and Flare-VM to analyze and investigate malware samples.
• Performed Static malware analysis to extract insights from file properties and code structures without execution.
• Conducted Dynamic malware analysis by executing malware to observe runtime behavior and identify threats.
EXPERIENCES
Netflix Unsubscribe Functionality Vulnerability [ Jul’24 ]
Company : Security Researcher, HackerOne
• Discovered a vulnerability in Netflix’s unsubscribe feature, allowing unauthorized email unsubscription.
• Found that the unsubscribe process lacked user authentication, posing a security risk.
• Reported the issue to Netflix’s responsible disclosure program on HackerOne for resolution.
Cybersecurity Job Simulation [Aug’24 - Sep’24]
Company : JPMorgan Chase & Co.
• Implemented a machine learning model with Scikit-learn for email classification using TF-IDF.
• Enhanced Django security by addressing OWASP vulnerabilities, and implementing CSRF & XSS Protection.
• Performed data preprocessing and visualization with Pandas, Numpy, and Matplotlib.
COURSES UNDERTAKEN
SOC Analyst [Aug’24 - Sep’24]
Course by : letsdefend.io
• SOC Fundamentals, Cyber Kill Chain, MITRE ATT&CK, Phishing Analysis, Web Attacks, SIEM, Malware Analysis,
Security Solutions, Network Log Analysis, Splunk, Threat Intelligence, Brute Force Detection, SOC Lab Setup.
CS 745 | Principles of Data and System Security [Jan’24 - Apr’24]
Course Instructor : Prof. Veerendrababu Vakkapatla, Department of Computer Science Engineering, IIT Bombay
• Cryptography, Data Security, Public-Key Systems (RSA, Diffie-Hellman), Digital Signatures, Certificates (CA),
PKI, Entropy, Perfect Secrecy, XSS, CSRF, SOP, Clickjacking.

IBM CyberSecurity Analyst | Professional Certificate [Dec’23 - Jan’24]

Course By : IBM Company, Coursera
• Experienced in cybersecurity practices including breach response, threat intelligence, network security, and
compliance frameworks. Completed IBM Cybersecurity Analyst Assessment. Proficient in penetration testing,
incident response, and forensics
TECHNICAL SKILLS
Languages • Python • JavaScript
• C++ • GoLang
• x86 Assembly • SQL
Operating System • Linux • Windows
Softwares • Burp Suite • Bettercap
• OWASP ZAP • Gobuster
• SQLmap • AMASS
• NMAP • John the Ripper
• WireShark • Hydra
• Metasploit • Ghidra
SOC • SIEM • SOAR
• IPS/IDS • Incident Management
• Log Analysis • Cyber Threat Intelligence
• Malware Analysis • MITRE ATT&CK Framework
Web Exploitation • SQL Injection • IDORs
• NoSQL Injection • Web LLM
• API Testing • JWT Attacks
• Cross Site Scripting • GraphQL Vulnerability
• Cross-Site Request Forgery • File Path Traversal
• Remote Command Execution • Access Control Testing
• File Upload Vulnerability • Authentication Testing
• Race Condition Vulnerability • Business Logic Vulnerability

EXTRA-CURRICULAR ACTIVITIES
• Achieved a PicoGym Score of over 15,000+ on the picoCTF platform. [2024]
• Completed 42% of the Web Application Vulnerability Labs on PortSwigger Academy. [2024]
• Secured the 6th position in the TyroCTF competition organized by CSec at IITB. [2023]
• Ranked 87,588 out of 1,000,000 participants globally for Python Programming on HackerRank. [2024]
• Successfully finished the Advent of Cyber 2023 program organized by TryHackMe. [2023]
• Participated in a Capture The Flags Event organized by IITB Trust Lab with over 500 participants. [2023]