unnamed AI project

November 2024

A secret AI project that does something kewl.

BlackHat Middle East and Africa

November 2024

!ها أنا هنا مرة ثاني

Presented Piiscout at BlackHat MEA 2024 in Malham, Saudi Arabia. Couldn’t present Secretsnitch due to… issues.

Met tons of people (again), learned a myriad of new stuff from them (again).

Subblaster

June 2024

This is yet another e d u c a t i o n a l tool to bruteforce DNS Resolvers and pull out as many subdomains as possible using Terraform!

Note: please don’t DDoS with this. Thank you.

secretsnitch

May 2024

Secretsnitch is a tool I wrote to help bug bounty hunters grab hundreds of secrets from multivariate sources in a matter of seconds.

This tool can catch millions of secrets across GitHub, GitLab, Bitbucket, Dockerhub etc. It helped me catch tons of AWS Secrets, mongodb production credentials and several others for fintech companies, government departments etc.

Update: This tool was taken down due to a cease-and-desist notice from my former employer.

Piiscout

April 2024

Started working on Piiscout with Othman Ali Khan, who helped with regional PII definitions for Saudi Arabia, and Abhijeet Ingle, who helped with the regional PII dorks for Maharashtra, India.

The tool is educational in nature. It is an attempt to continuously catch PII leaks that most people don’t notice using super-duper AI x OCR magic.

BlackHat Middle East and Africa

November 2023

!سلام عليكم، سعوديه .شكراً للاستقبال

Presented Octopii v2 and BucketLoot with Umair in Riyadh, Saudi Arabia. Met tons of people, learned a myriad of new stuff from them.

I was also interviewed about my journey in cybersecurity and some of my experiences there!, which they were kind enough to publish.

Fourteenth International Conference, ITC 2023

January 2023

Authored “Detection and Classification of Personally Identifiable Information in Images Using Artificial Intelligence,” based on PII research conducted at RedHunt Labs.

Available here

Graduation

October 2022

Got my Bachelor’s degree from KLS Gogte Institute of Technology. Made some amazing friends. What a fun four years.

College taught me the concept of makeshift/workarounds/jerryrigging/hacks, or as Hindi speakers call it - “जुगाड़”. Finding quicker solutions to problems irrespective of the status quo helps you generate alternate and unique perspectives on how things work. For example, folding your clothes and keeping them under your bed while sleeping overnight to “iron” them, reusing an old laptop as a gaming console or home server, hanging up wet curtains to use them as passive air-conditioning, using your backpack as dumb-bells, gluing things together, you name it!

BlackHat Arsenal USA

August 2022

Octopii gets featured at BlackHat Arsenal USA 2022.

Octopii

March 2022

Wrote Octopii, an AI-powered Personally Identifiable Information (PII) scanner powered by Haar Cascades, Tesseract, Optical Character Recognition (OCR) and NLTK.

I came across this problem when I was performing some research at work. Since we collect IP addresses and such, I received one, where Apache directory listing was enabled. It belonged to a small business, and it had pictures of hundreds of Indian government ID (Aadhaar, PAN, drivers’ licenses). I was looking for an open-source tool that helped me automate the detection of these resources and couldn’t, and so I tried making one. The first version was terrible, since I was tackling the problem incorrectly. In order to train a model on images of PII, I need…images of PII! Which is not something that is easy to obtain. So I took the alternate route in v2, which was scanning text already present on PII and approximating metadata about it. This worked and had far less computation and labor involved.

Octopii was mentioned on Intigriti’s Bug Bytes Newsletter and on Daniel Miessler’s Unsupervised Learning podcast, gained a lot of unexpected traction in the GitHub, OSINT and Kali Linux communities and is currently RedHunt Labs’ most active repository. I was also thrilled to learn that I made it to the Hackers of India community thanks to all the love you showed to it.

