About me

I'm Subhash Popuri, an aspiring Purple Teamer (Red Teamer + Blue Teamer) associated with EY India's Cyber security practice. On a daily basis, I work on the following things: * Red Teaming: * - Red Teaming assessment of Client's Infrastructure through Adversary simulation. - Adversary simulation by following all Cyber Kill chain phases like Enumeration, Initial Compromise, Privilege Escalation, Internal Recon & Data Exfiltration. - Conduct cyber security red team assessments and mapping findings to frameworks like NIST and MITRE. - Automate several phases of enumeration and exploitation. - Physical Intrusion assessment at Client's Offices - Assessing Blue team's capability to stop a real world adversary and reporting findings in a presentable and actionable manner. - Researching and staying up-to-date with new security vulnerabilities and new TTPs of exploitation. * Blue Teaming: * - Forensic Investigation of small to mid scale cyber security incidents for top banks and organizations in the country. - Assisting in large scale Incident response to top-notch firms. - Designing of playbooks for automating Threat hunting process through the integration of IOC and IOA. - Occasional threat intel research by mixing OSINT (Open source Intelligence recon) techniques for identifying recent TTPs leveraged by advanced threat actors. - Threat identification and mitigation by analyzing existing client setup and suggesting relevant changes. - Developing tools like Ransomware simulator, Attack simulators, C2 frameworks leveraging lesser known techniques for blue teams to test their existing detection mechanism's efficacy against advanced and lesser known techniques. Apart from work, I spend my most of my free time with Research on ML and Data Science for better Cyber security detection, Movies and Travelling. I've been privileged to work with many world renowned security teams like Google, Facebook, Twitter, Microsoft, Dell, Cisco among many others as a part of their bug bounty /responsible disclosure programs. I'm fortunate enough to have helped the USA.GOV security staff about potential security vulnerabilities way before their responsible disclosure program was announced. I'm open to pro-bono consulting and helping people within my legal capacity. If you want to get in touch with me, spare an INMAIL, I can be reached via e-mail at pbssubhash[@]gmail.com (Please remove "[]" ).