reveng007's Blog

Central Point for Research and Development

---

Project maintained by reveng007 Hosted on GitHub Pages — Theme by mattgraham

About Me:

• Hi, this is Soumyanil (aka reveng007).
• He has hands-on offensive security professional with a strong focus on endpoint security, cloud attack automation, and purple teaming.
• Aside from the Offensive side, he also writes high fidility detection rules for EDR evasive malware techniques, signatures for malicious network traffic and AWS related attack vectors.
• Former Black Hat Asia, USA, SecTor & Europe 2024, Wild West Hacking Fest 2024 Arsenal Presenter and Former Speaker BSides Singapore 2023.

What I do:

1. Perform Red/purple Team assessments on Client environments.
2. Perform Network PT and Thick Client Testing assessments.
3. Perform Threat detections/hunting on Cloud and On-prem environments to help detection engineers in authoring detections for identified bypasses, reducing blind spots across MITRE ATT&CK techniques.
4. Developing and deploying custom detections based on analysis of incidents and relevant adversary TTPs via “Detection as Code”.
5. Different EDRs, MDI and other Security Product evaluation.
6. Created Offensive CI/CD Pipelines and automated hunting for sensitive keywords in O365 environments.
7. Covert Custom C2 creation and Exfiltration related BOF development for BRC4 and Cobalt Strike.

Projects I have worked on:

1. Detection Engineering via Event logs (high level), Kernel Callback and ETWTi based ELAM drivers (low level) (On going projects):
   Built Kernel drivers POCs and ETWTi based ELAM (Early Launch AntiMalware) drivers to detect process injection techniques like, thread hijacking, EarlyBird APC Injections, LSASS memory access (also for Silent process exit and Duplicate handle technique), PPID Spoofing and Process Hollowing, Ghosting, Herpaderping, LLMNR poisoning, Ransomware detection workflow, Named pipe based privilege escalation and lateral movement.
2. AWS Attack Simulation and Detection (On going projects):
   All my works can found here: https://github.com/reveng007/AWS_Attack_Simulation_Detection_Lab
3. SharePoint Sensitive Keyword Hunting:
   Queried live enterprise SharePoint sites using Microsoft Graph API + KQL (Keyword Query Language) to identify exposed sensitive data.
4. WPAD Assessment:
   Investigated WinHttpAutoProxySvc attack surface under disabled WPAD configs.
5. MDE Exclusion Bypass:
   Evaluated Microsoft Defender Exclusion visibility and abuse even under “HideExclusionsFromLocalAdmins” policy.
6. Privilege Access Management Product Abuse:
   Discovered multiple UAC bypasses in Beyond Trust PAM solution while operating under restricted (low-flex) environments.
7. Windows 11 Endpoint Evaluation:
   Performed holistic endpoint security review including Zscaler, DLP, MDE, and Beyond Trust.
8. Assessment of MDI via AD Attacks:
   Ran 400+ test cases on Microsoft Defender for Identity involving ADCS, Kerberoasting, ACL abuse, and more, having 89% success rate in bypassing MDI.
9. Cloud Attack Automation (AWS):
   Built adversary simulation tooling for FireCompass’ automation platform.
10. Malware & Ransomware Tooling:
    Developed stealthy ransomware and evasive malware strains for internal red team assessments.

Courses/ Certifications:

• Linkedin Learning - Threat Detection
• O’Reilly - Wireshark for SecOps
• Pluralsight - Threat Hunting: Network Hunting
• KC7Fundation - KQL : Advanced Persistent Analyst
• TryHackMe - Attacking and Defending AWS
• HackTheBox - Detecting Windows Attacks with Splunk (ongoing)
• Maldev Academy - Malware Development Modules
• DeepLearning.ai - Red Teaming LLM Applications
• ZeroPoint Security - Certified Red Team Operator/ CRTO
• Pentester Academy - Certified Red Team Professional/ CRTP
• AttackIQ Foundations of Operationalizing MITRE ATT&CK v13
• Sektor7 RED TEAM Operator: Windows Evasion Course
• Antisyphon Training SOC Core Skills

---

$ cat /var/www/html/index.html

View my My list of posts !

• How did I approach making linux LKM rootkit, “reveng_rtkit” ?
• CloudGoat Scenario 2: vulnerable_cognito (Small / Moderate): WalkThrough and Mitigation

$ cat /var/www/html/redirect/index.html

View my blogs on other platforms:

1. My Journey to Learning ThreatHunting: Part 3 - Detection AWS related attacks and events via Splunk - (Part 1/5)
2. My Journey to Learning ThreatHunting: Part 2 - Honing my KQL based detection Engineering
3. My Journey to Learning ThreatHunting: Part 1 - Windows Endpoint Malware Infection detection via Splunk
4. AWS Attack Simulation and Detection Lab
5. The Ultimate Cloud Security Championship - Perimeter Leak (June 2025) by Wiz
6. Big IAM AWS CTF by Wiz
7. ExfilCola AWS Cloud Hunting CTF by Wiz
8. Kerberos Deep Dive (original website is sold, so had to add backup)
9. HTB Knife (original website is sold, so had to add backup)
10. THM Steel Mountain MrRobot
11. THM NinjaSkills
12. THM TheServerFromHell