Original blog here

RedHunt Labs Private Limited

January 2022

Joined RedHunt Labs as a Security Researcher. Managed deployments and infrastructure for the Research team. Worked with ElasticSearch, Logstash and Kibana. Wrote and debugged several security tools in Golang and Python. Learned a lot from Somdev, Pinaki and Umair.

ThinkPad E14 Synaptics driver port

July 2021

Another failed attempt at reverse-engineering. This one was a bit more difficult than I expected, so I left it alone. A lot of people starred it and were willing to fund it though.

If you’d like to contribute, contact me or fork the project.

Lenovo basically cheaped out on their hardware and tried to use Shenzhen Goodix fingerprint scanners because they’re cheap. However, this OEM hasn’t made anything open source or available online, making Linux compatibility of these scanners an absolute nightmare.

Update: There has been effort on this front by others though, and it has resulted in several Goodix fingerprint sensor models now working. Yay!

Archived here

Bonhomie Solutions

March 2021

Worked on backend, infrastructure, data protection policies and system design with Stephen, Ross and Kuda on project HomieBot.

Keyspace

February 2021

Founding member of keyspace.cloud, along with Rohan and Nimish.

Wrote the official Android app for it.

Keyspace has been discontinued as of December 2024. Here’s a big thanks to everyone who trusted us and gave us their data. 🎉

GetPerms

November 2020

Wrote my first library, GetPerms. Nothing special, was just curious to see how many permissions can an Android app read from other Android apps. To my surprise - a lot! To a point where you can almost “fingerprint” people’s phones.

Fortunately, Google fixed this in Android 11.

Wristkey

February 2020

Wrote a completely standalone two-factor authentication app for Android Wear / Wear OS. Google pulled their Authenticator out of the Wear Play Store and I needed an offline 2FA authenticator because my G Watch W100 doesn’t have WiFi. Released it on GitHub to help others in my situation.

Turns out the app is a bit unique, in that it can read data from USB and can perform direct Wi-Fi transfers from devices meaning any Android-based device can run the app.

Play Store link

openTransmit

September 2019

Wrote FTPSetup for Android and openTransmit for iOS, two utilities to make data transfers between iOS 11+ devices and Linux distros more seamless.

Polytechnic

December 2018

Graduated from Polytechnic school after failing math for 4 semesters.

Turns out math is not as difficult as it seems. Everyone has a style of learning, and mine was through visualization, as opposed to rote memorization of techniques and formulae. I sat down and went back to the basics of arithmetic, what number theory is, and the concepts of statistics and calculus, deriving everything from scratch. I also tried plotting these on a graph, and how incorporating these in varying quantities into my daily life would make it easier.

This philosophy of skillsets being interoperable and transferable helped me immensely (for example: realizing that summations in statistics are for loops in programming, that Wi-Fi and cell signals used Fourier Transforms, that Material Design animations used interpolation etc.) For the first time, everything made sense. The universe around me felt alive.

This nearly 8 year long struggle with math reminds me of Claudia Mueller and Carol Dweck’s locus of control experiment.

Laser Communications System

November 2017

My initial Polytechnic school final year project I made with Nelson. Got rejected because it wasn’t “CS enough” (whatever that means).

The idea was to link large distances with lasers so that I could have calls with my friends in the neighborhood without worrying about cell phone bills. A prototype of this worked, though it sounded extremely attenuated. I thus got the idea of submitting it as a project, but they rejected it and imposed upon us the idea of some strange app.

Archived here

Home automation

February 2014

Performed my own automation setup, with a Raspberry Pi 1A, IFTTT, Tasker and a Belkin Wemo switch.

I later realized how many attack vectors it had and how important educating yourself on these things is, especially before exposing your home network to the internet.

Moto X APK ports

December 2013

My first major project, an attempt at reverse-engineering and porting some very popular features from the first ever Moto X. Became top Moto G repo of the week on XDA Developers.

Archived here (Please don’t roast me, I was a kid trying to look cool)