-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
409 lines (392 loc) · 23.6 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
<!DOCTYPE HTML>
<!--
Astral by HTML5 UP
html5up.net | @ajlkn
Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)
Background image by John Towner, found on Unsplash
https://unsplash.com/photos/empty-concrete-road-covered-surrounded-by-tall-tress-with-sun-rays-3Kv48NS4WUU
-->
<html>
<head>
<title>Aakash Dadhich</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
<link rel="stylesheet" href="assets/css/main.css" />
<noscript><link rel="stylesheet" href="assets/css/noscript.css" /></noscript>
</head>
<body class="is-preload">
<!-- Wrapper-->
<div id="wrapper">
<!-- Nav -->
<nav id="nav">
<a href="#" class="icon solid fa-home"><span>Home</span></a>
<a href="#about" class="icon regular fa-comment-dots"><span>About</span></a>
<a href="#work" class="icon solid fa-laptop-code"><span>Projects</span></a>
<a href="#contact" class="icon solid fa-envelope"><span>Contact</span></a>
</nav>
<!-- Main -->
<div id="main">
<!-- Me -->
<article id="home" class="panel intro">
<header>
<p>Hi there!</p>
<h1>I'm Aakash Dadhich</h1>
<p>I'm currently working as a Cybersecurity Consultant with over four years of cybersecurity expertise.</p>
<p>Based in London, UK.</p>
</header>
<a href="#about" class="jumplink pic">
<!--
<span class="arrow icon solid fa-chevron-right"><span>See my work</span></span>
-->
<img src="images/me.jpg" alt="" />
</a>
</article>
<!-- About Me -->
<article id="about" class="panel">
<header>
<h2>A bit about me</h2>
</header>
<p>
I've been working in the cyber security industry for over four years, during which I've
worked across a wide range of offensive and defensive cyber projects, from performing
penetration tests for clients to managing the delivery of high-profile security fixes
for critical systems across the UK.
</p>
<hr>
<table>
<tr>
<th style="text-align:left;"><h3>Cyber Security Consultant</h3></th>
<th style="text-align:right;">Jan 2023 - Present</th>
</tr>
<tr>
<th style="text-align:left;"><i>PA Consulting</i></th>
<th style="text-align:right;"><i>London, UK</i></th>
</tr>
</table>
<ul>
<li>
<b>Spearheaded the delivery of five high-profile cybersecurity epics</b> for a critical UK government AWS-based platform,
<b>significantly reducing the overall risk posture and accelerating the go-live date.</b>
</li>
<li>
Managed a dynamic team of 6 DevSecOps Engineers in an agile manner, <b>setting and achieving fortnightly sprint objectives</b>
and ensuring timely delivery of each epic while following best practices.
</li>
<li>
Demonstrated <b>adept upward management of senior stakeholders</b> to establish and maintain strong rapport between organisations.
</li>
<li>
Conducted comprehensive gap analyses aligned with <b>NIST Cybersecurity Framework (v1.1 and v2.0)</b> across seven business
units responsible for critical UK national infrastructure. <b>Proposed mitigating security controls</b> to remediate the
identified security risks for both IT and OT systems.
</li>
<li>
<b>Mentored two Digital Apprentices</b>, facilitating their seamless transition into the professional realm. Guided them in client
interaction, document production, and goal setting, <b>fostering their professional growth</b>.
</li>
</ul>
<hr>
<table>
<tr>
<th style="text-align:left;"><h3>Penetration Tester</h3></th>
<th style="text-align:right;">Sep 2019 - Dec 2022</th>
</tr>
<tr>
<th style="text-align:left;"><i>PA Consulting</i></th>
<th style="text-align:right;"><i>London, UK</i></th>
</tr>
</table>
<ul>
<li>
Successfully <b>led and collaborated within offensive security teams</b> to assess the security posture of clients' internal
and external <b>infrastructure networks, web applications and APIs</b>, as well as perform cloud configuration reviews.
