|
|
Cyber First Private Limited | November 2024 - May 2025 | Pune, Maharashtra
Domain: Digital Forensics & Cyber Incident Investigation
Accomplishments:
- ✅ Conducted 10+ critical forensic investigations with comprehensive evidence analysis
- ✅ Expertise across 5+ diverse operating systems (Windows, Linux, macOS, iOS, Android)
- ✅ Extracted & analyzed digital evidence from 10+ computers & 10+ mobile devices
- ✅ Applied advanced forensic techniques:
- Memory dump analysis & RAM recovery
- File system forensics & data carving
- Mobile device extraction & analysis
- Network traffic forensics
- Malware triage & reverse engineering basics
- Chain-of-custody documentation
Tools & Technologies Used:
┌─────────────────────────────────────────┐
│ Mobile Forensics Tools │
├─────────────────────────────────────────┤
│ • Cellebrite UFED → Device extraction │
│ • Magnet Axiom → Multi-device analysis │
│ • Oxygen Forensic Detective → Mobile │
│ • Mobiledit Forensic Express → Analysis │
└─────────────────────────────────────────┘
┌─────────────────────────────────────────┐
│ Malware Analysis & Reverse Engineering │
├─────────────────────────────────────────┤
│ • IDA Pro → Disassembly & debugging │
│ • Ghidra → Binary analysis │
│ • Burp Suite → Web vulnerability scan │
└─────────────────────────────────────────┘
┌─────────────────────────────────────────┐
│ Network & SIEM Analysis │
├─────────────────────────────────────────┤
│ • Wireshark → Packet analysis │
│ • NMap → Network reconnaissance │
│ • Wazuh → SIEM & threat detection │
└─────────────────────────────────────────┘
Impact:
- Directly contributed to 10+ ongoing investigation processes
- Demonstrated proficiency in multi-platform forensic analysis
- Built strong foundation for evidence handling & documentation
Timeline: April 2026 - Present | Status: Active Development
Problem Solved: CVE management is fragmented across multiple sources and requires manual updates. VulnForge automates threat intelligence aggregation, correlation, and rule generation.
System Architecture:
graph TD
subgraph Source_Integration ["1. CVE Source Integration"]
NVD[NVD - 342K+ Records]
CISA[CISA KEV]
OTX[AlienVault OTX]
Dedupe[Unified Data Ingestion & Deduplication]
NVD --> Dedupe
CISA --> Dedupe
OTX --> Dedupe
end
subgraph Sync_Engine ["2. Sync Engine & Scheduling"]
Dedupe --> Sync[Sync Engine]
Sched[APScheduler]
Sched -->|Daily Full 02:00 UTC| Sync
Sched -->|Hourly Incremental| Sync
end
subgraph Processing ["3. Intelligence Processing"]
Sync --> Parsing[CVE Parsing]
Parsing --> Linking[CPE String Linking]
Linking --> Scoring[CVSS Scoring]
Parsing --> Extraction[Metadata Extraction]
Linking --> Asset[Asset Mapping]
Scoring --> Risk[Risk Ranking]
Extraction --> DB[(SQLite Database)]
Asset --> DB
Risk --> DB
end
subgraph Auto_Gen ["4. Detection Rule Auto-Gen"]
DB --> RuleGen[Detection Rule Generator]
RuleGen --> Snort[Snort/Suricata]
RuleGen --> Sigma[Sigma SIEM]
RuleGen --> JSON[JSON Alert Templates]
Snort & Sigma & JSON --> Export[Single-Click Export]
Export --> Prod[Prod-Ready Rules]
end
subgraph Dashboard ["5. Real-Time Dashboard"]
Prod --> Dash[Operational Dashboard]
Dash --> Timeline[Timeline View]
Dash --> Map[Vulnerability Map]
Dash --> Alerts[Critical Alerts]
end
style NVD fill:#1f6feb,stroke:#58a6ff,color:#fff
style DB fill:#0d1117,stroke:#58a6ff,color:#fff
style Prod fill:#238636,stroke:#3fb950,color:#fff
style Sync fill:#161b22,stroke:#58a6ff,color:#fff
style Dedupe fill:#161b22,stroke:#58a6ff,color:#fff
style RuleGen fill:#161b22,stroke:#58a6ff,color:#fff
style Dash fill:#161b22,stroke:#58a6ff,color:#fff
style Source_Integration fill:#0d1117,stroke:#30363d,color:#fff
style Sync_Engine fill:#0d1117,stroke:#30363d,color:#fff
style Processing fill:#0d1117,stroke:#30363d,color:#fff
style Auto_Gen fill:#0d1117,stroke:#30363d,color:#fff
style Dashboard fill:#0d1117,stroke:#30363d,color:#fff
View Classic Architectural Model
┌──────────────────────────────────────────────────────────────────┐
│ CVE SOURCE INTEGRATION │
├──────────────────────────────────────────────────────────────────┤
│ │
│ NVD (342K+ Records) ──┐ │
│ ├─→ Unified Data Ingestion ──┐ │
│ CISA KEV ─────────────┤ & Deduplication │ │
│ ├─→ ├─→ ┌────┐ │
│ AlienVault OTX ───────┘ │ │SYNC│ │
