• Hi, this is Soumyanil (aka reveng007).
• Red mind. Blue mission.
• Turning attack tradecraft into detections across Cloud & AD via Purple Teaming/adversary Simulation followed by Threat Hunting.
• CRTP and CRTO
• Former Black Hat Asia, USA, SecTor & Europe 2024, Wild West Hacking Fest 2024 Arsenal Presenter and Former Speaker BSides Singapore 2023.

1. Perform Red/purple Team assessments on Client environments.
2. Perform Threat detections/hunting on Cloud and On-prem environments to help detection engineers in authoring detections for identified bypasses, reducing blind spots across MITRE ATT&CK techniques.
3. Developing and deploying custom detections based on analysis of incidents and relevant adversary TTPs via "Detection as Code".
4. Different EDRs, MDI and other Security Product evaluation.
5. Created Offensive CI/CD Pipelines and automated hunting for sensitive keywords in O365 environments.
6. Perform Network PT and Thick Client Testing assessments.
7. Covert Custom C2 creation and Exfiltration related BOF development for BRC4 and Cobalt Strike.

1. Purple Team Engagements —
   Adversary Simulation to Detection Validation Ran 400+ AD attack test cases (ADCS abuse, Kerberoasting, ACL abuse, and more) against MDI's ML-based detections — achieving an 89% alert hit rate and converting previously undetected techniques into validated alerts. Closed 10+ critical detection gaps and expanded SOC detection portfolio by 30% by bridging offensive findings directly into detection logic.

2. AWS Attack Simulation & Detection Lab + Research (Ongoing) -
   End-to-end purple team lab mapping Stratus Red Team TTPs to MITRE ATT&CK, with production-ready Sigma and SQL-based detections built on CloudTrail, sysmon and windows eventviewer — covering Initial Access, Execution, and beyond. Actively publishing a blog series documenting each detection's telemetry, pseudocode, query development, noise tuning, and simulation replay. During research, independently discovered a previously documented AWS API that can be abused to tamper with CloudTrail logging (blog coming soon). It is documented but not at all talked about before.
   link - https://soumyani1.medium.com/

3. Security Product Assessment — EDR, MDI, MDE & PAM -
   Evaluated detection coverage and abuse potential across enterprise security products. Assessed Microsoft Defender for Identity under real AD attack scenarios, analyzed MDE exclusion visibility and abuse under the "HideExclusionsFromLocalAdmins" policy, performed holistic endpoint security review across MDE, Zscaler, DLP, and BeyondTrust on Windows 11, and discovered multiple UAC bypass paths within BeyondTrust PAM under restricted low-flex environments — each with accompanying detection recommendations.

4. Offensive Automation — Cloud & CI/CD -
   Built adversary simulation tooling integrated into organization's automation platform for repeatable cloud attack scenarios and continuous detection testing. Separately, engineered a GitHub Actions CI/CD pipeline enabling remote download, compilation, encryption, and obfuscation of .NET payloads — delivering evasive payloads continuously during purple team engagements.

5. SharePoint Sensitive Data Hunting -
   Hunted for exposed sensitive data across live enterprise SharePoint environments using Microsoft Graph API and KQL — identifying blind spots in DLP coverage and generating actionable remediation findings.

6. Malware & Ransomware Tooling -
   Developed stealthy ransomware and evasive malware strains for internal red team assessments.

• Linkedin Learning - Threat Detection
• O'Reilly - Wireshark for SecOps
• Pluralsight - Threat Hunting: Network Hunting
• KC7Fundation - KQL : Advanced Persistent Analyst
• TryHackMe - Attacking and Defending AWS
• HackTheBox - Detecting Windows Attacks with Splunk
• Maldev Academy - Malware Development Modules
• DeepLearning.ai - Red Teaming LLM Applications
• ZeroPoint Security - Certified Red Team Operator/ CRTO
• Pentester Academy - Certified Red Team Professional/ CRTP
• AttackIQ Foundations of Operationalizing MITRE ATT&CK v13
• Sektor7 RED TEAM Operator: Windows Evasion Course
• Antisyphon Training SOC Core Skills

View my My list of posts !

• How did I approach making linux LKM rootkit, “reveng_rtkit” ?
• CloudGoat Scenario 2: vulnerable_cognito (Small / Moderate): WalkThrough and Mitigation

View my blogs on other platforms:

1. AWS Threat Detection Series — MITRE ATT&CK Style — Execution (Part 2)
2. AWS Threat Detection Series — MITRE ATT&CK Style — Execution (Part 1)
3. AWS Threat Detection Series — MITRE ATT&CK Style — Initial Access
4. My Journey to Learning ThreatHunting: Part 3 - Detection AWS related attacks and events via Splunk - (Part 1/5)
5. My Journey to Learning ThreatHunting: Part 2 - Honing my KQL based detection Engineering
6. My Journey to Learning ThreatHunting: Part 1 - Windows Endpoint Malware Infection detection via Splunk
7. AWS Attack Simulation and Detection Lab (In-Complete - Covering detailed version of it in medium blogs)
8. The Ultimate Cloud Security Championship - Perimeter Leak (June 2025) by Wiz
9. Big IAM AWS CTF by Wiz
10. ExfilCola AWS Cloud Hunting CTF by Wiz
11. Kerberos Deep Dive (original website is sold, so had to add backup)
12. HTB Knife (original website is sold, so had to add backup)
13. THM Steel Mountain MrRobot
14. THM NinjaSkills
15. THM TheServerFromHell