</li>
<li>
Utilised expertise in <b>OWASP Top 10, Kali Linux</b> and various tooling <b>(Bash/Python scripting, Burpsuite, Nmap
etc.)</b> to pinpoint vulnerabilities, calculating risk ratings using <b>CVSS v3.0</b>.
</li>
<li>
Effectively communicated findings and remediation strategies to non-technical senior stakeholders during debrief
meetings, <b>ensuring comprehension and actionable insights.</b>
</li>
<li>
<b>Mentored three junior team members</b>, providing comprehensive guidance from onboarding through to initial
certifications and security assessments.
</li>
</ul>
<hr>
<h3>Certifications</h3>
<ul>
<li><b>Google Cloud</b> - Associate Cloud Engineer (ACE) - <i>Expires Jun '25</i></li>
<li><b>CREST</b> - Practioner Security Analyst (CPSA) - <i>Expires Oct '25</i></li>
<li><b>7Safe</b> - Certified Cloud Security Analyst (CCSA) - <i>Expires Jan '26</i></li>
<li><b>7Safe</b> - Certified Security Testing Associate (CSTA) - <i>Expired Aug '23</i></li>
<li><b>7Safe</b> - Certified Security Testing Professional (CSTP) - <i>Expired Nov '22</i></li>
</ul>
</article>
<!-- Projects -->
<article id="work" class="panel">
<header>
<h2>Some projects of mine</h2>
</header>
<p>
You can find a portfolio of some of my recent side projects below, most of which were created
for me to learn a new technology and pushing myself out of my comfort zone. Click on a thumbnail
to view a corresponding description for each project.
</p>
<section>
<div class="row">
<!-- Cloud Resume Challenge dialog (CRCDialog)-->
<div class="col-4 col-6-medium col-12-small">
<a id="openCRCDialog" class="image fit"><img src="images/CRC-thumbnail.png" alt=""></a>
<center><b><p>AWS Cloud Resume Challenge</p></b></center>
<dialog id="CRCDialog">
<h2>AWS Cloud Resume Challenge</h2>
<div align=right>
<i>AWS, Terraform, GitHub Actions, Python & JavaScript.</i>
</div>
<br>
<center><img src="images/CRC-HLD.png" alt=""></center>
<h4>TL;DR</h4>
<p>
<b>AWS components:</b> S3, Lambda, IAM, DynamoDB, CloudFront, Route 53.
<br>
<b>CI/CD pipeline:</b> Automated using GitHub Actions.
<br>
<b>Languages used:</b> Terraform, Python, JavaScript, HTML5, CSS.
<br>
<b>GitHub repo:</b> <a href="https://github.com/AakashDadhich/portfolio2024-frontend" target="_blank">available here</a>
<center><button id="closeCRCDialog">Close</button></center>
</p>
<h4>Background</h4>
<p>
If you're unfamiliar with the <a href="https://cloudresumechallenge.dev/docs/the-challenge/aws/" target="_blank">Cloud Resume Challenge</a>, the premise
is to host your CV online using a cloud hosting platform. From this point, you slowly bolt on more and more cloud features, until you've
familiarised yourself with some of the most common cloud services for your chosen cloud platform.
</p>
<p>
Although I'd reviewed clients' cloud configurations as a penetration tester, I hadn't had much exposure to configuring and deploying
cloud services during my career. Achieving the Associate Cloud Engineer certification for Google Cloud in 2023 piqued my interest in cloud
security, and with this being my first foray into Amazon's cloud offering, this challenge felt like the perfect way to upskill in a
new technology while practising my coding skills.
</p>
<h4>Proof of concept</h4>
<p>
As mentioned above, the challenge has you create the foundational building blocks first, and this starts with converting your resume into HTML
and building out a static website hosted in Amazon S3. While I wanted to improve my core coding skills, web design was not the skillset I was focused
on displaying; to save time and deploy a pretty yet responsive website, I used a portfolio template courtesy of <a href="https://html5up.net">HTML5 UP</a>
and modified to my liking before uploading the files to an S3 bucket.
