Updated Projects

index.html

@@ -19,7 +19,7 @@
 		<ul id="navigation">
 			<li><a href="#about">About</a></li>
 			<li><a href="#experience">Experience</a></li>
-			<li><a href="#news">News</a></li>
+			<li><a href="#developments">Developments</a></li>
 			<li><a href="#projects">Projects</a></li>
 			<li><a href="data/MuniNitishKumarYaddala_Resume.pdf" target="_blank">CV</a></li>
 			<li><a href="#contact">Contact</a></li>
@@ -65,7 +65,7 @@ <h2>Experience</h2>
 							Bangalore,
 							India</address>
 						<details>
-							<summary>Job Details</summary>
+							<summary>Details</summary>
 							<ul>
 								<li>Identified and reported 20 vulnerabilities across 6 applications and websites
 									using Burp Suite.</li>
@@ -81,7 +81,7 @@ <h2>Experience</h2>
 							Hyderabad,
 							India</address>
 						<details>
-							<summary>Job Details</summary>
+							<summary>Details</summary>
 							<ul>
 								<li>Drove significant process improvements by automating the extraction of bank and
 									trade reference documents, customer credit score calculation, and periodic reviews
@@ -100,7 +100,7 @@ <h2>Experience</h2>
 						<address>
 							Sriharikota, India</address>
 						<details>
-							<summary>Job Details</summary>
+							<summary>Details</summary>
 							<ul>
 								<li>Closed 30 unused ports across 20 devices, including FTP and TELNET, reducing the
 									attack surface area by 35% on the subnet and mitigating cyber threats.</li>
@@ -115,8 +115,211 @@ <h2>Experience</h2>
 				</ul>
 			</section>
 
