Eshaan Bansal

GSoC'20 | Pentester | Fullstack Developer | CTF player | Sophomore at USICT

About Me

I am a sophomore pursuing B.Tech in IT at USICT, GGSIP University Main Campus.

My CS interests currently lie in Cybersecurity and Web Development.

What I am working on right now:

I am looking for cybersecurity, software development or research internships for winter 2020. I am available remotely too.

A pdf version of my resume is available here.

Experience

The Honeynet Project

https://summerofcode.withgoogle.com/projects/#5634812913647616

GSoC Student Developer

June 2020 - August 2020

Django Angular 9 PostgreSQL OSINT Celery

The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.

  • Google Summer of Code 2020 Student Developer under The Honeynet Project
  • Working on Intel Owl, a threat intelligence data gathering API.
  • Adding support for additional external analyzers such as HoneyDB, Hunter, PEframe, etc.
  • Completely new web interface (built with Angular 9). Live Demo.

Unmudl Technologies(Posify)

posify.in

Fullstack Web Development Intern

August 2019 - October 2019

Flask Angular 8 Ionic PostgresSQL Redis

Posify helps hundreds of restaurants run their business: from secure online payments to point-of-sale solutions.

  • Worked on a Point Of Sale (POS) system (used Angular 8, Nebular, ngx-admin)
  • Developed an e-commerce food delivery PWA in Ionic (Angular) with Firebase backend. Available @ Order.posify.in
  • Writing APIs in Flask, working on celery tasks, defining complex models using SQLAlchemy
  • Used PostgreSQL, Redis, Elasticsearch, etc.
  • Internship Letter: here

Open Bug Bounty

openbugbounty.org/researchers/maskofmydisguise

Independent Security Researcher

Open Bug Bounty is a non-profit Bug Bounty platform

With many valid bug submissions, I have also been included in the Hall of Fame of Visier.com for Responsible Disclosure of CORS vulnerability.

Infosec Community

DEF CON 91120

dc91120.org

Core Member at Organizing Team

April 2019 - Present

DEFCON 91120, NCR India, is a DCG by DEF CON. Our community is open and free for all who are interested in information and application security domain. This is a not-for-profit organization. You learn, earn and share with the community.

Being part of the core organizing team, my responsibilites include:

  • Helping and organizing the hacker’s meetup every 2 to 3 months.
  • Networking with other security researchers and speakers who are interested in presenting a CFP at the meetups.

Problem Setter, for Capture The Flag(CTF) competitions that are held at every meet up, for which I:

  • Presented a live write-up/demo session on my challenges at the 0x01 meet.
  • Wrote a CTF framework in Flask for the 2nd meet CTF.

Abs0lut3Pwn4g3 CTF Team

https://abs0lut3pwn4g3.github.io/

Founding Member & CTF Player

Abs0lut3Pwn4g3 is a group of developers and hackers, We participate in and conduct Capture The Flag Competitions.

  • Ranked under #10 in India and #100 all over the world on CTFtime.org
  • Organised 2 Capture The Flag(CTF) competitions, encryptCTF and RootersCTF 2019 in which 1000+ teams participated from all over the world.
  • Rank 2nd in Krack-JIIT CTF
  • Rank 18th in BITS CTF
  • Under Top #10 team(India) in cyBRICS 2019 CTF Quals.
  • Publishing CTF writeups

Projects

Flask-Shell2HTTP

https://github.com/Eshaan7/Flask-Shell2HTTP

Flask PyPi library

A minimalist Flask extension that serves as a REST API wrapper for python's subprocess API.

Map shell commands to flask’s endpoints and query asynchronously.

  • Convert any command-line tool into a REST API service.
  • Execute pre-defined shell commands asynchronously and securely from flask’s endpoints.
  • Designed for development, prototyping or remote control.
  • Published on PyPi.

RootTheBox - A CTF Framework in Flask

https://rtblivedemo.herokuapp.com/

Flask Flask-admin SQLAlchemy Heroku PostgreSQL

A fast, efficient and lightweight (~100 KB) Capture The Flag framework inspired by the HackTheBox platform.

  • Completely configurable CTF instance can be up and running on Heroku in 2 minutes with a single click.
  • Employed libraries such as: SQLAlchemy, WTForms, Flask-Login, Flask-admin for Admin views and easy realtime management
  • Challenges listing and machine listings with various tags/ Operating systems to choose from.
  • Features like User Authentication, Account Management, Forgot Password, Notifications, and Full Fledged Logging
  • Flag submission (currently 2 hashes: user and root)
  • Real time scoreboard tracking.

Food Delivery PWA

Ionic 4 Angular 8 Firebase

A Food Delivery App for Vendor, built in Ionic 4 & Angular 8.

  • A Food Delivery App for vendor.
  • Progressive Web App (PWA) deployed on Firebase.
  • Uses RazorPay API for payments.
  • Firebase for backend and storage.

Education

Guru Gobind Singh Indraprastha University

B.Tech in Information Technology

2018 - 2022 (Expected)

University School of Information, Communication and Technology, GGSIPU Main Campus.

  • General secretary of the cyber security club, Rooters.

Kulachi Hansraj Model School

Higher Secondary; Physics, Chemistry, Mathematics and CS.

2016 - 2018

  • Graduated High School with 94.6% in CBSE boards.
  • Received a trophy and a certificate for achieving the higest scores in Physics, my senior year of high school.
  • Completed my High School project in Computer Science on the, “Bank Management System”. Tech used: C++ and MySQL

Few things I am proud of

PentesterLab.com

See Credentials

Completed all 12 active badges and wrote a Blog Post on my key learnings!

Hall Of Fame from Visier.com

See Credentials

Submitted a vulnerability in Visier.com bug bounty program on openbugbounty.org

Hall Of Fame from OYO Rooms

See Credentials

Submitted a vulnerability in OYO Rooms Website and got HoF and monetary reward.

Google Cloud Platform(GCP) Essentials

See Credentials

Completed GCP Essentials badge on Google’s qwiklabs.

Python for Security Professionals

See Credentials

Python for Security Professionals course at Cybrary.it.

A Little More About Me

I love learning new things, and blogs are my way of doing so. I am an avid reader.

I am an absolute nerd and have worked on various technologies including Linux, Git, Heroku, Docker, Google Cloud Platform, Raspberry Pi and Arduino microcontroller.

Alongside my interests in cybersecurity and web development some of my other interests and hobbies are:

  • Food, lots of it.
  • TV Shows
  • Blockchain and Cryptocurrencies