│ └──→│ENG │ │
│ └────┘ │
│ ↓ │
│ ┌──────────────────────────┐ │
│ │ APScheduler │ │
│ ├──────────────────────────┤ │
│ │ Daily Full: 02:00 UTC │ │
│ │ Hourly Inc: Every hour │ │
│ │ (Zero manual labor) │ │
│ └──────────────────────────┘ │
└──────────────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────────────┐
│ INTELLIGENCE PROCESSING │
├──────────────────────────────────────────────────────────────────┤
│ │
│ CVE Parsing → CPE String Linking → CVSS Scoring │
│ ↓ ↓ ↓ │
│ Metadata Extraction → Asset Mapping → Risk Ranking │
│ │
│ Output: Structured CVE Intelligence in SQLite Database │
└──────────────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────────────┐
│ DETECTION RULE AUTO-GENERATION │
├──────────────────────────────────────────────────────────────────┤
│ │
│ Format 1: Snort/Suricata Rules → IDS Deployment │
│ Format 2: Sigma SIEM Rules → SIEM Integration │
│ Format 3: JSON Alert Templates → Custom Tools │
│ │
│ Single-Click Export → Prod-Ready Rules │
└──────────────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────────────┐
│ REAL-TIME DASHBOARD │
├──────────────────────────────────────────────────────────────────┤
│ │
│ • CVE Timeline View • Asset Vulnerability Map │
│ • Critical Alerts • Trend Analysis │
│ • Rule Generation Log • Export History │
└──────────────────────────────────────────────────────────────────┘
Key Features:
| Feature | Details |
|---|---|
| Data Sources | NVD, CISA KEV, AlienVault OTX (3 integrated feeds) |
| Database Size | 342,000+ CVE records aggregated |
| Update Schedule | Daily full sync @ 02:00 UTC + Hourly incremental |
| Asset Tracking | CPE-to-infrastructure mapping & auto-discovery |
| Rule Generation | 3 formats: Snort/Suricata, Sigma, JSON |
| Deployment | Single-click export, production-ready |
Tech Stack:
Backend: Python • FastAPI • SQLite
Frontend: React 18 • Vite
Scheduling: APScheduler (for automated syncs)
Deployment: Docker-ready architecture
Database: Append-only SQLite design
Metrics:
- ⚡ Zero manual updates (fully automated)
- 📊 342K+ CVEs in unified database
- 🎯 3 output formats for multi-tool support
- 🔄 2 sync schedules for data freshness
Timeline: January 2026 - Present | Status: Development + Deployment
Problem Solved: Phishing URLs evade traditional regex-based detection. PhishScope uses engineered features and ensemble ML to achieve 97% accuracy on real-world datasets.
Technical Architecture:
graph LR
URL[URL Input] --> FE[Feature Engineering]
FE --> Structural[Structural Features]
FE --> Lexical[Lexical Features]
FE --> Brand[Brand Similarity]
Structural --> TFIDF[TF-IDF Vectorization]
Lexical --> TFIDF
Brand --> TFIDF
TFIDF --> Ensemble{Ensemble Model}
subgraph Models
LR[LR Classifier]
RF[Random Forest]
XGB[XGBoost]
end
Ensemble --> Models
Models --> Vote[Hard Voting]
Vote --> Result[Prediction Result]
style URL fill:#f96,stroke:#333,stroke-width:2px
style FE fill:#bbf,stroke:#333,stroke-width:2px
style Models fill:#dfd,stroke:#333,stroke-width:2px
style Result fill:#f66,stroke:#333,stroke-width:2px
View Classic Diagnostic Architecture
PHISHING URL INPUT
↓
┌──────────────────────────────────────────┐
│ FEATURE ENGINEERING PIPELINE │
├──────────────────────────────────────────┤
│ │
│ STRUCTURAL FEATURES (12 features): │
│ • URL length & depth │
│ • Subdomain count & entropy │
│ • Query parameter count │
│ • Fragment & scheme analysis │
│ • Domain name structure │
│ │
│ LEXICAL FEATURES (8 features): │
│ • Digit ratio & special char ratio │
│ • Entropy & entropy variance │
│ • Alphabetic character distribution │
│ • Character set analysis │
│ │
│ BRAND SIMILARITY (3+ features): │
│ • Levenshtein distance scoring │
│ • Known brand database matching │
│ • TLD reputation scoring │
│ • Homograph attack detection │
│ │
│ Total: 20+ Engineered Features │
└──────────────────────────────────────────┘
↓
┌──────────────────────────────────────────┐
│ TF-IDF VECTORIZATION │
├──────────────────────────────────────────┤
│ • Character n-gram analysis (2-grams) │
│ • Term frequency weighting │
│ • Feature normalization │
└──────────────────────────────────────────┘
↓
┌──────────────────────────────────────────┐
│ ENSEMBLE ML CLASSIFICATION │
├──────────────────────────────────────────┤
