Eshaan Bansal

Web Pentester | CTF player | Fullstack Developer | Sophomore at USICT

About Me

I am a sophomore pursuing B.Tech in IT at USICT, GGSIPU Main Campus.

My CS interests currently lie in Cybersecurity and Web Development.

The most interesting things happening in my life, right now, academically speaking are:

  • Serving as part of the core team at DEF CON NCR group, DC91120
  • Serving as the General Secretary at the cyber security club, Rooters at USICT.

I am actively looking for cybersecurity and research internships for winter 2019. I am available remotely too.

A pdf version of my resume is available here.

Experience

Unmudl Technologies(Posify)

posify.in

Fullstack Web Development Intern

August 2019 - October 2019

Flask Angular 8 Ionic PostgresSQL Redis

Posify helps hundreds of restaurants run their business: from secure online payments to point-of-sale solutions.

  • Worked on a Point Of Sale (POS) system(used Angular 8, Nebular, ngx-admin)
  • Developed an e-commerce food delivery PWA in Ionic(Angular) with Firebase backend. Available @ Order.posify.in
  • Writing APIs in Flask, working on celery tasks, defining complex models using SQLAlchemy
  • Used PostgreSQL, Redis, Elasticsearch, etc.
  • Internship Letter: here

Open Bug Bounty

openbugbounty.org/researchers/maskofmydisguise

Independent Security Researcher

Open Bug Bounty is a non-profit Bug Bounty platform

With many valid bug submissions, I have also been included in the Hall of Fame of Visier.com for Responsible Disclosure of CORS vulnerability.

Infosec Community

DEF CON 91120

dc91120.org

Core Member at Organizing Team

April 2019 - Present

DEFCON 91120, NCR India, is a DCG by DEF CON. Our community is open and free for all who are interested in information and application security domain. This is a not-for-profit organization. You learn, earn and share with the community.

Being part of the core organizing team, my responsibilites include:

  • Helping and organizing the hacker’s meetup every 2 to 3 months.
  • Networking with other security researchers and speakers who are interested in presenting a CFP at the meetups.

Problem Setter, for Capture The Flag(CTF) competitions that are held at every meet up, for which I:

  • Presented a live write-up/demo session on my challenges at the 0x01 meet.
  • Wrote a CTF framework in Flask for the 2nd meet CTF.

Abs0lut3Pwn4g3 CTF Team

https://abs0lut3pwn4g3.github.io/

Founding Member & CTF Player

Abs0lut3Pwn4g3 is a group of developers and hackers, We participate in and conduct Capture The Flag Competitions.

  • Ranked under #10 in India and #100 all over the world on CTFtime.org
  • Organised 2 Capture The Flag(CTF) competitions, encryptCTF and RootersCTF 2019 in which 1000+ teams participated from all over the world.
  • Rank 2nd in Krack-JIIT CTF
  • Rank 18th in BITS CTF
  • Under Top #10 team(India) in cyBRICS 2019 CTF Quals.
  • Publishing CTF writeups

Projects

RootTheBox - A CTF Framework in Flask

https://rtblivedemo.herokuapp.com/

Flask SQLAlchemy Heroku JWT Flask-Blueprints Flask-admin PostgreSQL

A CTF framework (developed in Flask) for HackTheBox style machines.

  • Employed libraries such as: Flask Blueprints, SQLAlchemy, WTForms, Flask-Login, Flask-admin for Admin views and easy realtime management
  • Out of the box deployable on Heroku
  • Using SQLite and PostgreSQL for Database.
  • A page to show relevant details about the machine such as: IP, OS, points and difficulty level
  • Features like User Authentication, Account Management, Forgot Password, Notifications, and Full Fledged Logging
  • Hash submission (currently 2 hashes: user and root)
  • Real time scoreboard tracking.

Food Delivery PWA

https://order.posify.in/

Ionic 4 Angular 8 Firebase

A Food Delivery App for Vendor, built in Ionic 4 & Angular 8.

  • A Food Delivery App for vendor.
  • Progressive Web App(PWA) deployed on Firebase.
  • Uses RazorPay API for payments.

UnmaskIP

https://unmaskip.firebaseapp.com/

Flask Angular 8 PostgreSQL ElasticSearch echarts.js

Web app that scans an IP address to detect whether it's VPN/Proxy and fetch whois record.

  • Web app that scans an IP address to detect whether it’s VPN/Proxy and fetches whois record.
  • Some cool dashboard stuff for the data scientists.

Education

Guru Gobind Singh Indraprastha University

B.Tech in Information Technology

2018 - 2022 (Expected)

University School of Information, Communication and Technology, GGSIPU Main Campus.

  • General secretary of the cyber security club, Rooters.

Kulachi Hansraj Model School

Higher Secondary; Physics, Chemistry, Mathematics and CS.

2016 - 2018

  • Graduated High School with 94.6% in CBSE boards.
  • Received a trophy and a certificate for achieving the higest scores in Physics, my senior year of high school.
  • Completed my High School project in Computer Science on the, “Bank Management System”. Tech used: C++ and MySQL

Few things I am proud of

PentesterLab.com

See Credentials

Completed all 12 active badges and wrote a Blog Post on my key learnings!

Hall Of Fame from Visier.com

See Credentials

Submitted a vulnerability in Visier.com bug bounty program on openbugbounty.org

Hall Of Fame from OYO Rooms

See Credentials

Submitted a vulnerability in OYO Rooms Website and got HoF and monetary reward.

Google Cloud Platform(GCP) Essentials

See Credentials

Completed GCP Essentials badge on Google’s qwiklabs.

Python for Security Professionals

See Credentials

Python for Security Professionals course at Cybrary.it.

A Little More About Me

I love learning new things, and blogs are my way of doing so. I am an avid reader.

I am an absolute nerd and have worked on various technologies including Linux, Git, Heroku, Docker, Google Cloud Platform, Raspberry Pi and Arduino microcontroller.

Alongside my interests in cybersecurity and web development some of my other interests and hobbies are:

  • Food, lots of it.
  • TV Shows
  • Blockchain and Cryptocurrencies