Som Chandra

I'm

About

I am an accomplished cybersecurity researcher and ethical hacker, with in-depth expertise in penetration testing, network security, and vulnerability assessment. My journey has been fueled by a relentless passion for safeguarding systems from cyber threats and contributing to the broader security community. Armed with a strong foundation in ethical hacking and advanced problem-solving, I actively seek innovative solutions to complex security challenges..

Beyond my technical endeavors, I am a creative at heart—an avid photographer, an ambitious cinematographer, and a self-taught sketch artist. Photography allows me to capture and tell stories that convey the beauty of our dynamic world, while sketching provides me with an introspective means for creative expression. This balance of analytical precision and artistic creativity fuels my unique perspective in both my professional and personal life.

When I'm not immersed in cybersecurity, I contribute to the community by creating and solving Capture The Flag (CTF) challenges, sharing insightful write-ups, and participating in bug bounty programs. My comprehensive skill set and multi-domain knowledge equip me to make meaningful contributions in cutting-edge cybersecurity while fostering a sense of collaboration and innovation wherever I work.

Skills

Web Application Security
System Administration
Bug Bounty
Mobile Application Penetration Testing
Capture The Flag
VAPT
Computer Forensics
Network Security
Unix
OSINT
Bash
Python
Cloud Computing

Resume

Education

Lovely Professional Univeristy, Phagwara

2021 - 2025

B. Tech - CSE Hons.(Cyber Security and Blockchain Technology)

7.49 CGPA

Certification

eWAPTxV2

CompTIA Security+ (SY0-701)

Projects

TrashRecon

April 2024
  • It is a comprehensive Python-based reconnaissance framework designed for security researchers and penetration testers. It automates various phases of the information gathering process.

PC-Info RCE

Jan 2024
  • Build a static web page on node that shows your computer information and is also vulnerable to Command Injection through User-Agent.
    • Used Node and JavaScript and also looped it down with a vulnerable OS for a complete Boot-To-Root machine

Hit me Falsky

Apr 2023
  • Designed webpage in the web challenge for N30N Byte CTF
  • Developed webpage with vulnerability of SSTI using Flask/Jinja2, HTML and Pure CSS

Simulating Cyber Challenges using Capture The Flag

April 2023
  • Jeopardy CTF (Capture the flag) problems for beginners to intermediate in Cyber Forensics, Web and OSINT

Log4j Vulnerabilities Scanner

Dec 2021
  • Bash Script that scans the domains and its subdomains for Log4J (CVE-2021-4428) with the help of Subfinder, HTTPX and Httprobe.

Courses

Jr Penetration Tester

CompTIA Pentest +

Unix Badge

Web Fundamentals

Foundations of Operationalizing MITRE ATT&CK

Object Oriented Programming using Python

Achievements

Hall of Fame(s)

  • Mastercard Inc.
  • Rakuten Inc.
  • Chatrbate Inc.

20+ Acknowledgement from NCIIPC India

CTFs

  • 3rd - OWASPLPU CTF 2022
  • 20th - WTFCTF 2022
  • 34th - RuCTF 2022
  • 56th - CodeGateCTF 2022 Preliminary
  • 60th - CyberGrabs CTF 0x03
  • 77th - MHSCTF 2022
  • 77th - Hayyim CTF 2022
  • 150th - Crew CTF 2023 (solo)
  • 164th - BDSec CTF 2023 (solo)
  • 191th - KnightCTF 2024

Others

  • Top 1% in TryHackMe
  • Hacker Rank in Hack The Box

Experience

MoveinSync

Application Security Intern

Mar 2024 - Current
  • Conducting Red Team Operations to identify and address vulnerabilities in organizational infrastructure.
  • Developing and executing security tests for Android and Web applications, including code reviews, static analysis, and dynamic analysis.
  • Performing API security testing to ensure the integrity and safety of RESTful APIs and web services.
  • Leading Vulnerability Assessment and Penetration Testing (VAPT) efforts for web applications, mobile applications, and APIs.
  • Implementing and optimizing security measures in the DevSecOps process for streamlined and secure development.
  • Collaborating with development teams through JIRA to embed security protocols into the application lifecycle.
  • Proactively identifying and mitigating security risks across the Software Development Life Cycle (SDLC) to ensure a secure development environment.

Securaeon Initiative

Cyber Security Research and Development intern

Feb 2022 - Jul 2022
  • Creating walkthroughs and proof of concepts for different attack scenarios.
  • Contributing to the development of upcoming products and courses.
  • Research and Create content about various domains of cybersecurity.

Bugcorwd

Security Researcher

Oct 2021 - Dec 2021
  • Participating in Bug Bounty Programs

Encrypt Edge

Core Member

Nov 2023 - Present
  • Orchestrated, and executed workshops and Capture The Flag (CTF) competitions on a national scale.

VULNCON

Technical Team Member

Oct 2022 - Present
  • Conducting camps, events, and giving talks on various domains related to cybersecurity.
  • Creating and participating in CTF events.

Google Developer Student Club

Core Team Member (cybersecurity)

Sep 2022 - Present
  • Working on open-source projects with other team members.
  • Conducting camps and events.

Team Member

OWASP LPU

Nov 2021 - Present
  • Working on open-source projects with other team members.
  • Organizing and participating in CTFs

Publications

Privilege Escalation for Linux

Hack The Box Write-ups

Medium

Volunteering

EncryptEdge – RCS CTF 2024

    Role: Challenge Creator and Coordinator
  • Created two boot-to-root machines with the various vulnerabilities for the players to exploit them and capture the final flag.
  • Implemented a sophisticated approach involving the utilization of misconfigured Cronjobs and Binary execution techniques, coupled with Command Injection through web interfaces.

Technocean - N30N Byte CTF Event

    Role: Challenge Creator and Coordinator
  • Collaborated in creating unique challenges in web application security, OSINT, and Steganography for the largest tech event at my college.
  • Assisted in designing, testing, and providing technical support for the challenges.
  • Contributed to the success of the 12-hour event with 300 participants, fostering a competitive and learning-focused environment for cybersecurity enthusiasts.

NOOB 4rMY - How to approach a CTF

    Role: Organizer and Instructor
  • Provided attendees with an understanding of cybersecurity concepts, with a specific emphasis on web application security and solved some of the PicoCTF live.
  • Developed communication and leadership skills while honing knowledge of cybersecurity through this experience.

EncryptEdge - CiscoIGEN CTF

    Role: Organizer and Instructor
  • Created challenges in Web Application, OSINT, and miscellaneous categories.
  • Introduced basic Steganography tools such as Steghide, Binwalk, and others for practical applications

Twitter