Avatar

Mayank Malik

CRTP | Incident Responder | Synack Red Team Member | Threat Analyst | Security Researcher | Cloud/Network Architect

Muzaffarnagar, Uttar Pradesh

Biography

Mayank Malik is a tech savvy person, Red Team Enthusiast, and likes to wander around to learn new stuff. Cryptography, Networking and System Administrations are his forte. He’s one of the Founding Members for CTF Team, Abs0lut3Pwn4g3, and Core Member at DC 91120 (DEFCON Community Group). Apart from the mentioned skills, he’s good at communication skills and is goal oriented person. Yellow belt holder at pwn.college in pursue of learning and achieving Blue Belt.

Interests

  • Computer Networking
  • Pentesting
  • Cryptography
  • Reverse Engineering
  • Exploit Development (Still learning)
  • Hardware
  • PIZZAS

Education

  • School, 2017

    Shardein School

  • B.Sc. (Hons) in Computer Science, 2020

    College of Vocational Studies, University of Delhi

Posts

HTB Writeup: Resolute

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 22:44 IST Nmap scan report for 10.129.96.155 (10.129.96.155) Host is up (0.078s latency). Not shown: 65511 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-07-07 10:23:33Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.

HTB Writeup: Sauna

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 07:05 IST Nmap scan report for 10.129.95.180 (10.129.95.180) Host is up (0.071s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: Egotistical Bank :: Home 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-07-07 08:37:43Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.

HTB Writeup: Buff

Enumeration nmap # Nmap 7.92 scan initiated Sun Jul 3 11:41:02 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.25.107 (10.129.25.107) Host is up (0.080s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 7680/tcp open pando-pub? 8080/tcp open http Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6) |_http-title: mrb3n's Bro Hut |_http-open-proxy: Proxy might be redirecting requests |_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.

HTB Writeup: Undetected

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-01 08:36 IST Nmap scan report for 10.129.136.44 (10.129.136.44) Host is up (0.078s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2 (protocol 2.0) | ssh-hostkey: | 3072 be:66:06:dd:20:77:ef:98:7f:6e:73:4a:98:a5:d8:f0 (RSA) | 256 1f:a2:09:72:70:68:f4:58:ed:1f:6c:49:7d:e2:13:39 (ECDSA) |_ 256 70:15:39:94:c2💿64:cb:b2:3b:d1:3e:f6:09:44:e8 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Diana's Jewelry |_http-server-header: Apache/2.4.41 (Ubuntu) Service detection performed.

HTB Writeup: Registry

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-02 16:27 IST Nmap scan report for 10.129.187.31 (10.129.187.31) Host is up (0.081s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 72:d4:8d:da:ff:9b:94:2a:ee:55:0c:04:30:71:88:93 (RSA) | 256 c7:40:d0:0e:e4:97:4a:4f:f9:fb:b2:0b:33:99:48:6d (ECDSA) |_ 256 78:34:80:14:a1:3d:56:12:b4:0a:98:1f:e6:b4:e8:93 (ED25519) 80/tcp open http nginx 1.14.0 (Ubuntu) |_http-title: Welcome to nginx! |_http-server-header: nginx/1.

Skills

C/C++

Python

Java

GOLang

Docker

PHP

Linux System Administration

Network Administration

Reverse Engineering

Exploit Development

Google Cloud Platform

Amazon Web Services

Wordpress

MySQL

Cryptography

Adobe Photoshop

Adobe Premier

Adobe AfterEffects

Adobe Illustrator

Experience

 
 
 
 
 

Incident Responder

Certego

Nov 2021 – Present Italy
 
 
 
 
 

Threat Analyst

Netenrich

Dec 2020 – Nov 2021 India
 
 
 
 
 

Security Researcher

Synack Red Team

Dec 2020 – Present India
 
 
 
 
 

Senior Advisory

ENCRYPT - The Tech Society of College of Vocational Studies

Apr 2019 – Apr 2020 University of Delhi, Delhi
 
 
 
 
 

Core Member

DC 91120 (DEFCON Community Group)

Mar 2019 – Present Delhi, India
 
 
 
 
 

Design & Technology Head

TEDxCVS

Feb 2019 – Mar 2019 University of Delhi, Delhi
 
 
 
 
 

Design & Technology Member

TEDxCVS

Feb 2019 – Mar 2019 University of Delhi, Delhi
 
 
 
 
 

Founding Member

Abs0lut3Pwn4g3

Oct 2018 – Present India
 
 
 
 
 

Design & Technology Head

ENCRYPT - The Tech Society of College of Vocational Studies

Aug 2017 – Apr 2019 University of Delhi, Delhi
 
 
 
 
 

Design & Technology Member

ENACTUS CVS

Aug 2017 – Mar 2019 University of Delhi, Delhi

Accomplishments

Architecting with Google Kubernetes Engine: Production

See certificate

Architecting with Google Kubernetes Engine Specialization

See certificate

Architecting with Google Kubernetes Engine: Workloads

See certificate

Architecting with Google Kubernetes Engine: Foundations

See certificate

Autopsy 8-Hour Online Training

See certificate

Machine Learning

See certificate

Architecting with Google Cloud Platform Specialization

See certificate

Google Cloud Platform Fundamentals: Core Infrastructure

See certificate

Essential Cloud Infrastructure: Foundation

See certificate

Essential Cloud Infrastructure: Core Services

See certificate

Elastic Cloud Infrastructure: Scaling and Automation

See certificate

Elastic Cloud Infrastructure: Containers and Services

See certificate

Reliable Cloud Infrastructure: Design and Process

See certificate

Elastic Cloud Infrastructure: Containers and Services

See certificate

Projects

*

RFFuzzer

A SSRF Detection tool to identify web URLs vulnerable to SSRF via HTTP Header Injection.

Exfiltrace

A data exfiltration server-client app.

Datanoid

A multilevel Data-Encryption Tool.

File Encryptor 1.0

A File Encryption tool written in JAVA

Root The Box framework

A CTF framework(in flask) for HackTheBox style machines.