Sukesh Shetty

Sharing a blog post from my Synack work, a reminder that solid offensive security is about process, persistence, and details.

🔓 Boot files weren't supposed to talk. But they did. RSA keys. /etc/passwd. Admin/Admin in production firmware. No CVE. No exploit. Just a misconfigured web server. My latest writeup on Synack Exploits Explained 👇 🔗 synack.com/exploits-expla…

here are the top 9 things i’ve learned in my first 6 months working as a senior cybersecurity consultant for @CrowdStrike: 1. github is terrifying. parse your own repos for hard coded creds, thank me later 2. great companies still exist, crowdstrike is one of them 3. the hallmark of a great manager is someone who listens to understand, and teams up with you to work to solve the problem you face. not someone who works against you 4. consulting doesn’t have to drain you. a mature, well-run consulting firm provides you the necessary resources (including sufficient staffing) to commit 110% to each of your clients without overworking yourself 5. identity-based attacks are what keep most security practitioners awake at night nowadays 6. i am under-skilled in networking and AD, but that’s ok because i have colleagues who are geniuses in these areas and a solid consulting firm balances out talents/skills. my talents/skills are just as valuable. comparing yourself to everyone around you achieves nothing positive 7. having a job that you genuinely enjoy, working for people and a company that treat you with kindness and respect does wonders for your mental health. i didn’t realize how poor my mental health was due to struggles at my previous job 8. the best consultants are the ones who genuinely care and want to provide actionable, realistic solutions 9. the color changing, dancing dino emoji in slack is elite. you can’t change my mind

IMPORTANT DEVELOPMENT... 'CHUP' ₹ 100 TICKET FROM MON - THU... #Chup tickets at ₹ 100 from 26 to 29 Sept 2022 [#Navratri]... OFFICIAL ANNOUNCEMENT... Note: *T&C apply. Offer applicable in select cities. linktr.ee/ChupMovie

@SEHAHealth Not able to register through the app using EID and mobile number, getting error "data entered doesn't match the medical record". Please advise

Please register with Seha's App #malaffi and you will get all the information you need, by registering your ID number and phone number Android Goo.gl/sRTSZm IPhone Goo.gl/EUUfVW Or the web Login.seha.ae

الرجاء التسجيل في تطبيق #شركه_صحه #بوابه_المريض_الالكترونية وسوف يعطيك كافة المعلومات التي تحتاجها، من خلال تسجيل رقم الهوية والتلفون الاندرويد goo.gl/sRTSZm الايفون goo.gl/EUUfVW او الويب login.seha.ae

Had worst experience with #kfcuae #kfc chicken was not fresh, fries seems to be weeks old, no ketchup, no spoons, no plates. We had to throw half of the food. Its very hard to waste food. But out of options. None eats this food @kfc

The structure of my videos will be to first exploit the vulnerability manually and then script it. Here's a sample video of me scripting an SQLi exploit. Since the scripting portion takes up most of the video time, I'd like to know if that's something that you would find useful?

Sad to see this is not clear for people in 2021 (CISO & co) but: Vuln. Assessment != AppSec AppSec != Pentest Pentest != RedTeaming Redteaming != internal pentest (AD) Adversary simulation != Adversary emulation that != Purple Teaming. Each approach is complementary, thank you😤

@intigriti Whoami

@chiragsavla94 @SecurityTube @nikhil_mitt Thank you bro👍

@SecurityTube @daemon_user @nikhil_mitt Congrats 👍

Congratulations to @daemon_user for clearing our Certified Red Teaming Expert exam! #RedTeamLab #CRTE cc @nikhil_mitt bit.ly/2XPFfw4

@SecurityTube @nikhil_mitt Also, special mention to the Red Team Lab support team for their continuous support during this CRTE journey, you guys have been awesome!!

@SecurityTube @nikhil_mitt Thanks to @nikhil_mitt for designing such an amazing Active Directory lab environment. It has been a great learning experience about Active Directory, PowerShell, manual MS SQL exploits, etc. The lab and exam were both challenging and fun to solve with a bit of research.

It's wonderful to have @daemon_user from @niiconsulting to give a talk in our upcoming @Hackers_Meetup on 19 july Register now forms.gle/scj9gKwSukAaQo… #TheHackersMeetup #THMIndia

We are glad to announce that our Subject Matter Expert @daemon_user (Sukesh Shetty) will be speaking on 'Firewall Rule-set and Configuration Review' at @Hackers_Meetup on 19th July (Sun) at 10:00 AM (IST) #cybersecurity #firewall #webinar #hackers #onlinemeetup #onlineconferences

Thanks to our wonderful team of @gharbhejo n tremendous on ground support from @khaanachahiye Ninjas we got1000 people who had reached out to us for help onto trains to UP. Many thanks to @MumbaiPolice @RailMinIndia. And eternal gratitude to the rockstar @SonuSood n @NeetiGoel2

Shout out to the great initiative started by YashpalSinh Sisodiya - a non-profit organization to help Cyber crime victims. We as a CyberNGO would like to help Cybercrime victims, spread awareness to avoid users being victimized i…lnkd.in/dX5EgDX lnkd.in/d85dzmw

⭕ *68,000 crore* of loan waiver given to big corporates ⭕ *20,000 crore* being spent for central vista project Dear Government of India, show your priority. Ensure free transport to workers. #NoFareForWorkers

Thanks to our wonderful donors, we were able to distribute ration kits of essential food grains, oil, salt, sugar, etc to 26 families in this slum on RTO Road, Andheri West. #lockdown #Coronavirus @projectmumbai1 @rubenmasc @HelpingHandsTwt @swaraj1983

The single best way to overcome Covid-19 anxiety is to engage yourself in charitable work. Spending an hour or two every day doing something for others takes you completely out of your egocentric viewpoint. There's so much remote work that needs to be done.

This is a slum of nearly 1000 people, called Madraswadi right on JVLR. They are all daily wage workers and don't have ration cards or any other safety net. Totally dependent on handouts. @OfficeofUT @AUThackeray @MantralayaRoom @rubenmasc @projectmumbai1