Debraj Basak

• Received Employee of the Quarter (Breakthrough Mindset) Award within 5 Months of Joining

• Red Team Infrastructure & Lab Development: Designed and maintained a sophisticated red team lab to emulate real-world adversarial attack scenarios.
• MITRE ATT&CK Implementation & Research: Conducted in-depth research and developed various implementations of MITRE techniques on company products to assess detection and response capabilities.
• MITRE Evaluations & Micro-Emulations: Led 200+ micro-emulations as part of the company’s MITRE ATT&CK evaluations, improving security posture and product efficacy.
• Security Testing as Part of SDL: Conducted penetration testing, fuzzing, and interactive application security testing (IAST) across various product lines, ensuring security-by-design principles in development.
• Efficacy Research & Product Hardening: Performed red team assessments to break and bypass security controls, identifying and mitigating vulnerabilities proactively.
• PSIRT Customer Escalation Handling: Investigated customer-reported security incidents, verified proof-of-concepts (PoCs), and provided detailed mitigation strategies for reported vulnerabilities.
• Adversary & Malware Emulation: Continuously mimicked APT actors and malware campaigns to test and enhance the resilience of security products against real-world threats.
• Purple Teaming & Collaborative Defense: Worked with blue teams to enhance threat detection capabilities by simulating advanced persistent threats (APTs) and developing improved detections.
• Team Training & Knowledge Sharing: Trained security teams in advanced penetration testing techniques, malware analysis, exploit development, and emulation of sophisticated adversaries.
• Standard Operating Procedures (SOPs) & Checklists: Developed comprehensive SOPs, checklists, and best practices for Web, API, container, and thick client (Windows, macOS, Linux) pentesting to enhance efficiency and standardization.
• Windows Internals & Advanced Research: Conducted specialized research on Windows internals, in-memory attacks, native APIs, reverse engineering (breakpoints & debugging), and EDR/AV evasion techniques.
• Kernel & Driver Fuzzing: Performed fuzzing of drivers and IOCTL experiments on security products to identify and remediate vulnerabilities in low-level system components.
• Threat Intelligence & Detection Bypass Research: Investigated endpoint security solutions (ENS, AV, EDR bypass techniques) and tested resilience against stealthy attack methodologies.
• Exploitation & Security Automation: Developed and tested automated attack frameworks for privilege escalation, credential access, lateral movement, and payload obfuscation.
• Continuous Innovation in Security Engineering: Pioneered new offensive techniques and advanced malware simulation methodologies to improve detection, response, and product security.
• Developed custom fuzzing harnesses for targeted vulnerability research in security products and kernel drivers.
• Designed bespoke adversarial scenarios using cutting-edge offensive security research for real-world attack replication.
• Led cross-functional security assessments with engineering teams to embed security best practices into the development lifecycle.
• Published internal security research and technical documentation to enhance the organization's collective knowledge on red teaming, exploitation, and adversary simulation.

• Received Star Employee of the Quarter Award
• OT/SCADA Security Assessments: Conducted in-depth security assessments for Operational Technology (OT) and SCADA environments, identifying vulnerabilities and securing critical industrial control systems for India's leading Mining and Iron Ore company Vedanta Group.
• Active Directory (AD) Exploitation & Infrastructure Security: Assessed and exploited Active Directory (AD) misconfigurations, privilege escalations, and lateral movement techniques in enterprise environments. Performed comprehensive Infrastructure VAPT to strengthen overall security posture.
• Vulnerability Assessment & Penetration Testing (VAPT): Conducted end-to-end security assessments for multiple clients, including two major PSU Banks in India, covering Web, Android, and iOS applications.
• Security Tools & Technologies: Worked with industry-standard security tools, including:

Nessus (vulnerability scanning & compliance checks)

SpiderFoot (OSINT & attack surface discovery)

Metasploit (exploitation framework )

IDA Pro (reverse engineering and static analysis)

Android Studio, MobSF, Drozer (Android security testing and mobile application analysis)

Burp Suite & Frida (web & mobile application penetration testing, runtime analysis, and bypassing security controls)

• Collaborated with cross-functional teams to drive successful completion of complex projects within deadlines.
• Trained and supported new team members, maintaining culture of collaboration.

Cloud Penetration Testing – AWS Security Tools & Technologies

• Vulnerability Assessment & Penetration Testing (VAPT) on multiple enterprise clients across various industries, including web, network, Android, iOS, IoT, and red teaming engagements.
• Web & Mobile Security Testing for two of the largest private banks in India, the largest stock exchange, and banks in Saudi Arabia, identifying and mitigating critical vulnerabilities.
• IoT Security & Hardware Hacking for a leading car manufacturer, assessing the CAN Bus system security to evaluate and enhance the security of in-vehicle communication protocols.
• Medical Device Security & Hardware Hacking for GE Healthcare, performing hardware and firmware security testing to identify vulnerabilities in embedded systems and communication protocols.
• Network & Infrastructure Security Testing for enterprise clients, identifying misconfigurations and security weaknesses in on-premises and cloud environments.
• Red Teaming Engagements to simulate real-world attack scenarios, testing defense mechanisms, identifying gaps in detection & response.

• Worked directly as a vendor for AWS (Amazon Web Services), conducting security assessments on AWS’s own infrastructure.
• Performed AWS Console Testing, evaluating privilege escalations and misconfigurations in the cloud management interface.
• Conducted IAM Role Testing, analyzing AWS Identity and Access Management (IAM) roles and policies to identify privilege escalation risks.
• Tested AWS Services such as S3, EC2, Midway, and other AWS components for security flaws, misconfigurations, and exploitable attack vectors.

Web & Infrastructure Security: Nessus, SpiderFoot, Metasploit, Burp Suite, Cobalt Strike.

Reverse Engineering & Exploit Development: IDA Pro, Ghidra, Xcode.

Mobile Security: Android Studio, MobSF, Drozer, Frida.

Cloud Security: AWS Security Assessment Tools, IAM Auditing, AWS-specific exploitation techniques.

• Vulnerability Assessment & Penetration Testing (VAPT) for multiple clients across various industries, including 8 tech companies, 1 education institution, 1 power sector organization, and 3 banks.
• Web, Network, Android, and iOS Security Assessments, identifying and mitigating critical vulnerabilities to improve the overall security posture of client infrastructures.
• Cybersecurity Training & Corporate Sessions for government and non-government organizations, delivering hands-on workshops and expert-led sessions.
• Provided Training to Government Agencies, including CBI, Kolkata Police, and the Special Bureau, on advanced cybersecurity topics and digital forensics.
• Conducted Cybersecurity Awareness & Skill Development Programs for corporate clients, focusing on penetration testing, malware analysis, and incident response.

GPA: 9.03