Avatar

Mayank Malik

CRTP | Incident Responder | Synack Red Team Member | Threat Analyst | Security Researcher | Cloud/Network Architect

Muzaffarnagar, Uttar Pradesh

Biography

Mayank Malik is a tech savvy person, Red Team Enthusiast, and likes to wander around to learn new stuff. Cryptography, Networking and System Administrations are his forte. He’s one of the Founding Members for CTF Team, Abs0lut3Pwn4g3, and Core Member at DC 91120 (DEFCON Community Group). Apart from the mentioned skills, he’s good at communication skills and is goal oriented person. Yellow belt holder at pwn.college in pursue of learning and achieving Blue Belt.

Interests

  • Computer Networking
  • Pentesting
  • Threat Hunting
  • Malware Analysis
  • Cryptography
  • Reverse Engineering
  • Exploit Development
  • Hardware
  • PIZZAS

Education

  • School, 2017

    Shardein School

  • B.Sc. (Hons) in Computer Science, 2020

    College of Vocational Studies, University of Delhi

Posts

Malware Analysis and Triage Report : AveMaria RAT

1. Executive Summary A. Fingerprinting MD5: 425cf022932c7ace6542f18af4fbac2a SHA256: b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d VirusTotal Report: https://www.virustotal.com/gui/file/b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d/detection/f-b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d-1668189288 B. Classification The AveMariaRat is a Remote Access Trojan that allow the attacker to connect and control the victim’s machine throught the using of a fake process and a reverse connection the its C&C server. C. Behavioral Summary The AveMariaRat comes with a common technique that hide the exe malware using a fake Word icon, once launched the exe start some cmd that creates two distinct dll files.

Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe

1. Executive Summary A. Fingerprinting MD5: c5782ebad92661d4acfacaf4daa1fc52 SHA256: 1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e VirusTotal Report: https://www.virustotal.com/gui/file/1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e B. Classification PirateStealer is a new Info Stealer in the scene. Not much info is provided about this family and the sample is relatively new. No traces has been found on either Malware Bazaar or Malpedia. The sample will be submitted to aforementioned databases after this post. C. Behavioral Summary The sample executes itself and checks for presence of Virtualized Environment by using registry information and disk drive identifiers.

HTB Writeup: Paper

Enumeration nmap Scan # Nmap 7.92 scan initiated Mon Apr 11 15:07:52 2022 as: nmap -sC -sV -T3 -oN nmap.all-port.txt -vv -p- 10.10.11.143 Nmap scan report for 10.10.11.143 (10.10.11.143) Host is up, received echo-reply ttl 63 (0.084s latency). Scanned at 2022-04-11 15:07:58 IST for 54s Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.0 (protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.

HTB Writeup: Catch

Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-24 06:52 IST Nmap scan report for 10.129.110.180 (10.129.110.180) Host is up (0.075s latency). Not shown: 65530 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA) | 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA) |_ 256 18💿9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Catch Global Systems |_http-server-header: Apache/2.

HTB Writeup: Acute

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-04 07:55 IST Nmap scan report for 10.129.136.40 (10.129.136.40) Host is up (0.080s latency). Not shown: 65534 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | ssl-cert: Subject: commonName=atsserver.acute.local | Subject Alternative Name: DNS:atsserver.acute.local, DNS:atsserver | Not valid before: 2022-01-06T06:34:58 |_Not valid after: 2030-01-04T06:34:58 |_http-server-header: Microsoft-HTTPAPI/2.0 |_ssl-date: 2022-07-04T02:43:16+00:00; +15m23s from scanner time. | tls-alpn: |_ http/1.

Skills

C/C++

Python

Java

GOLang

Docker

PHP

Linux System Administration

Network Administration

Reverse Engineering

Exploit Development

Google Cloud Platform

Amazon Web Services

Wordpress

MySQL

Cryptography

Adobe Photoshop

Adobe Premier

Adobe AfterEffects

Adobe Illustrator

Experience

 
 
 
 
 

Incident Responder

Certego

Nov 2021 – Present Italy
 
 
 
 
 

Threat Analyst

Netenrich

Dec 2020 – Nov 2021 India
 
 
 
 
 

Security Researcher

Synack Red Team

Dec 2020 – Present India
 
 
 
 
 

Senior Advisory

ENCRYPT - The Tech Society of College of Vocational Studies

Apr 2019 – Apr 2020 University of Delhi, Delhi
 
 
 
 
 

Core Member

DC 91120 (DEFCON Community Group)

Mar 2019 – Present Delhi, India
 
 
 
 
 

Design & Technology Head

TEDxCVS

Feb 2019 – Mar 2019 University of Delhi, Delhi
 
 
 
 
 

Design & Technology Member

TEDxCVS

Feb 2019 – Mar 2019 University of Delhi, Delhi
 
 
 
 
 

Founding Member

Abs0lut3Pwn4g3

Oct 2018 – Present India
 
 
 
 
 

Design & Technology Head

ENCRYPT - The Tech Society of College of Vocational Studies

Aug 2017 – Apr 2019 University of Delhi, Delhi
 
 
 
 
 

Design & Technology Member

ENACTUS CVS

Aug 2017 – Mar 2019 University of Delhi, Delhi

Accomplishments

Architecting with Google Kubernetes Engine Specialization

See certificate

Architecting with Google Kubernetes Engine: Production

See certificate

Architecting with Google Kubernetes Engine: Workloads

See certificate

Architecting with Google Kubernetes Engine: Foundations

See certificate

Autopsy 8-Hour Online Training

See certificate

Machine Learning

See certificate

Reliable Cloud Infrastructure: Design and Process

See certificate

Google Cloud Platform Fundamentals: Core Infrastructure

See certificate

Essential Cloud Infrastructure: Foundation

See certificate

Essential Cloud Infrastructure: Core Services

See certificate

Elastic Cloud Infrastructure: Scaling and Automation

See certificate

Elastic Cloud Infrastructure: Containers and Services

See certificate

Architecting with Google Cloud Platform Specialization

See certificate

Elastic Cloud Infrastructure: Containers and Services

See certificate

Projects

*

RFFuzzer

A SSRF Detection tool to identify web URLs vulnerable to SSRF via HTTP Header Injection.

Exfiltrace

A data exfiltration server-client app.

Datanoid

A multilevel Data-Encryption Tool.

File Encryptor 1.0

A File Encryption tool written in JAVA

Root The Box framework

A CTF framework(in flask) for HackTheBox style machines.