-			<section id="news">
-				<h2>News</h2>
+
+			<section id="projects">
+				<h2>Projects</h2>
+				<ul>
+					<li><strong>August 2023 &mdash; December 2023: </strong>Honeypot+</li>
+					<details>
+						<summary>Details</summary>
+						<ul>
+							<li>
+								Emulated 30 key services, including FTP, SSH, HTTP, and others.
+							</li>
+							<li>Integrated with the Snort IDS to actively detect attacks on emulated services.</li>
+							<li>Attack Detection on HTTP flooding on HTTP service, and brute-force and denial-of-service
+								(DOS) attacks on FTP and SSH services.</li>
+							<li>Actively pushes logs to a designated website for centralized analysis and comprehensive
+								overview of each log entry.</li>
+							<li>Consumes minimal resources (under 20% memory on a 4GB memory machine when idle and
+								around 40% under attack) and is designed for easy deployment by both technical and
+								non-technical users.</li>
+						</ul>
+					</details>
+				<li><strong>October 2023: </strong>System Call Hooking and Malicious String Detection</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>
+							Designed and implemented a system call hooking mechanism in the Linux kernel to
+							capture and log the full path of newly created directories.
+						</li>
+						<li>Hooked and unhooked 21 syscalls, capturing and logging their parameters.</li>
+						<li>Automated the process of collecting system call invocations for a target binary
+							using Python.</li>
+						<li>Developed a system call sequence analysis framework for anomaly detection,
+							leveraging Python and system call sequence analysis knowledge.</li>
+						<li>Implemented a maliciousness determination algorithm using Python based on system
+							call sequence analysis.</li>
+					</ul>
+				</details>
+				<li><strong>September 2023: </strong>Binary Exploitation</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>
+							Identified and exploited buffer overflow vulnerabilities in three separate
+							binary programs using techniques such as pattern creation, precise offset
+							calculation, and customized payload construction.
+						</li>
+						<li>Utilized the ’pwn’ package in Python to automate the exploitation process,
+							manage binary processes, and efficiently interact with binaries by providing
+							input strings and capturing the resulting output</li>
+						<li>Analyzed binary code to identify vulnerable functions and exploitable
+							conditions, showcasing a practical understanding of low-level programming
+							concepts.</li>
+						<li>Crafted tailored payloads for each binary program, aligning the payload with
+							specific vulnerabilities and desired outcomes, such as reading flags or
+							executing arbitrary code, showcasing precision in payload design.</li>
+						<li>Applied knowledge of low-level programming concepts and memory management
+							techniques to identify and exploit buffer overflow vulnerabilities, highlighting
+							a comprehensive understanding of the intricacies involved in securing and
+							exploiting binary code.</li>
+					</ul>
+				</details>
+				<li><strong>August 2023: </strong>CMS v2.8 Exploitation: Gaining Shell and Root</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Conducted an intensive Nmap scan, unveiling open ports 22, 80 (leading to
+							directory
+							discovery at /navigate), and 53.</li>
+						<li>Exploited Navigate <a
+								href="https://www.rapid7.com/db/modules/exploit/multi/http/navigate_cms_rce/"
+								target="_blank">CMS v2.8</a>, achieving a shell and www-data user access,
+							followed
+							by privilege escalation attempts.</li>
+						<li>Detected 3 SUID-enabled PHP files, allowing privilege escalation, and used 1 to
+							maintain
+							escalated privileges using <a href="https://gtfobins.github.io/"
+								target="_blank">GTFObins</a>.</li>
+					</ul>
+				</details>
+				<li><strong>June 2023: </strong><a href="https://github.com/Stranger825/webpulse"
+						target="_blank">WebPulse</a>: Accurate Command-Line Web Target Assessment Tool</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Developed and tested a comprehensive web-target probing command line tool,
+							featuring
+							user-friendly functionality, and supporting both HTTP and HTTPS protocols,
+							resulting in
+							a 98% accuracy rate in determining target status.</li>
+						<li>Designed dynamic output formatting that clearly displays the various stages of
+							web-target validity, including visual cues for valid versus invalid targets and
+							alive
+							versus dead targets, resulting in a 40% increase in user comprehension of the
