Cyber Security Engineer - Deloitte [Cyber Risk]
Found security issues that prevented leak of personal information belonging to 100 million+ people. I specialize in finding vulnerabilities in Web, Mobile applications, IT infrastructure, and consulting on why, how, and when to fix them.
- Found a critical Session Management issue in Rapid7 Nexpose (also for insightVM).(CVE-2019-5638 and CVE-2019-5640 assigned)
- Reported security issues in Quick Heal Total Security, an Antivirus software (CVE-2020-27585, CVE-2020-27586, CVE-2020-27587 assigned)
- Reported an Authorization vulnerability and other bugs in Crypto currency mining software Nicehash Miner (CVE-2019-6120, CVE-2019-6121, CVE-2019-6122 assigned)
- Found a CSRF in phpMyAdmin , submitted an exploit for the same on exploit.db, featured in prominent InfoSec blogs like The Hacker News, security week, etc. (CVE-2017-1000499 assigned)
- Acknowledged by Google, Apple, Rapid7, FireEye, United Nations, Govt of India, Amazon, United States- Department of Defense, IBM, Symantec, United Airlines, Coinbase, JPMorgan Chase, Twitter and multiple Fortune 500 companies for finding out security issues.
2010-2015Ahmedabad Institute of Technology
Bachelor's Degree-Computer Engineering
Studied Computer Engineering. Learned concepts of Computer Networks, Java, C, C++, asp.net, C#, Database Management System, Operating Systems, Microprocessors and more.
2015-2017National Forensic Sciences University
MTech in Cyber Security and Incident Response (Masters Degree)
Masters Degree in Cyber Security. Learned performing Vulnerability Analysis, Incident Response, Application Security, SCADA Security, Risk Management and more
Jun 2017 - May 2019Deloitte India - Cyber Risk
Cyber Security Consultant
Performed Application security assessments, Configuration Review, involved in kick off meetings, Explained security issues and remediations to Clients, management and developers
Jun 2019 - May 2022Deloitte India - Cyber Risk
Promoted to Assistant Manager. Performed Vulnerability Management, Application Security Assessments, Penetration Testing and analysed alerts from Automated tools
Jun 2022 - PresentDeloitte India - Cyber Risk
Performed Purple teaming, Breach and Attack simulation, Developed scripts for automating some scenarios
Thank you for your great engagement in our program. It's a great pleasure to work with you
We greatly appreciate your assistance in helping to maintain and improve the security of our products.
We really appreciate all the time you have put into your research, thank you again for helping us to protect our customers.
Thank you for participating in our Bug Bounty Program and helping us improve our security! We appreciate your participation in this program and encourage you to submit any other bugs you find.
Coinbase would like to thank you for your various findings over the years. Your research has been essential in helping Coinbase improve its security posture. We look forward to your future work.
Harvard appreciates responsible reporting of information security issues impacting our systems and networks. Thank you, Ashutosh!
Thanks to @ashu_barot for reporting CVE-2019-5638 privately to Rapid7, which was fixed back in Nexpose version 6.5.51. All customers should have the update installed and running by now!— Rapid7 (@rapid7) August 21, 2019
Hi Ashutosh,— Quick Heal (@quickheal) December 2, 2020
Thank you for your words of appreciation !
Team Quick Heal.
Acknowledgement From @FireEye for reporting a Session Management vulnerability in FireEye Endpoint Security Console (FireEye HX).. #FireEye 2019 Q4 Security Advisory - https://t.co/26CeCgVzzk#HallOfFame #infosec #cybersecurity pic.twitter.com/yJxg41eIcj— Ashutosh Barot (@ashu_barot) February 13, 2020
How I Received 3 CVEs for finding vulnerabilities in Quick Heal Total Security
Crypto-Mining Marketplace NiceHash Fixed a Vulnerability Which Leaked Miners’ Information
This Vulnerability in phpMyAdmin Lets An Attacker Perform DROP TABLE With A Single Click!