</p>
<p>
I then used Amazon CloudFront to configure a distribution in order to allow access via HTTPS, and Amazon Route 53 to configure the DNS settings
to serve the contents of the bucket using a custom domain name. In order to resolve a browser warning upon loading the site, I had to use the AWS
Certificate Manager to generate a custom SSL certificate for my domain name. At this point, I found that I had to include the 'https://www.'
prefix when trying to navigate to my site or else it wouldn't resolve, but I overcame this by re-generating the SSL certificate for both the root domain and all its subdomains
through the use of a wildcard (e.g. *.domain.com), and re-configuring my CloudFront distribution to force all access through HTTPS only - a simple tickbox that I
had missed during the initial setup.
</p>
<p>
Now that I had my frontend served reliably over HTTPS using a custom domain name, I had to create a backend to store the value for a website view counter.
This led me to creating a Python-based Lambda to act as an API. This API would be called on website load to retrieve the value from within a DynamoDB table,
which was then displayed on the frontend using a small piece of JavaScript code.
</p>
<h4>CI/CD</h4>
<p>
I chose to use GitHub Actions for the CI/CD pipeline since I was already using GitHub for version control. The behaviour I was hoping to achieve was: upon
pushing local code to GitHub, it would automatically upload my repo into the S3 bucket, thus updating my live website. Whilst researching how to achieve
this, I learned of the GitHub Marketplace where I found the <a href="https://github.com/marketplace/actions/s3-sync" target="_blank">S3 Sync</a> Action. I followed the simple
instructions in order to utilise this within my project, and it successfully uploaded my files to my S3 bucket! This may have kickstarted an obsession with
automation...
</p>
<h4>Transforming infrastructure into code</h4>
<p>
Having completed both the frontend and backend aspects of the proof of concept using the Amazon Web Console, the next step is to transform this infrastructure
into code, using the aptly named term 'infrastructure-as-code' (or IaC for short). I have chosen to learn Terraform in order to implement this, as it's a widely used
technology and will help my transition into a DevOps Engineering role in the future. This has also allowed me to become familiar with the AWS CLI, as well as
best practices for setting up an IAM user group and user to provide Terraform the necessary permissions to deploy infrastructure.
</p>
<p>
This project is still ongoing, albeit in its final stages, as I upskill in Terraform and slowly test my code in a separate repository to ensure it is
mirroring the infrastructure I have created already. While I am aware that there is an import feature within Terraform, I am trying to learn to make
the infrastructure from 'scratch' (and also using modules where it makes sense to). This section of the post will be updated as soon as the project has completed!
</p>
<h4>Lessons learned</h4>
<p>
I've developed my skills a lot during this project, from practising Python & JavaScript, to deep-diving into the configuration of AWS services. However, the most
important lesson I learned was to avoid reinventing the wheel. By using existing solutions for tasks like creating websites or automating jobs
with GitHub Actions, I sped up the process and focused on deploying side projects faster. This approach also aligns with good business practices, i.e. using
programming modules or security templates to make developers use best practices and to ensure compliance with security regulations.
</p>
<p>
Previously, I would try to master an entire topic before starting a project, which was time-consuming and often led to incomplete projects. This time,
I used ready-made templates where appropriate, allowing me to focus on the skills I wanted to develop. I realised I don't need to learn everything
from scratch; I can leverage my existing technical skills and experience to adapt and complete tasks efficiently. I'm excited to finish this project
and move on to the next one!
</p>
<p>
Thanks for reading. You can close this dialog by hitting Esc, or scrolling back to the top and pressing the 'Close' button.
