Rudra Attuluri| Security Researcher

Hi, I'm Rudra Attuluri.

A

As a self-driven and quick learner, I am deeply passionate about cybersecurity. My journey in technology is characterized by a constant drive to explore multiple technologies, and I possess a strong understanding of cloud security. As an ethical hacker and skilled programmer, I excel in solving complex, real-world problems. My curiosity and dedication enable me to navigate and innovate in the ever-evolving landscape of cybersecurity.

About

I am a CyberSecurity Grad Student at the University Of North Carolina At Charlotte.

Detail-oriented Security Engineer with professional experience in Cloud Security, Network Security, Web Application Pentesting, Android Pentesting, API pentesting, Machine Learning.

My ultimate aim is to contribute to an environment that not only encourages success but also fosters professional growth. I seek a dynamic workplace where innovation is prized, and diverse ideas are celebrated. In such a setting, I am eager to apply my extensive skills in cybersecurity and cloud security, and to continuously expand my knowledge. I am particularly drawn to opportunities that challenge me to think creatively and push the boundaries of what is possible in technology. By aligning with an organization that values progress and forward-thinking, I hope to play a key role in driving impactful solutions and safeguarding digital assets against emerging threats.

Experience

Castellum Labs

Security Engineer

Castellum Labs is a Cybersecurity company.

Led and managed a dynamic team of 15+ cybersecurity professionals, overseeing all aspects of cloud security, network security, and threat mitigation.
Spearheaded the design and implementation of highly secured cloud architecture, particularly in AWS, ensuring robust protection against advanced persistent threats (APTs) and other cyber adversaries.
Successfully developed and executed a groundbreaking project to build advanced tools for identifying and remediating vulnerable S3 buckets, as well as detecting and neutralizing various cyber vulnerabilities.
Collaborated with diverse clients across various countries, delivering top-notch security solutions, implementing defense-in-depth strategies, and swiftly patching zero-day vulnerabilities to fortify their infrastructure against cyberattacks.
Pioneered the creation of a cutting-edge tool that effectively identified and mitigated log4j2 vulnerability, while proactively detecting and responding to multiple cyberattacks targeting critical servers.
Proposed and implemented a secure access model for EC2 instances, leveraging the innovative Harshi crop vault technology to protect against privilege escalation, lateral movement, and unauthorized access attempts.
Coordinated with a skilled team to configure powerful network level firewalls, fine-tuning multiple firewall rules for enhanced network segmentation and protection against distributed denial-of-service (DDoS) and many cyber-attacks.
Devised and implemented Python scripts for comprehensive analysis and removal of inbound rules, mitigating potential risks from excessive AWS security group traffic and preventing unauthorized access.
Conducted comprehensive firm-wide training on Threat Hunting and Incident Response, elevating the company's cybersecurity posture and preparedness against emerging threats.
Designed and executed an advanced SIEM and Threat Intel platform, leveraging ELK, Hive, CorteX, and OpenCTI to proactively monitor, correlate, and respond to security incidents in real-time.
Utilized MITRE attack navigator and cyber kill chain methodologies to gather TTPs and IOCs of various APT groups, successfully identifying and neutralizing sophisticated cyber threats.
Configured and optimized SIEM rules, enabling the rapid identification of cyberattacks, such as advanced malware, lateral movement, and data exfiltration, while triggering real-time alerts for immediate response.
Championed the implementation of a DevSecOps model, integrating a sophisticated toolset for continuous security testing, vulnerability assessment, and secure code review to fortify applications against cyber exploits.
Implemented a robust Web Application Firewall (WAF) and strategically configured WAF rules to effectively identify and thwart OWASP Top Ten web application attacks, such as SQL injection and cross-site scripting (XSS).
Tools: Python, AWS, Elastic Search, CSF Firewall, Harshi Crop Vault, Git Lab, Jenkins, Hive, Cortex, OCTI, MISP.

July 2021 - August 2022 | Hyderabad, India

Gurugram Police Cybersecurity Summer Internship

Security Intern

Gurugram Police is a cyber police department where I have learned about real-time cyber crime cases and cyber attacks.

