Madhukar Raina

DevOps Engineer

India11 yrs experience

Most Likely To SwitchAI ML Practitioner

Key Highlights

10+ years in cybersecurity research and training.
Contributed to MITRE ATT&CK Framework.
Presented at major conferences like BlackHat.

Stackforce AI infers this person is a Cybersecurity Expert specializing in threat hunting and security research.

Contact

Skills

Core Skills

Security ResearchTraining DevelopmentReverse EngineeringThreat HuntingDetection EngineeringIntrusion AnalysisIncident ResponseSecurity EngineeringAnalyticsSystem Administration

Other Skills

Active DirectoryAdversary EmulationAmazon Web Services (AWS)Analysis ReportsBloggingC (Programming Language)C++Case StudiesCommunicationComputer NetworkingCyber Threat Hunting (CTH)Cyber Threat Intelligence (CTI)CybersecurityDFIRDebugging

About

Madhukar Raina has an overall 10+ years of experience in security research and trainings, and worked in red team research, threat hunting, DFIR, Intrusion Analysis, security engineering and system administration. His area of interest lies in adversarial research, malware analysis, reverse engineering, threat hunting, memory forensics, Active Directory security, cloud security and deception technologies. He has presented some of his work at conferences like BlackHat, c0c0n etc., and given trainings and talks at Airforce, IIT and cyber meetups. He is also a contributor in MITRE ATT&CK Framework. Madhukar started his career working in projects related to Windows Active Directory security and systems administration, and due to interest in cybersecurity, he later moved to Research and Development team as a Security Engineer to build a threat hunting platform. He has experience in security analytics, adversary simulation, compromise assessments and purple team engagements. He also develops CTF challenges and vulnerable lab environments. In his personal time, he does research on different offensive and defensive security topics, and also likes to waste time in a debugger :P

Experience

Hack the box

2 roles

Senior Training Developer

Dec 2023 – Present · 2 yrs 3 mos · Folkestone, England, United Kingdom

Security Research, Trainings, Labs Content Development ---
Work on end-to-end cyber security training paths and course modules for HTB Academy
Create accompanying compromised machines and labs, and review completed courses
Research on offensive and defensive security topics to remain on top of current TTPs
Help develop & automate purple team lab templates for HackTheBox Academy modules
Work on academy roadmap and content strategy matters

Detection EngineeringMalware AnalysisAdversary EmulationReverse EngineeringSecurity ResearchTraining Development

Contractor

Apr 2023 – Dec 2023 · 8 mos · Folkestone, England, United Kingdom

Contractor for Defensive security modules and lab material

Zscaler

Senior Security Researcher

Apr 2022 – Dec 2023 · 1 yr 8 mos · Bangalore

Reverse Engineering & Security Research ---
Red and blue team research.
Built several PoCs for Attack Surface Reduction (ASR) on endpoints (windows).
Built PoC for cloud deception on Microsoft Azure.
Contributed in the ITDR (Identity Threat Detection and Response)
Worked on creating detections based on ETW (Event Tracing for Windows)
Created detection rules for the Zscaler Deception
Worked on honeypots across customer networks for threat intelligence
Performed malware analysis and reverse engineering on detected threats
Prepared case studies with detection rules to present to stakeholders.
Created CTF challenges for internal and external events
Co-ordinated with data science, engineering teams to improve detections
Provided trainings to internal teams on hunting and investigation

Case StudiesMalware AnalysisDeception DetectionKusto Query Language (KQL)Amazon Web Services (AWS)Analysis Reports+5

Securonix

Senior Threat Hunter

Feb 2021 – Mar 2022 · 1 yr 1 mo · Bangalore

Threat Hunting and Detection Engineering ---
Contribute to threat research, detection rules, and technical blogs.
Part of threat hunting engagements to identify new threats on customer tenants.
Built a phishing infrastructure to gather credentials for a project PoC.
Assisted a customer on Active Directory deception and attack detection
Worked on attack simulators to generate attack data to validate detection logic.
Track community released threat detections and map with Securonix's product.

Deception DetectionInsider Threat DetectionAmazon Web Services (AWS)Analysis ReportsAdversary EmulationCyber Threat Hunting (CTH)+4

Lmntrix

Senior Intrusion Analyst

Mar 2019 – Feb 2021 · 1 yr 11 mos · Sydney, New South Wales, Australia · Remote

Intrusion Analysis, IR, Monitoring & Hunting ---
Key contributor to threat hunting, intelligence and deception platforms
End to end delivery and design of decoys after architecture review of customer networks
Performing Active Directory assessment to find misconfigurations and loopholes
Real-time security monitoring, threat hunting and incident response engagements
Involved in forensic investigations and compromise assessments
Did Mapping of rules and use cases with MITRE ATT&CK
Worked on network threat mitigation for the findings
Contributed to automation of Tier 3 Incident Response & evidence collection process
Contributed to case studies and technical blogs

Case StudiesMalware AnalysisRisk AssessmentDFIRIncident ResponseAmazon Web Services (AWS)+13

Network intelligence (i) pvt. ltd.

Security Engineer

Feb 2018 – Mar 2019 · 1 yr 1 mo · Mumbai · On-site

Security Engineering, Analytics, Hunting, AD Attacks ---
Worked on security analytics projects for Innovation & Research (InR) department
Built Active Directory infrastructure, and simulated attacks for AD security use cases
Implemented server hardening and created automation scripts (using .bat, powershell, bash etc)
Contributor in the Incident Response investigations for existing clients
Performed regular log analytics using Elastic Stack
Managed ELK operations team of 4 people from research department
Contributed on the internal knowlege sharing and technical blogs on windows security

Elastic Stack (ELK)Log AnalysisAmazon Web Services (AWS)BloggingLinux System AdministrationActive Directory+5

Toluna

System Administrator

Jan 2015 – Jan 2018 · 3 yrs · Gurgaon · On-site

System Administration, Hunting & Active Directory Security ---
Worked on L3 incidents assigned by L1 team based on SLA defined
Built a threat analysis platform using Sysmon & ELK for IT Security Team
Manage all Active Directory domains and deploy GPOs to enforce security policies
Coordinated with global IT and security teams on daily basis to resolve incidents
Contributed towards patches for vulnerability management, and critical server backups
Provide technical support to the staff and stakeholders

Server AdminMicrosoft ExchangeActive DirectoryWindows System AdministrationComputer NetworkingSystems Management+2