| Contact Information | |
| Name: | Abhijeet Hatekar |
| Email: | abhi.hatekar (at) gmail (dot) com [email concealed] |
| Location: | Pune, Maharashtra, India |
| Resume | |
| Position/Title: | Security Researcher |
| Resume: |
Curriculum Vitae Abhijeet S. Hatekar (abhi.hatekar (at) gmail (dot) com [email concealed]) A passion driven guy wants to be Network Security Professional and use education for complete development of a software firm that has strong sense of Unity and Purpose. Professional Experience: 1) Organization : Sipera Systems Inc. Hyderabad Designation : Vulnerability Research Engineer Environment : Linux, C, Perl, Win32 SDK, x86 Assembly, Shell Script, Objective C (MAC) Experience : August 2007 Till Date Role : § Lead Developer and Researcher in VIPER Lab. § Responsible for finding vulnerabilities in various VoIP Call Managers, SIP Endpoints § Reversing MS OCS Communicator 2007 and its authentication algorithm. § Lead developer for LAVA (Load Analysis and Vulnerability Assessment toolkit) Live CD. § Responsible for designing and writing different VoIP fuzzers and security tools. § Writing POC for the gathered vulnerabilities. § Responsible for Vulnerability Assessment of VoIP Service provider and VoIP Enabled mobile Phone in VIPER services. § Generating Signatures for the VoIP exploits for VoIP IDS module in Sipera IPCS. § Responsible for porting and developing VoIP specific applications on Apple iPhone. Reason of Leaving : Poor Management, No more challenging tasks. Repetitive work. 1) Organization : Symantec Corporation Pune. (Veritas Software Pvt. Ltd) Product : VERITAS Application Director (VAD), VERITAS Secure Server (VxSS) Environment : Perl, C, Shell Scripting Experience : August 2006 – August 2007 Role u Responsible for automation of installer for VAD using PERL & Shell Scripts u Integrating testing of VERITAS Secure Server (VxSS) with VAD u Find out vulnerabilities (BOF, XSS) in VAD, written POC and suggested solutions on them. u Worked on VMWare ESX Server, IBM lPars, mPars, and Solaris Zones etc virtualization technologies. Reason Of Leaving : Wanted to work in Security domain instead of Data Center Management. Skills / Knowledge: u Strong knowledge of Network protocols – TCP/IP, UDP, ICMP, ARP, RARP, RIPv1/v2, IGRP, OSPF, STP (Spanning Tree Protocol) u VoIP Technology - SIP, SKINNY, RTP, SRTP u Reverse Engineering – unpacking upx packer, finding vulnerable functions, serial keys etc. u Experience in developing Network and Security Related Applications. u Basic ShellCode development for Linux and Windows u DLL creation, injection and API hooking, windows drivers u Network programming, multi threaded programming (BSD Sockets, Winsock) u RootKits technologies – DKOM, Hooking, SSDT Patching etc. u Basic x86 Disassembling and debugging. (IDA Pro, OllyDBG) u PE, ELF file format. u Analysis of Malwares, Spywares. Technical Skills : Languages : X86 Assembly, C, Win32 SDK, Perl , Objective C Platform : UNIX (Solaris), Linux, Windows (2K, XP, 2003, Vista) Security Tools : ü BACKTRACK ü Metasploit Framework 2.X and 3.0 ü Nmap, Netcat, Nessus ü Nikto,Wikto (www.Sensepost.com) ü TCPDump/Ethereal ü SSH Tunneling Agents ü Ettercap ü IDA Pro ü OllyDbg ü Process Explorer ü Hex Editor ü Fuzzers ü ImpREC, LordPE, PEid, oSpy ü Plink (SSH Tunneling) ü Port redirectors (rinetd,fpipe) Security : Ø Developed security tools for Data Network and VoIP network penetration testing. Ø Did Vulnerability Assessments of Nokia smart phones as well as lot of VoIP Soft/Hard Phones. Ø Written private exploits for windows buffer overflows with SEH and EIP overflow. Ø Written shellcodes and developed Operating System Fingerprints for windows (Win2kSP2,Win2k3)and Linux (kernel 2.4.18 and above) Ø Honey Pots Technologies – Patriot, Back Orifice, Honeyed etc. Security Tool developed : Ø Sip Digest authentication password cracker, Microsoft Office Communication Server Fuzzer with NTLM Signing, SIP Statefull fuzzer, VoIP recon tool, SIP Fingerprinting tool, Remote OS detector, IIS-D0S, Unicode Scanner, DCOM Scanner, Banner grabber, Password Sniffer, Automated Pen-test Toolkit – Bughira ( http://bughira.sf.net ) Ø Exploit porting. Ø VoIP Security Toolkit (Live CD) Personal Projects: Project Title Description Spam Detector iPhone Software written in Objective C that allow user to mark incoming call as spam. Once marked as Spam, subsequent call from same number will be blocked. Port Scanner for iPhone A simple UDP(SIP) Scanner for iPhone, developed in Objective C. iSpitHacker A simple tool to get master.passwd file from iPhone installed with vulnerable version of iSpit. Bughira An Open Source Automated Penetration Testing Toolkit. It was developed before Metasploit came into market for Asian School Of Cyber Laws in college days. http:///bughira.sf.net Stealth Port Scanner It is fast TCP port scanner based on Half-Open scanning or SYN scanning method with database support. This technique makes the scanning reliable and faster than the legacy noisy connects method. Remote OS Detector A active-passive remote OS detector tool that monitors the TCP/IP stack for TTL, DF-bit, Window Size, Time stamp etc of remote system and find out running Operating system Network Sniffer A plain text password and protocol header Sniffer in C with about 8 protocols support using PCAP library. Keyboard Hooker A simple Key board hooker program which hooks specific process and logs all the keystrokes. Educational Qualification: Highest Level Level : B.E Computer Percentage : 70% (First Class With Distinction) Field of Study : Computer Engineering. Institute Name : P.D.E.A’s College of Engineering, Hadapsar Pune - 411028 Location : Pune, India Year : June 2006 Professional Certifications: u CISSP - Perusing u Offensive-Security Certified Security Professional (O.S.C.P ) u ASCL Certified Ethical Hacker (ASCL – C.E.H.) u Cisco Certified Network Associate (C.C.N.A.) u Red Hat Certificate System Engineer (R.H.C.E.) Technical Achievements: Ø Founder of Hadapsar Linux User Group, Pune (H-LUG) Ø Second Prize in Technical Quiz Contest at GENESIS – 2002 Ø Delivered presentations on Linux Security issues and Buffer Overflow in ASCL and in P.D.E.A’s College of Engineering pune. Ø Presented Paper on Advance Operating System Detection Mechanisms held in DY Patil college Pimpri Pune -43 and Priyadarshani College of Engineering Nagpur in 2006 Addresses Current : C/o Mrs. S. Nageshwar Rao, Shri Saikrupa Nilayam. House No 1-11-226/5 BegumPeth, Hyderabad – 500016 Permanent : “Indraprastha”, Building, Gandhi Nagar, Chikhli, Buldhana 443201 : abhi.hatekar (at) gmail (dot) com [email concealed] Mobile : +919704029122 Website : http://bughira.wordpress.com http://bughira.sf.net Extra Curricular Activities: State level Cricket, District Level Football and Badminton. |