+							outputs
+							compared to previous versions.</li>
+					</ul>
+				</details>
+				<li><strong>October 2021: </strong>Denial-of-Service Simulation: Unveiling Impact and
+					Analyzing
+					Performance</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Executed a simulated DoS attack using <a
+								href="https://www.cloudflare.com/learning/ddos/ddos-attack-tools/high-orbit-ion-cannon-hoic/">HOIC</a>
+							and <a
+								href="https://www.cloudflare.com/learning/ddos/ddos-attack-tools/low-orbit-ion-cannon-loic/">LOIC</a>
+							tools to send TCP and UDP packets,
+							resulting in a 75% reduction in machine performance.</li>
+						<li>Monitored performance fluctuations and captured incoming traffic using
+							Wireshark.</li>
+					</ul>
+				</details>
+				<li><strong>September 2021: </strong>SYN Flooding Attck: Simulation and Analysis</strong>
+				</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Executed a successful SYN flood attack on the target machine, utilizing the
+							synflood
+							module in the <a href="https://www.metasploit.com/" target="_blank">Metasploit
+								Framework</a>, resulting in the reduction of performance of the
+							target machine by 50%.</li>
+						<li>Monitored incoming traffic with Wireshark and analyzed target machine
+							performance and
+							resource consumption with Task Manager, allowing for precise adjustments to the
+							attack
+							strategy for maximum effectiveness.</li>
+						<li>Leveraged Kali Linux and Parrot Security on VirtualBox to efficiently launch and
+							manage
+							the SYN flood attack, resulting in a significant decrease in target machine
+							performance.
+						</li>
+					</ul>
+				</details>
+				<li><strong>August 2021: </strong>Metasploit Mastery: Executing Precision Reverse Shell
+					Attacks</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Executed a reverse shell attack using a payload generated by the <a
+								href="https://www.metasploit.com/" target="_blank">Metasploit Framework</a>
+							on
+							a Windows target machine to gain root access and control, resulting in
+							successful
+							penetration of the system.</li>
+						<li>Leveraged <a href="https://www.metasploit.com/" target="_blank">Metasploit
+								Framework</a>
+							to
+							establish a seamless session between host
+							and target
+							machines, gathering critical information such as hashed passwords, IP
+							configurations,
+							and OS details with 100% accuracy.</li>
+						<li>Utilized Windows, Kali Linux, and VirtualBox to create a secure testing
+							environment for
+							conducting penetration testing.</li>
+					</ul>
+				</details>
+				<li><strong>July 2021: </strong>Advanced Polymorphic Encryption: Evading Anti-Virus
+					Detection</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Developed and implemented advanced polymorphic encryption techniques to evade
+							anti-virus
+							detection, resulting in an evasion rate of about 50% of a virus created using
+							ProRat.
+						</li>
+						<li> Generated a virus using ProRat with high detection rates of 58 out of 67
+							available
+							anti-virus programs at VirusTotal, leveraged in proving the effectiveness of the
+							encryption techniques utilized.
+						</li>
+						<li>Leveraged PolyCrypt to encrypt viruses and decrease detection rates by 35% from
+							initial
+							testing results, successfully avoiding detection by 33 out of 69 available
+							anti-virus
+							programs at VirusTotal.</li>
+					</ul>
+				</details>
+				<li><strong>August 2020 &mdash; September 2020: </strong>Efficient Subnetting and Secure
+					Access:
+					Network Design Project</li>
+				<details>
+					<summary>Details</summary>
+					<ul>
+						<li>Developed a custom network design featuring limited IP addresses and efficient
+							subnetting techniques to avoid IP address wastage.</li>
+						<li>Implemented a comprehensive network security plan, utilizing access control
+							lists and
+							subnetting to restrict unauthorized access and increase efficiency, resulting in
+							a 40%
+							reduction in security breaches.</li>
+						<li>Restricted internet access to the 7th department by using the access control
+							list to
+							block ports 80 and 443.</li>
+					</ul>
+				</details>
+				</ul>
+			</section>
+
+			<section id="developments">
+				<h2>Developments</h2>
 				<ul>
 					<li><strong>June 2023: </strong> Led a comeback in <a href="https://ctftime.org/event/2023/"
 							target="_blank">NAHCOMM CTF</a>.</li>
@@ -146,120 +349,6 @@ <h2>News</h2>
 				</ul>
 			</section>
 