│ │
│ Model 1: Logistic Regression │
│ ├─ Probability: Phishing vs Legitimate │
│ ├─ Confidence score │
│ └─ Fast inference │
│ │
│ Model 2: Random Forest (100 trees) │
│ ├─ Feature importance ranking │
│ ├─ Robust to outliers │
│ └─ Ensemble voting │
│ │
│ Model 3: XGBoost Gradient Booster │
│ ├─ Gradient boosted decision trees │
│ ├─ High precision tuning │
│ └─ Best single model accuracy │
│ │
│ VOTING STRATEGY: │
│ Hard voting (majority) for final output │
│ │
└──────────────────────────────────────────┘
↓
┌──────────────────────────────────────────┐
│ PREDICTION OUTPUT │
├──────────────────────────────────────────┤
│ │
│ Classification: Phishing OR Legitimate │
│ Confidence Score: 0.0 - 1.0 │
│ Model Votes: (LR, RF, XGB) │
│ Feature Importance: Top 5 features │
│ Reasoning: Explainability │
│ │
└──────────────────────────────────────────┘
Performance Metrics:
| Metric | Score |
|---|---|
| Accuracy | 97% ✓ |
| Precision | 0.97 (Low false positives) |
| Recall | 0.97 (Catches true cases) |
| F1-Score | 0.97 (Balanced performance) |
| Training Data | 186,230+ URLs |
| Test Dataset | Balanced phishing & legitimate URLs |
User Interface & Deployment:
┌──────────────────────────────────────────┐
│ STREAMLIT DASHBOARD │
├──────────────────────────────────────────┤
│ │
│ 📋 BATCH PROCESSING: │
│ • Upload CSV with URLs │
│ • Process 100+ URLs in seconds │
│ • Export results to JSON │
│ │
│ 🔍 SINGLE URL CLASSIFICATION: │
│ • Real-time inference │
│ • Confidence visualization │
│ • Model vote breakdown │
│ │
│ 📊 SOC CONTROL SIDEBAR: │
│ • Statistics & metrics │
│ • Historical data │
│ • Export options │
│ │
│ 💾 JSON EXPORT: │
│ • Structured output format │
│ • Integration-ready │
│ • Timestamped results │
│ │
└──────────────────────────────────────────┘
Tech Stack:
ML Frameworks: Scikit-learn • XGBoost • TensorFlow
Data Processing: Pandas • NumPy
NLP/Text: NLTK • TF-IDF vectorization
Frontend: Streamlit (interactive dashboard)
Data Format: CSV input / JSON output
Key Metrics:
- 🎯 97% Accuracy on 186K+ URL dataset
- 📊 20+ Features engineered
- ⚡ Real-time inference (< 100ms per URL)
- 📈 Ensemble approach for robustness
- 💾 Production-ready API & dashboard
National Forensics Science University, Delhi | Graduation: 2026
Specialized Coursework Completed:
Core Competencies:
- Network Security & Cryptography (AES, RSA, ECC)
- Digital Evidence Collection & Analysis
- SIEM Log Correlation & Threat Detection
- OWASP Top 10 Vulnerability Classes
- CVSS 3.1 Severity Scoring
- IT Act 2000 Legal Framework & Compliance
- Incident Response & Threat Hunting
MIT ADT University, Pune | Graduation: 2025 | GPA: 7.39/10
Specialization: Cyber Security and Forensics
Key Subjects:
- Penetration Testing & Vulnerability Assessment
- Cryptography & Network Security Fundamentals
- Ethical Hacking & Information Warfare
- Digital Forensics Fundamentals
- System & Network Administration
- Secure Software Development
Cisco | Certification Year: 2025 ✅
Validates:
- Network security fundamentals
- Threat identification & analysis
- Security tools & technologies
- Incident response basics
- Security best practices
Tip
I specialize in the intersection of Artificial Intelligence and Cybersecurity Operations, focusing on automating threat detection pipelines.
| Sector | Technologies |
|---|---|
| Languages |     |
| Backend |     |
| Forensics | Cellebrite UFED • Magnet Axiom • Oxygen Forensic • IDA Pro • Ghidra |
| ML & AI |     |
| AppSec | Burp Suite • Wireshark • NMap • Wazuh (SIEM) • OWASP Testing |
| Frontend |    |
Important
Seeking Opportunities: I am currently open to Fall 2026 internships and full-time roles in Threat Intel, DFIR, and Security Data Science.
- MS in Cybersecurity: Actively preparing for advanced studies in US/UK/EU (Fall 2026).
- Security Research: Seeking roles in Threat Intelligence, DFIR, or Security Automation.
- Certifications: Pursuing OSCP and EC-Council specialized credentials.
- Developing open-source threat intelligence modules.
- Open Research: Exploring automated DFIR workflows.
- Advanced threat detection & response
- Forensics workflow automation
- ML model selection for security
- Emerging security technologies
- Career development in cybersecurity
