I help organizations secure their cloud infrastructure on AWS, Azure, and GCP, covering architecture review, threat modeling, Pre-sales, compliance, and offensive security assessments.
Real-world web-to-cloud attack paths mapped across AWS, Azure, and GCP, tracing every step from initial access to full compromise.
Presented at BlackHat MEA Arsenal 2024. A post-exploitation utility that weaponizes the timing discrepancy between AWS Create and Delete APIs.
AWS Create* API calls consistently complete faster than their corresponding Delete* API calls across multiple services. This timing asymmetry means resource creation outpaces cleanup, creating a window for quota abuse.
AWS Bomber sends parallel Create calls for Security Groups, IAM Roles, VPCs, and other quota-bound resources.
Because creations outpace deletions, the target account rapidly hits its maximum service quota limits.
Terraform, CloudFormation, CI/CD pipelines, and any IaC relying on resource provisioning fail with quota exceeded errors.
I've built CSPM and ASM products at security startups, performed threat modeling for enterprises, and implemented compliance frameworks in production. My background spans offensive security research, DevSecOps, and cloud-native architecture on AWS, Azure, and GCP.
As an independent consultant, I think like an attacker and build like an engineer. I've shipped production security tooling and presented original research at Black Hat MEA, DEF CON 9111, and India's Ministry of Electronics & IT.
Cloud security services covering pre-sales advisory, architecture design, offensive testing, and AI-powered threat detection.
Deep-dive reviews of AWS, Azure, and GCP environments. Misconfiguration detection, policy audits, IAM analysis, and attack surface mapping across CSPM, CWPP, CIEM, and KSPM.
Offensive security engagements focused on privilege escalation, lateral movement, IAM exploitation, container breakouts, and attack path simulation in live cloud environments.
Secure-by-default cloud architecture design. Landing zone blueprints, zero-trust networking, multi-account strategy, and reference architectures for multi-cloud setups.
Technical pre-sales for cloud security products. PoC demonstrations, competitive analysis, customer threat modeling, RFP responses, and solution architecture for CSPM/CNAPP/CWPP platforms.
Audit and implement CIS Benchmarks, NIST, ISO 27001, HIPAA, and GDPR. Build guardrails and policy-as-code that keep teams compliant without slowing them down.
Bake security into CI/CD pipelines and SDLC. Automated scanning, policy-as-code, and secure container orchestration on EKS, AKS, and GKE.
Securing AI/ML workloads on cloud platforms. LLM deployment security, model endpoint hardening, AI pipeline protection, and ML-driven threat detection on cloud-native data.
Real-time monitoring and anomaly detection with automated alerting and self-healing remediation. Built on CloudTrail, EventBridge, Lambda, and SIEM integrations.
Cloud attack labs, security awareness workshops, and team upskilling. Red team exercises, CTF challenges, and AI-assisted threat hunting sessions.
Enhanced CSPM and ASM capabilities across AWS, Azure, and GCP by expanding scanner coverage, strengthening findings, and validating KSPM and multi-cloud attack surface visibility.
Built defensive AWS security tools, designed cloud attack labs, and automated threat detection using CloudTrail.
Built ASM components and 50+ unique attack paths across AWS, Azure, and GCP; enhanced product security for CSPM, SSPM, CWPP, and CIEM modules.
Performed threat modeling and simulation on cloud architectures, implemented cloud-native security, and contributed to HIPAA compliance.
Managed AWS cloud security, IAM, and Active Directory; built organization-wide security modules and collaborated with SRE for secure deployments.
Post-exploitation tool that abuses AWS API timing side-channels to infer resource states and speed up cloud attack path discovery.
Automated detection of high-risk activities with real-time alerting and self-healing remediation using CloudTrail, EventBridge, Lambda, and SNS.
Talk on cloud security assessments, audit methodologies, and implementing practical controls at India's Ministry of Electronics and IT.
SAA-C03. Validates expertise in designing distributed systems and architectures on AWS.
Open-source CLI tool on PyPI that simplifies chaining AWS AssumeRole credentials across multi-account environments for secure, scalable access management.
Web-based GUI for discovering and exploring cloud storage buckets. Supports file preview, metadata inspection, and controlled downloads during security assessments.
Cloud security research, S3/DNS pitfalls, subdomain takeover, and attack path notes.
Read posts ↗Practical cloud security insights, tooling experiments, and multi-cloud attack-path research.
Visit site ↗Videos on cloud security concepts, attack paths, and hands-on labs.
Watch videos ↗Supported global CTF events for the security community and collaborated with organizers to deliver large-scale cybersecurity events.
Supported social initiatives through technical coordination and digital enablement. Mentored interns and coordinated community awareness campaigns.
CompTIA
QuickHeal
Wissenhive
CyberYami
DreamBig
Tie2Tech
TechVertos
ThreatblockCompTIAQuickHealWissenhiveCyberYamiDreamBigTie2TechTechVertosThreatblock
LPU
Parul University
GNS University
Zonal Media
Media Darshan
Rohtas Patrika
SABAL NGO
KSDALPUParul UniversityGNS UniversityZonal MediaMedia DarshanRohtas PatrikaSABAL NGOKSDANeed a security assessment, compliance review, or hands-on cloud engineering? I'm open to consulting engagements.