Sumit Shrivastava

Security Analyst

Sumit Shrivastava has varied experience in the field of information security and digital forensics. He has carried out Penetration Tests, System and Server Audits, Intrusion Detection, forensics cases and malware analysis. He currently serves as Security Analyst at NII Consulting focusing on Network Security and Digital Forensics and Incident Response.

Profile

  • Bachelor of Engineering (Computers)
  • Computer Hacking and Forensic Investigator v8 (EC‐Council)
  • Certified Information Security Consultant (Institute of Information Security)
  • Certified Professional Hacker (Institute of Information Security)
  • Certified Professional Forensic Analyst (Institute of Information Security)
  • Certified Information Security Expert Level 1 (Innobuzz knowledge Solutions)
  • Android Programming (Suven Consultants)
  • C Programming (NIIT)
  • C++ Programming (NIIT)
  • HTML Programming (NIIT)
  • Digital Forensics and Incident Response
    • Good Knowledge of EnCase, Helix, DEFT, SIFT, DART
    • Worked on several fraud cases involving financial frauds, network based attack, email frauds, and data leakage
    • Has experience of working closely with Police departments
    • Good hands on experience of operating systems – Windows and Linux
  • Malware Analysis and Reverse Engineering
    • Good Knowledge of Tools like Cuckoo Sandbox, Remnux, Olly debugger, IDA Pro
    • Worked on multiple projects including incident response and malware analysis
    • Has experience of reverse engineering Malware for Linux and Windows
    • Well‐versed with Cuckoo Sandbox
  • Network Security
    • Good knowledge of TCP/IP fundamentals
    • Worked on security for a range of Operating Systems, databases, web servers and mail serversPenetrating WPS
    • Firewall and Router Configuration Review
  • Mobile Application Security
    • Well versed with Mobile‐OWASP – Top Ten and WASC Threat Classifications
    • Tested over 10 mobile applications including mobile device penetration testing
    • Expertise in Android file systems, Rooting, unrooting, Mobile Application files storage
    • Expertise in wide range of Vulnerability Assessment and Penetration Testing of Mobile Applications
    • Proficiency in both Virtual and On‐ Device Application Testing
    • Experience of testing applications related to various domains such as Insurance, Banking, Monitoring, Management System, Chat Applications, Payment applications.
  • Application Security
    • Well versed with OWASP – Top Ten and WASC Threat Classifications
    • Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
    • Business-Logic based application testing
    • Penetration testing of Mobile applications and websites.
    • Change Management & User Management Review
    • Exploitation of the issues found and presenting the impact occurred
  • Trainings
    • Certified Professional Forensic Analyst
    • Certified Professional Hacker
    • Network Security Auditing
    • Python Coding
    • Delivered talk over Android Pattern Bypass – Null Mumbai Chapter
  • Other Activities

Sumit has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.

  • Operating Systems: Windows XP/2000/2003/Vista/7, Linux, Unix(Solaris)
  • Databases: MS SQL Server, Oracle, MySQL
  • Servers: FTP, TFTP, DHCP, Web Servers(IIS, Apache), Mail Servers (Sun, Sendmail), Domain Controller (Active Directory)
  • Shell & Python Scripting for automations of audit tasks.

While conducting security assessments and during Forensic cases, Sumit has familiarized himself with many of the popular tools available. Few tools he regularly uses are:

  • Nmap, Tenable‐Nessus, Metasploit, BurpSuite Pro,Wireshark, NetCat, tcpdump, Ettercap, Pwdump, John‐the‐Ripper, Hydra, Nikto, Sqlmap, SqlNinja, Netsparker.
  • He’s also comfortable with the Backtrack 5 Penetration Testing OS.
  • Kali Tools for Mobile Application Testing.
  • EnCase v7, DEFT, HELIX, SIFT, Olly debugger, IDA Pro, Strings, AccessData FTK, Oxygen Forensics, Remnux, Cuckoo Sandbox, Kernel PST

Sumit also has experience with the following Programming Languages

  • C, C++, Core Java, Advance Java, HTML, JavaScript, SQL, Python, PHP
  • Good Communication
    Good Leadership and mentoring
  • Trainings – CPFA, CPH, Python Coding
    Understanding and Agile
    PR and Business Analysis
  • Requirement handling
  • Delivering more than what is expected and before timelines
  • Understanding the client’s business and tweaking the skills as required
  • Attended Semina`rs on Network Security
  • Completed CHFI training.
  • Has set up Malware analysis workstation
  • Has written an article on Setting up Malware Analysis Workstation using open source tools (For internal use).

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content