Hi, my name is
Mrigendra Soni.
Lets just say I hack things.
I’m a product security engineer specializing in pentesting web apps and networks, conducting cloud environment audits and local privilege escalation. Currently, I’m focused on securing the awesome products at Zendesk.
About Me
Hello! My name is Mrigendra and I enjoy hacking, or should I say pentesting. My interest in offensive security started back in 2017 when I stumbled across discord servers posing as Anonymous group, not that it worked out very well but eventually I came across HackTheBox where I was able to secure 49th position in India and 420th, internationally.
I have had the privilege of working at FireCompass , StoryXpress and Deriv . I'm currently working at Zendesk as a Product Security Engineer building security inclusive development processes, secured infrastructure and a safe experience for the customers at Zendesk. When I'm not working I like to Blog about my learnings.
I've completed a few certifications as well like eCPPTv2 by eLearSecurity and PACSP by Pentester Academy.
In my spare time, I enjoy writing scripts and building tools to automate processes. Here are a few technologies I’ve been working with recently:
- Python
- Solidity
- Bash
- Docker
- Snyk
- Burp Suite
- Nessus
- Wiz
Where I’ve Worked
Product Security Engineer @ Zendesk
March 2022 - Present
- Deliver high-quality penetration tests on new functionalities, data-flow changes or new services in a cross-region environment
- Leading security engagements, performing threat-modeling and secure architecture review exercises
- Remediating bugs detected through Detectify, Snyk, Wiz, DataTheorem, and HackerOne program thus improving the security posture of the infrastructure
- Working closely with multiple engineering scrum teams for resolving bugs reported in Zendesk product
- Collaborate with multiple stakeholders to ensure the implementation of best security practices within the organization
Some Things I’ve Built
Featured Project
Solidity Scanner
A security recon tool to scan solidity code files for basic security issues/bugs. Integrated checks for publicly declared functions, solidity versions to detect overflow/underflow conditions. Currently in-development to integrate more checks.
- Solidity
- EVM
Featured Project
ScanForMe
A fast Python-based network scanner to discover hosts within a subnet. It also displays the MAC addresses for the discovered hosts.
- Python
- sockets
- scapy
- argparse
Featured Project
changemac
changemac is a python3-based script to quickly spoof your MAC address during a pentest engagement.
- python3
- subprocess
- optparse
- regex
My Blogs and Articles
view the archiveUnderstanding EVM Storage
The writeup is a crisp attempt to explain the storage structures in Ethereum Virtual Machine (EVM).
DNS, Subdomains & a tale of Takeovers
An extensive documentation on Subdomain Takeovers, explaining every component associated with it.
Block-Chain: What is it?
A writeup to explain the various components of a blockchain in a concise manner.
Active Directory: My Way (Part 1)
An simple writeup to explain Active Directory and the various components that comprise it.
Active Directory: My Way (Part 2)
A follow-up on the 2 part series about Active Directory. I intend to explain 2 attack vectors, LLMNR Poisoning and SMB Relay Attack.
ECS — The AWS-Docker Confluence
A writeup on the infamous ECS service available on the AWS cloud.
What’s Next?
Get In Touch
Although I’m not currently looking for any new opportunities, my inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!
Say HelloFind me on Intigriti.