</p>
</dialog>
</div>
<!-- Python/Bash scripts dialog (PBSDialog)-->
<div class="col-4 col-6-medium col-12-small">
<a id="openPBSDialog" class="image fit"><img src="images/PBS-thumbnail.png" alt=""></a>
<center><b><p>Python/Bash Scripts</p></b></center>
<dialog id="PBSDialog">
<h2>Python/Bash Scripts</h2>
<div align=right>
<i>Python & Bash Scripting on Linux</i>
</div>
<br>
<center><img src="images/PBS-thumbnail.png" alt=""></center>
<p>
As a penetration tester, I spent a lot of time in the command line interface, working with shell-based tools
and constantly completing repetitive actions, such as parsing relevant info from large tool outputs or creating directory structures.
I decided to build some short scripts to streamline my workflow.
</p>
<h4>Testssl CSV Parser - Python</h4>
<p>
Testssl.sh is a go-to CLI tool when I need to check the security posture of a site's SSL certificate. The nature of the tool's output
meant that there were many log files or messy CSV files to sort through when you had a large scope of sites to assess. I created this
Python script to parse large CSV output files into a nicely formatted textfile, organising affected hosts by their issues.
This script is a newer, more efficient version of the Bash script below. You can view the code
<a href="https://github.com/AakashDadhich/testssl-parser-python" target="_blank">on GitHub here</a>.
</p>
<h4>NSE Library Search</h4>
<p>
Nmap, a popular port-scanning tool, is also a staple in any pentester's toolkit. Nmap has a huge repository of Lua scripts at its
disposal, and often the junior members I mentored would forget where these were stored, or what each script did. I created a
short and sweet shell script to speed up the searching process. You can <a href="https://github.com/AakashDadhich/nse-lib-search" target="_blank">
view it on GitHub here</a> and see the example usage and output.
</p>
<h4>Testssl Log Parser - Bash</h4>
<p>
This is the deprecated version of my Testssl.sh parser, but written in Bash. This code never left the draft state, so was messy and inefficient and
followed absolutely no best practices, but it served a purpose and was a huge time-saver! You can view it <a href="https://github.com/AakashDadhich/testssl-parser-bash" target="_blank">
on GitHub here</a>.
</p>
<h4>Directory Structure Creation</h4>
<p>
This is just a simple script that I used at the beginning of each new security assessment to build out a folder structure so I could neatly
save my output files in an organised way. For example, it creates folders for Burpsuite, Nmap, Testssl and screenshots. Within
the Nmap folder are three child folders, for TCP, UDP and Fast scan outputs to be stored in respectively.
</p>
<p>
The reason this was so effective was because I set an alias to run the script which took two arguments: the name of the engagement and the month.
This created an easily memorable structure within my Documents sorted by client name, and then by date just by simply running
"pentest [client] [month]"! You can <a href="https://github.com/AakashDadhich/create-pentest-directory" target="_blank"> view it on GitHub here</a>.
<center><button id="closePBSDialog">Close</button></center>
</p>
</dialog>
</div>
<!-- Discord Dungeon Crawler dialog -->
<div class="col-4 col-6-medium col-12-small">
<a id="openDDCDialog" class="image fit"><img src="images/DDC-thumbnail.png" alt=""></a>
<center><p><b>Discord Dungeon Crawler</b></p></center>
<dialog id="DDCDialog">
<h2>Discord Dungeon Crawler</h2>
<div align=right>
<i>Node.js, Discord.js</i>
</div>
<br>
<center><img src="images/DDC-thumbnail.png" alt=""></center>
<h4>Background</h4>
<p>
Created with a partner during 2018's LincolnHack hackathon, we took inspiriation from "Twitch Plays Pokemon" but with our own twist.
We used the Discord Bot API to create a Dungeon Crawler where people in the server react to a message to control the player on a
procedurally generated map. You can <a href="https://github.com/AakashDadhich/DiscordPlaysDungeonCrawler" target="_blank"> view the project on GitHub here</a>.