Took a part in analysing and understanding the real time cybercrimes in India.
Worked on different technologies, tools and studied different Cybercrimes happened in India

June 2021 - July 2021 | Hyderabad, India

MAVEX

Security Analyst

MaveX is a Start-up company where I started my journey from the beginning of the project.

Conducted comprehensive web application security testing, Android application security testing, and API assessments, ensuring the identification and mitigation of potential vulnerabilities.
Collaborated seamlessly with a dedicated team to address and resolve identified security issues promptly, enhancing the overall resilience of the organization's digital assets.
Expertly performed log analysis, leveraging cutting-edge tools and methodologies, to detect and analyze potential threats, proactively safeguarding critical systems from cyberattacks.
Played a key role in assisting the team with vulnerability patching and security remediation efforts, fortifying the organization's infrastructure against emerging cyber threats.
Tools: Python, Selenium, Php, Burpsuite, Nessus, Fuzzy, Apk Analyser, MobSF, MARA, Jenkins, Apache Jmeter.

January 2020 - June 2021 | Hyderabad, India

-->

Projects

                
Firewall
                  Developed an advanced Python-based firewall using MITM proxy, showcasing proficiency in
network security and programming. Integrated VirusTotal API to enable real-time analysis of live traffic
                
AccomplishmentsTools: Python, MITM Reverse Proxy
Developed an advanced Python-based firewall using MITM proxy, showcasing proficiency in
                    network security and programming. Integrated VirusTotal API to enable real-time analysis of live traffic, empowering
                    the firewall to proactively detect and block malicious sites. Implemented robust functionality to identify and quarantine
                    malicious files downloaded by users, effectively enhancing endpoint security..

Securing Network Communications
                  Single SignOn Method
                
AccomplishmentsTools: LDAP, Kerbros, LXC, Virtual Machines, Reverse DNS
Implemented Single sign-on service using Kerberos, LDAP,
                    DNS(Master and Slave), and containers service that provides single-sign on for many enterprise services.

Project VPN
                  Created VPN Server using strongswan and OpenVPN
                
AccomplishmentsTools: OpenVPN, AWS, strongswan, EC2.
Spearheaded the creation of a secure VPN server using Strongswan and OpenSSL,
                    employing self-signed server keys and optimal configurations to establish a reliable and encrypted communication channel.
                    Successfully conducted comprehensive testing, facilitating seamless connections for iOS and Android devices, securing
                    data transmission via the VPN.

OpenSSL
                  SSL Configuration using OpenSSL
                
AccomplishmentsTools: Apache, AWS, strongswan, EC2.
Configured an Apache webserver with SSL settings, facilitating client-server
                    connections using HTTPS, establishing a secure environment for data transfer.
                    Implemented state-of-the-art TLS protocol, AES256 encryption algorithm, and SHA256 hashing for message
                    authentication code, bolstering data security and confidentiality.

Bus Tracking App
                  A Bus Trackinig app based on Android Studio
                
AccomplishmentsTools: Android Studio, JavaScript, Firebase
Register/login to the app as user.
Search and selecting the bus.
User can Requst wait to the driver in case if he misses the bus.
ETA is given based on the distance.

Port Scanner
                  A Simple Port Scanner Tool
                
AccomplishmentsTools: Python
Identifies the open ports for a given sites.
Displays all open ports of the site

Heart Disease Predictions
                  Data Science Framework - Heart Disease Predictions, Variant Models and Visualizations.
                
AccomplishmentsKeywords:Heart disease, data science, symptoms, Prediction Model, healthcare, Visualization.
This work majorly aims to find the optimal classification algorithm on the heart disease affected health records and majorly influencing parameters. 
This can be used for predicting the heart disease on the classification reports. 
This experimental work focuses on the performance of the system was tested and classified by various algorithms such as Random Forest, Vector support,

College Apps
                  A simple college app for checking the time table and course content and ppt's provided by Professor's.
                
AccomplishmentsTools: HTML, CSS, Bootstrap, Xcode
Users can view PPt's and course content and all pdf's provided by professors.
Admin can Add, Delete, Update the content.