About

cropped-158332928_4031280893583635_4912141347984268643_o.jpg

I am passionately in Cyber Security. 16 years’ experience in several industries (e.g. Oil and Gas, Software Development, Banking and Aviation). My expertise is Penetration Testing, Incident Response, Threat Analysis and Malware analysis including Security configuration for Network, Windows, Linux and Web Application. This strong background gives a detailed view on developing the information security strategy to secure Company’s digital assets Information System.

 

  1. Penetration testing for banking industry such as Core Banking, SMS Banking, Transaction Switching, Payment Gateway, Mobile Banking, Online Banking, Online trading and Various Cards Application. Segmentation Test for PCI requirement
  2. Malware and exploit research and analysis for common and targeted attack for Oil & Gas and Banking Industry.
  3. Security code review for Python, PHP, C#, Java and C++
  4. Threat hunting in the oil & gas and banking industry environment. Analysis of several log such as WAF, Firewall, IDPS, Web Application Server, Windows/Linux security event log, Internet Proxy
  5. Threat Modeling and threat use case for banking application using OWASP and PASTA framework
  6. Develop security application automation with Python and C#
  7. Technical team leader for CSOC team which consist of 8 personnel from various background such as SIEM, Public Key Infrastructure, and Network Security.
  8. Project manager for cyber security software and hardware implementation.
  9. SIEM QRadar log on boarding, CRE (Custom Rule Engine), Develop new building block and AQL. SPLUNK log index query.
  10. Amazon Web Service infrastructure (EC2, Fargate, S3 Bucket, Load Balancer, Inter Region Connection and VPN tunnel with enterprise network)
  11. Depth Understanding on below
    1. Hacking and Malware Analyses Tools : Burpsuite, Acunetix, Kali Linux, IDA Pro, X64dbg, Hex Editor, Visual Studio, PyCharm, Autopsy and Vmware ESXi
    2. Firewall : Checkpoint, Palo Alto, PFSence, NGINX and F5 Web Application Firewall
    3. Proxy : Bluecoat Proxy
    4. Antivirus/EDR : Symantec, CrowdStrike, Cylance and SentinelOne

5 comments

  1. Hello Mr. Activiti,

    I am trying to integrate the workflow with my struts-spring based application.
    can you please show me a short step by step (text-demo )…like (self registration page for users-> submitted for approval–>approved/ignored–>saved in legacy database/form dropped.).
    actually, where i am facing problem is…
    after converting a web development project to maven project..
    i tried to introduce .bpmn file, application context-spring.xml.POm.xml. and related depencies…
    but facing multiple errors relation m2Eclipse version and form not found…
    I also tried to follow ur blog of 26th jan 2013.. but again same..
    so, kindly help me out in this integration process.

  2. Hello rioasmara I’ve gone through your blogs, Post those are some high level knowledge, thank you for such knowledge sharing. I want to understand a proper approach on how to make tailor made malware to protect my company by constantly checking the worth of EDRs and other solutions.

    Please let me know if you have some good material repositories or anything do let me know.

    Thanx

    1. Hi,
      The first approach is to understand your EDR configuration. Some EDR become less effective on detecting malware because of missed configuration where you will find default configuration, wrong customization, whitelist here and there and so on.

      The second approach that you have to understand the behaviour of your EDR product. Nowadays, EDR are using combination of multiple information during analysis such as Windows API Calls, Static Analysis, Process tree, Interaction with other process, Network activities, Dll loading, Interaction with OS and etc. So there will be no single way to bypass all EDR. You will find that your EDR will prioritize only to some information for analysis compared to the other to optimize the detection time.

      The third approach is to keep updated with latest APT techniques and research on windows API (Alot of undocumented windows API being abused) if you were testing windows based malware.

      The fourth approach is to continuesly adjust the EDR configuration following the dynamic of your environment and latest type of attack.

Leave a Reply to anand Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s