Harpreet Singh (TheCyb3rAlpha)

CEO

Delhi, India12 yrs 4 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Over a decade of experience in cybersecurity.
Author of multiple books on ethical hacking.
Technical speaker at international cybersecurity conferences.

Stackforce AI infers this person is a cybersecurity expert specializing in Red Team operations and vulnerability assessments.

Contact

Skills

Core Skills

Red TeamingPenetration TestingVulnerability AssessmentInformation SecurityTraining

Other Skills

Cobalt StrikeMITRE ATT&CKAdvanced ExploitationNetwork AttacksMalware DevelopmentRed Team EngagementsPhishing CampaignsBreach Attack SimulationsWeb Application VAPTHoneypot InstallationMalware AnalysisNetwork AuditingEthical Hacking TrainingPenetration Testing LabsNetwork Penetration Testing

About

Harpreet Singh is a seasoned cybersecurity expert, with over a decade of dedicated service in Ethical Hacking, Penetration Testing, Vulnerability Research, and Red Teaming. He is the esteemed author of "Infrastructure Attacks for Ethical Hacking", "Hands On: Web Penetration Testing with Metasploit" and "Hands On: Red Team Tactics". As a recognized authority in cybersecurity, Harpreet has contributed his profound knowledge and insights as a technical speaker at notable international conferences, including Pass-The-Salt (2021), where he shared innovative strategies and techniques in the field of cybersecurity. Harpreet holds prestigious certifications that testify to his expertise and commitment to the cybersecurity industry, including Offensive Security Exploit Developer (OSED), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and Certified Red Team Operator (CRTO).

Experience

12 yrs 4 mos

Total Experience

2 yrs

Average Tenure

5 yrs 7 mos

Current Experience

Deloitte india (offices of the us)

Offensive Security Operations (Red Team) Lead

Oct 2020 – Present · 5 yrs 7 mos · Greater Delhi Area · Hybrid

[+] Lead Offensive Security Operations (OSO) - Red Team and Research & Development (R&D) team under Deloitte's Adversarial Simulation Team.
[+] Assess the target and perform advanced exploitation & complex network attacks via unique attack paths during a red team exercise.
[+] Follow MITRE ATT&CK Matrix to use newly found TTPs that could be used for defense evasion tactics during engagements.
[+] Develop evasion capabilities for Cobalt Strike using Beacon Object Files (BOF), aggressor scripts, malleable c2 profiles, User-Defined Reflective Loaders (UDRLs), etc.
[+] Work on custom shellcode & payload obfuscation tools to evade nextgen AVs (Microsoft Defender, Symantec Endpoint Detection & Prevention, Kaspersky, etc.) and EDRs (such as Cylance, CrowdStrike, Defender ATP, Cortex XDR, Carbon Black, etc.)
[+] Configure custom red team infrastructures (C2s, redirectors, email servers, file droppers, domain fronting servers, etc.) according to the engagement scenarios.
[+] Provide technical assistance to the malware development team for weaponizing documents and attachments sent across the target during phishing attack simulations.
[+] Manage callbacks/beacons from the target to the Command and Control (C2) centers over an LT & ST redirector.
[+] Engage with Network (external/internal), web application, and infrastructure penetration test and vulnerability assessment.

Cobalt StrikeMITRE ATT&CKAdvanced ExploitationRed TeamingNetwork AttacksMalware Development+1

Pyramid cyber security & forensic pvt. ltd.

Principal Security Architect

Jul 2018 – Oct 2020 · 2 yrs 3 mos · New Delhi Area, India

[+] Lead and manage a team of 2 personnel in Red Team Engagements, Phishing Campaign Assessments, Breach Attack Simulations, and (Ex)Infiltration exercises.
[+] Assess the target and perform advanced exploitation and complex network attacks via finding unique attack paths during a red team exercise.
[+] Follow MITRE ATT&CK Matrix to use newly found TTPs that could be used to bypass defense evasions during the engagement.
[+] Configure custom red team infrastructures (C2s, redirectors, email servers, file droppers, domain fronting servers, etc.) according to the engagement scenarios.
[+] Provide technical assistance to the malware team for weaponizing documents and attachments sent across the target when doing phishing attacks during a red team engagement.
[+] Manage the callbacks/beacons from the target to the Command and Control (C2) centers over an LT & ST redirectors.
[+] Provide unique solutions to the technical team in case of any blocked attacks by the AV servers, network IDS/IPS, and next-gen firewalls.
[+] Lead and manage a team of 10 personnel in Web Application, Infrastructure and Mobile (Android & iOS) VAPT
[+] Provide technical assistance to US clients during a vulnerability revalidation remediation phase.
[+] Configure and install the required toolset on the Virtual Private Servers (VPS) that are used in web application and network VAPT exercise.
[+] Manage the live vulnerability tracker to provide better assistance to the client during a VAPT delivery.
Lead and manage a team of 3 personnel in Vulnerability Research & Exploit Development.
[+] Provide technical assistance to the R&D team for finding new attack vectors and endpoints to fuzz and look for crashes.
[+] Handle and verify the crashes during fuzzing via different toolsets.
[+] Get in sync with the R&D team to provide technical assistance and unique ideas for the techniques used during the weaponization of attachment documents for the Red Team during an engagement.

Red Team EngagementsPhishing CampaignsBreach Attack SimulationsVulnerability AssessmentWeb Application VAPTRed Teaming

Infosec ventures

Senior Information Security Analyst

Jun 2016 – Jun 2018 · 2 yrs · New Delhi Area, India

[+] Honeypot installation in Data Centers to capture and analyse the attacks.
[+] Writing IDS/IPS signatures to detect and block different types of attacks.
[+] Performing malware analysis on the malware captured by installed honeypots.
[+] Performing Web application & Infratructure VAPT on Client’s applications and networks
depending upon the scope.
[+] Performing Red Team Exercises on the Client’s Premises (Physical Security, HID attacks
using social engineering, Network Security etc..)
[+] Network and Patch auditing on client’s network.

Honeypot InstallationMalware AnalysisWeb Application VAPTNetwork AuditingInformation SecurityVulnerability Assessment

Htl infotech pvt ltd.

Information Security Analyst | Trainer

Mar 2015 – Jun 2015 · 3 mos · Noida Area, India

[+] Training Students for Ethical Hacking and Penetration Testing/Vulnerability Assessment.
[+] Configuring Penetration Testing Labs for Practice.

Ethical Hacking TrainingPenetration Testing LabsTraining

Hcf information and security pvt. ltd.

Information security researcher | Project Manager

Feb 2013 – Feb 2015 · 2 yrs · Delhi

[+] Vulnerability Assessment on the Client’s given network.
[+] White/Black/Grey Box Network Penetration Testing (Automatic) on client’s given
network depending upon the requirement.
[+] Handling overseas Projects on Information Security & Training.

Vulnerability AssessmentNetwork Penetration TestingInformation Security

Nt global solutions

Information Security Consultant | Information Security Trainer

Aug 2012 – Nov 2012 · 3 mos · Overseas

[+] Information Security Trainer for training Govt. officials (overseas) in Information
Security, Ethical Hacking and Penetration Testing.
[+] Information Security Consultant for consulting on any information security related issues.

Information Security TrainingConsultingTraining