Sathish arthar O.
Penetration Tester, Intrusion Analyst, Linux System Administartor.
Last active: 14 days ago
Clear timely communication with the clients and their team is always my priority.
I am a professional penetration tester / ethical hacker / IT Security Expert , I have been performing vulnerability assessment and penetration testing for local / international clients from around the world delivering according to the current industry standards and best methodologies (OWASP TOP 10, SANS TOP 25, CWE, OSSTMM, PTES etc.)
My personal expertise include complete Kernel level security audit for all known buffer overflow and brute force vulnerabilities/exploits & application level fuzzing/penetrating testing for all known/unknown & possible exploits/vulnerabilities.
Expertise in Monitoring and analyzing Intrusion Detection Systems (IDS) to identify security issues and Investigate suspicious security event activity through IDS (Snort, Bro) in the IT Infrastructure.
Testing Web Applications with Open Web Application Security Project and Enabling OWASP Application Security Verification Standard.
Create, modify, and update IDS and Security Information Event Management ( OSSIM ) tool rules.
Web Pen Tools: HP Web Inspect, IBM Rational Appscan, Burp Suite, Paros, Web Scarab, CURL, Wireshark, Acunetix, Qyalys Nessus, Shavlik, App-detective, Kali Linux tools.
Monitoring: Nagios, munin, zabbix, zenoss.
Network IDS: Snort, Bro, Suricata.
Host IDS: Ossec, Tripwire.
Network Mangement: NMIS.
SIEM: Alienvault OSSIM.
Vulnerability Assessment:OpenVAS, Nessus, OSSEC.
Professional Network and Web Penetration Testing:
Web Application/SaaS Security Testing and Defense.
a. XSS Cross-site scripting attacks
b. CSRF Cross-Site Request Forgery attacks
c. SQLi Advanced SQL injection attacks (MySQL & MsSQL Blind/error based/without error)
d. LFI Local File Inclusion attacks
C/C++, Bash scripting, Perl, PHP, SQL, Python, Assembly language, Ruby, Powershell.
Offsensive security certified proffesional (OSCP), Certified Ethical Hacker (CEH), Security+ , Redhat System Administrator (RHCSA), Redhat system Engiineer (RHCE), Redhat virtualization administrator (RHCVA).
I am also Linux Administration, having solid background in the fields of Networking, Virtualization, Application servers, Database administration , Internet security etc. I have worked on LAMP Architecture, Clustering of LAMP, Load balancing, MySQL replication, Nameservers, Mail Servers, Monitoring tools, FTP, SVN, Virtualization with Xen, VMWare, Virtualbox, OpenVZ . I am also very proficient with bash scripting to automate server administration tasks.Available for on-demand support as well as on-going maintenance and monitoring contracts
I have been working with all the major providers: Softlayer, Godaddy, Hostgator India.
Server Distributions: RedHat, Centos, Fedora, Debian, Ubuntu, Gentoo, Suse, Mandriva, Opensuse, Kali linux.
Web servers: Apache, Lighttpd, Nginx, Tomcat
Web applications :- Wordpress, Joomla, Drupal,
E-Commerce Security - OScommerce, prestashop, Magento
Mail SMTP: Sendmail, Postfix, Zimbra Collabration suite, Qmail.
File servers: Proftpd, Pureftpd, Vsftpd, Sftpd, TFTP, NFS, Samba
DNS servers: Bind9, MyDNS, NSD
Mail servers: Postfix(TLS,SASL), Exim, Sendmail, Qmail, Dovecot, Courier.
Logging services: Syslog, Rsyslog, Syslog-ng
Proxy servers: Squid(forward and reverse proxy), nginx, pound, lighttpd.
Firewall configuration: NAT, mangle, connection tracking: iptables, ipchains.
Jabber servers: Openfire.
Database servers: MySQL, Postgresql
Backup: Bacula, bash scripts.
Cloud computing: Openstack and Cloudstack.
Virtualization: Openvz/Virtuozzo, Xen, Qemu, KVM, VMware Server, Virtualbox.
Security: Nessus, John The Ripper, Tiger, Netcat, PGP, Nmap, superscan, SSH, SSL, TLS, TCP Wrappers, Wire Shark ,Ethereal, dsniff, tcpdump, XSpider, Retina, chkrootkit, Tripwire, Antivirus software for mail servers(spamassassins) ,SPAM filtering by means of DNS blacklists(procmail), custom rules, Rootkit and backdoor identification and removal, DOS and DDoS defense, Logwatch.
Batch OS installation, automation: Kick Start, PXE Installation.
Web based Control Panel: Cpanel, WHM, Plesk, Directadmin, Webmin.
Zimbra Collaboration suite/Exim/Qmail/Postfix Administration: Troubleshoot mail issues, Investigation of spamming, Configure RBLs, Adding SPF records, Enabling DomainKeys. CouriesIMAP, SpamAssassin, Dovecot, POP3 setup.