-			<section id="projects">
-				<h2>Projects</h2>
-				<ul>
-					<li><strong>August 2023: </strong>CMS v2.8 Exploitation: Gaining Shell and Root</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Conducted an intensive Nmap scan, unveiling open ports 22, 80 (leading to directory
-								discovery at /navigate), and 53.</li>
-							<li>Exploited Navigate <a
-									href="https://www.rapid7.com/db/modules/exploit/multi/http/navigate_cms_rce/"
-									target="_blank">CMS v2.8</a>, achieving a shell and www-data user access, followed
-								by privilege escalation attempts.</li>
-							<li>Detected 3 SUID-enabled PHP files, allowing privilege escalation, and used 1 to maintain
-								escalated privileges using <a href="https://gtfobins.github.io/"
-									target="_blank">GTFObins</a>.</li>
-						</ul>
-					</details>
-					<li><strong>June 2023: </strong><a href="https://github.com/Stranger825/webpulse"
-							target="_blank">WebPulse</a>: Accurate Command-Line Web Target Assessment Tool</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Developed and tested a comprehensive web-target probing command line tool, featuring
-								user-friendly functionality, and supporting both HTTP and HTTPS protocols, resulting in
-								a 98% accuracy rate in determining target status.</li>
-							<li>Designed dynamic output formatting that clearly displays the various stages of
-								web-target validity, including visual cues for valid versus invalid targets and alive
-								versus dead targets, resulting in a 40% increase in user comprehension of the outputs
-								compared to previous versions.</li>
-						</ul>
-					</details>
-					<li><strong>October 2021: </strong>Denial-of-Service Simulation: Unveiling Impact and Analyzing
-						Performance</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Executed a simulated DoS attack using <a
-									href="https://www.cloudflare.com/learning/ddos/ddos-attack-tools/high-orbit-ion-cannon-hoic/">HOIC</a>
-								and <a
-									href="https://www.cloudflare.com/learning/ddos/ddos-attack-tools/low-orbit-ion-cannon-loic/">LOIC</a>
-								tools to send TCP and UDP packets,
-								resulting in a 75% reduction in machine performance.</li>
-							<li>Monitored performance fluctuations and captured incoming traffic using Wireshark.</li>
-						</ul>
-					</details>
-					<li><strong>September 2021: </strong>SYN Flooding Attck: Simulation and Analysis</strong></li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Executed a successful SYN flood attack on the target machine, utilizing the synflood
-								module in the <a href="https://www.metasploit.com/" target="_blank">Metasploit
-									Framework</a>, resulting in the reduction of performance of the
-								target machine by 50%.</li>
-							<li>Monitored incoming traffic with Wireshark and analyzed target machine performance and
-								resource consumption with Task Manager, allowing for precise adjustments to the attack
-								strategy for maximum effectiveness.</li>
-							<li>Leveraged Kali Linux and Parrot Security on VirtualBox to efficiently launch and manage
-								the SYN flood attack, resulting in a significant decrease in target machine performance.
-							</li>
-						</ul>
-					</details>
-					<li><strong>August 2021: </strong>Metasploit Mastery: Executing Precision Reverse Shell Attacks</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Executed a reverse shell attack using a payload generated by the <a
-									href="https://www.metasploit.com/" target="_blank">Metasploit Framework</a> on
-								a Windows target machine to gain root access and control, resulting in successful
-								penetration of the system.</li>
-							<li>Leveraged <a href="https://www.metasploit.com/" target="_blank">Metasploit Framework</a>
-								to
-								establish a seamless session between host
-								and target
-								machines, gathering critical information such as hashed passwords, IP
-								configurations,
-								and OS details with 100% accuracy.</li>
-							<li>Utilized Windows, Kali Linux, and VirtualBox to create a secure testing environment for
-								conducting penetration testing.</li>
-						</ul>
-					</details>
-					<li><strong>July 2021: </strong>Advanced Polymorphic Encryption: Evading Anti-Virus Detection</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Developed and implemented advanced polymorphic encryption techniques to evade anti-virus
-								detection, resulting in an evasion rate of about 50% of a virus created using ProRat.
-							</li>
-							<li> Generated a virus using ProRat with high detection rates of 58 out of 67 available
-								anti-virus programs at VirusTotal, leveraged in proving the effectiveness of the
-								encryption techniques utilized.
-							</li>
-							<li>Leveraged PolyCrypt to encrypt viruses and decrease detection rates by 35% from initial
-								testing results, successfully avoiding detection by 33 out of 69 available anti-virus
-								programs at VirusTotal.</li>
-						</ul>
-					</details>
-					<li><strong>August 2020 &mdash; September 2020: </strong>Efficient Subnetting and Secure Access:
-						Network Design Project</li>
-					<details>
-						<summary>Project Details</summary>
-						<ul>
-							<li>Developed a custom network design featuring limited IP addresses and efficient
-								subnetting techniques to avoid IP address wastage.</li>
-							<li>Implemented a comprehensive network security plan, utilizing access control lists and
-								subnetting to restrict unauthorized access and increase efficiency, resulting in a 40%
-								reduction in security breaches.</li>
-							<li>Restricted internet access to the 7th department by using the access control list to
-								block ports 80 and 443.</li>
-						</ul>
-					</details>
-				</ul>
-			</section>
-
 			<section id="contact">
 				<h2>Contact</h2>
 				<p> You can also schedule a 1-on-1 meeting with me using the following <a
@@ -275,10 +364,9 @@ <h2>Contact</h2>
 				</p>
 
 			</section>
-
-			<h3>Last Updated: November 2023 ; &emsp; Thanks to <a href="https://minimalblue.com" target="_blank"
-					rel="noopener noreferrer">Marco Squarcina</a> for the website template.</h3>
 		</div>
+		<h5> Updated: November 2023 ;&emsp;Thanks to <a href="https://minimalblue.com" target="_blank"
+				rel="noopener noreferrer">&copy;Marco Squarcina</a> for the website template.</h5>
 	</main>
 </body>
 

style.css

@@ -224,4 +224,11 @@ strong.reject {
 }
 strong.accept {
 	color: #0af325;
-}
+}
+h5 {
+	text-align: center;
+	padding: 10px;
+	margin: auto;
+	background-color: rgba(0, 0, 0, 0.8);
+	color: white;
+  }