Som Chandra

I'm

About

I am a cybersecurity enthusiast with expertise in ethical hacking, penetration testing, and network security. I am a dedicated, hard-working, and technically minded individual who is always looking for ways to improve my skills and knowledge. I am passionate about protecting organizations from cyber threats, and I am committed to using my skills to make a positive impact on the world.

In addition to my work in cybersecurity, I am also an avid photographer and cinematographer. I enjoy capturing the beauty of the world around me, and I am always looking for new ways to tell stories through my images. I am also a self tought sketch artist, and I enjoy using my creativity to express myself.

I am a well-rounded individual with a variety of interests and skills. I am confident that I can make a valuable contribution to any organization that I am a part of.

Skills

Web Application Security
System Administration
Bug Bounty
Mobile Application Penetration Testing
Capture The Flag
VAPT
Computer Forensics
Network Security
Unix
OSINT
Bash
Python
Cloud Computing

Resume

Education

Lovely Professional Univeristy, Phagwara

2021 - 2025

B. Tech - CSE Hons.(Cyber Security and Blockchain Technology)

7.49 CGPA

Certification

eWAPTxV2

CompTIA Network+ (upcoming)

Projects

TrashRecon

April 2024
  • Ultimate automation of puredns, httpx, dnsx, smap, and aquatone

PC-Info RCE

Jan 2024
  • Build a static web page on node that shows your computer information and is also vulnerable to Command Injection through User-Agent.
    • Used Node and JavaScript and also looped it down with a vulnerable OS for a complete Boot-To-Root machine

Hit me Falsky

Apr 2023
  • Designed webpage in the web challenge for N30N Byte CTF
  • Developed webpage with vulnerability of SSTI using Flask/Jinja2, HTML and Pure CSS

Simulating Cyber Challenges using Capture The Flag

April 2023
  • Jeopardy CTF (Capture the flag) problems for beginners to intermediate in Cyber Forensics, Web and OSINT

Log4j Vulnerabilities Scanner

Dec 2021
  • Bash Script that scans the domains and its subdomains for Log4J (CVE-2021-4428) with the help of Subfinder, HTTPX and Httprobe.

Courses

Jr Penetration Tester

CompTIA Pentest +

Unix Badge

Web Fundamentals

Foundations of Operationalizing MITRE ATT&CK

Object Oriented Programming using Python

Achievements

Hall of Fame(s)

  • Mastercard Inc.
  • Rakuten Inc.
  • Chatrbate Inc.

20+ Acknowledgement from NCIIPC India

CTFs

  • 3rd - OWASPLPU CTF 2022
  • 20th - WTFCTF 2022
  • 34th - RuCTF 2022
  • 56th - CodeGateCTF 2022 Preliminary
  • 60th - CyberGrabs CTF 0x03
  • 77th - MHSCTF 2022
  • 77th - Hayyim CTF 2022
  • 150th - Crew CTF 2023 (solo)
  • 164th - BDSec CTF 2023 (solo)
  • 191th - KnightCTF 2024

Others

  • Top 1% in TryHackMe
  • Hacker Rank in Hack The Box

Experience

MoveinSync

Application Security Intern

Mar 2024 - Current
  • Conducting vulnerability assessments and security testing for web applications and software systems
  • Participating in penetration testing and code reviews to enhance product security

Securaeon Initiative

Cyber Security Research and Development intern

Feb 2022 - Jul 2022
  • Creating walkthroughs and proof of concepts for different attack scenarios.
  • Contributing to the development of upcoming products and courses.
  • Research and Create content about various domains of cybersecurity.

Bugcorwd

Security Researcher

Oct 2021 - Dec 2021
  • Participating in Bug Bounty Programs

Encrypt Edge

Core Member

Nov 2023 - Present
  • Orchestrated, and executed workshops and Capture The Flag (CTF) competitions on a national scale.

VULNCON

Technical Team Member

Oct 2022 - Present
  • Conducting camps, events, and giving talks on various domains related to cybersecurity.
  • Creating and participating in CTF events.

Google Developer Student Club

Core Team Member (cybersecurity)

Sep 2022 - Present
  • Working on open-source projects with other team members.
  • Conducting camps and events.

Team Member

OWASP LPU

Nov 2021 - Present
  • Working on open-source projects with other team members.
  • Organizing and participating in CTFs

Publications

Privilege Escalation for Linux

Hack The Box Write-ups

Medium

Volunteering

EncryptEdge – RCS CTF 2024

    Role: Challenge Creator and Coordinator
  • Created two boot-to-root machines with the various vulnerabilities for the players to exploit them and capture the final flag.
  • Implemented a sophisticated approach involving the utilization of misconfigured Cronjobs and Binary execution techniques, coupled with Command Injection through web interfaces.

Technocean - N30N Byte CTF Event

    Role: Challenge Creator and Coordinator
  • Collaborated in creating unique challenges in web application security, OSINT, and Steganography for the largest tech event at my college.
  • Assisted in designing, testing, and providing technical support for the challenges.
  • Contributed to the success of the 12-hour event with 300 participants, fostering a competitive and learning-focused environment for cybersecurity enthusiasts.

NOOB 4rMY - How to approach a CTF

    Role: Organizer and Instructor
  • Provided attendees with an understanding of cybersecurity concepts, with a specific emphasis on web application security and solved some of the PicoCTF live.
  • Developed communication and leadership skills while honing knowledge of cybersecurity through this experience.

EncryptEdge - CiscoIGEN CTF

    Role: Organizer and Instructor
  • Created challenges in Web Application, OSINT, and miscellaneous categories.
  • Introduced basic Steganography tools such as Steghide, Binwalk, and others for practical applications

Twitter