</p>
<h4>The project</h4>
<p>
The project was made using Node.js and Discord.js. Using a Discord bot, a map is procedurally generated along with items and enemies
using emojis. The bot also posts a message once the map has been generated, which checks for reactions on said message - these are to
control the player character. Once the first reaction is received, a 5 second timer starts and the highest count of reactions wins
and that direction is taken.
<center><img src="images/DDC-1.png" alt="" width="600px" height="auto"></center>
</p>
<p>
When a player runs into an item or an enemy, that enemy's movement is frozen and it is forced to fight. There is a health and score
system too, where the player can choose to 'run into' enemy until it is dead, and will be granted score - or they can run around the
map collecting items which also adds to score.
<center><img src="images/DDC-2.png" alt="" width="600px" height="auto"></center>
</p>
<h4>Lessons learned</h4>
<p>
Managing to create this whole project within a 24 hour window was really challenging. It was my first time ever using JavaScript in
depth, and using Node.js introduced me to server side programming; we used Node.js so that we'd be able to communicate with the Discord API
and be able to alter and update the map. It was also one of my first times collaboratively using GitHub, and we used the GitKraken GUI
this time. It made the experience really streamlined and easy to use, and easy to fix merge conflicts.
<center><button id="closeDDCDialog">Close</button></center>
</p>
</dialog>
</div>
</div>
</section>
</article>
<!-- Contact -->
<article id="contact" class="panel">
<header>
<h2>Connect with me!</h2>
</header>
<p>Whether you'd like to check out my projects in depth on my GitHub profile,
or connect with me via LinkedIn or e-mail, you can find the relevant links below. </p>
<table>
<tr>
<th><a href="https://github.com/AakashDadhich" target="_blank" class="icon brands fa-github fa-3x" style="color:#333333"></a></th>
<th><a href="https://linkedin.com/in/AakashDadhich" target="_blank" class="icon brands fa-linkedin fa-3x" style="color:#333333"></a></th>
<th><a href="mailto:aakash@hotmail.co.uk" class="icon solid fa-at fa-3x" style="color:#333333"></a></th>
</tr>
<tr>
<th>GitHub</th>
<th>LinkedIn</th>
<th>E-mail</th>
</tr>
</table>
</article>
</div>
<!-- Footer -->
<div id="footer">
<ul class="copyright">
<!-- CV download TBC
<li><a href="#contact">Download my CV (.pdf) here</a></li>
-->
<!-- Below text is placeholder if DynamoDB cannot be read. If error occurs,
review DynamoDB or Lambda functions's CORS settings.-->
<div class="counter-number">Couldn't read website views.</div>
</ul>
</div>
</div>
<!-- Project Dialog Template
<div class="col-4 col-6-medium col-12-small">
<a id="openEXAMPLEDialog" class="image fit"><img src="images/pic01.jpg" alt=""></a>
<center><p>Example Project Title Text</p></center>
<dialog id="EXAMPLEDialog">
<h2>Example Project Title Text</h2>
<div align=right>
<i>(Tech/languages used)</i>
</div>
<br>
<center><img src="images/EXAMPLE_PROJECT.png" alt=""></center>
<h4>TL;DR</h4>
<p>
<b>AWS components:</b> S3, Lambda, IAM, DynamoDB, CloudFront, Route 53.
<br>
<b>CI/CD pipeline:</b> Automated using GitHub Actions.
<br>
<b>Languages used:</b> Terraform, Python, JavaScript, HTML5, CSS.
<center><button id="closeEXAMPLEDialog">Close</button></center>
</p>
<h4>Project Description</h4>
<p>Lorem ipsum...</p>
</dialog>
</div>
-->
<!-- Scripts -->
<script src="assets/js/jquery.min.js"></script>
<script src="assets/js/browser.min.js"></script>
<script src="assets/js/breakpoints.min.js"></script>
<script src="assets/js/util.js"></script>
<script src="assets/js/main.js"></script>
<script src="./index.js"></script>
</body>
</html>