Author Image

Hi, I am Pratik

Pratik Lagaskar

Security Researcher at CredShields

I am a pseudo‑introvert who is passionate about esoteric technologies and is a life‑long learner. I like to spend majority of my time learning new things related to Development, Web3Security, DevSecOps, Eth-Protocol Research, Vulnerability Research and Secure Code Reviews. Sometimes I make things, sometimes I break things.

Certified DevSecOps Professional
eCCPTv2-Certified Professional Penteration Tester
Certified Kubernetes Security Specialist
Vulnerability Research
Secure Code Reviews
Zero-Day Engineering

Skills

Experiences

1
SecurityBoat Pvt. Ltd.

Jun 2023 - Jun 2024

Pune, India (Remote)

SecurityBoat Pvt. Ltd. specializes in security consulting and solutions for various sectors including web and network security.

Security Consultant (Intern)

Jun 2023 - Jun 2024

Responsibilities:
  • Assisted in CERT-IN Empanelment OFFPST & OLPST.
  • Performed Manual Secure Code Reviews and created SCA, SAST, DAST Pipelines.
  • Developed custom Semgrep rules, CodeQL Databases, Queries, CxQL Audit rules, and Sonar Rules for Secure Code Review.
  • Created automation tools such as CTFLabReset and CloudSweep.
  • Assisted in Vulnerability Assessment (VA) and Penetration Testing (PT) for Web and Network.
  • Conducted Compliance Benchmark analysis on Linux and Windows machines.
  • Researched Automated Penetration Testing (PT) using LLMs.
  • Trained developers on Git, GitOps, and SSDLC.
  • Setup tools including HR Management Platform, Jira, and Confluence.
  • Acted as Point-of-Contact for development issues.
  • Created blogs, docs, and handbooks related to Secure Code Review and security audits.
  • Led an Open-Source Android Development Project as part of a community initiative.
  • Assisted in various support tasks including web scraping.

Cleared Europe Services

Jun 2023 - Apr 2024

Antwerp, Belgium (Remote)

Cleared Europe Services provides comprehensive security solutions, focusing on SIEM, threat detection, and Purple Teaming.

SIEM Engineer / Purple Team (Intern)

Jun 2023 - Apr 2024

Responsibilities:
  • Worked with various SOC tools including SIEM (Splunk), Velociraptor, Fleet, Guacamole, Sysmon, osquery, Sysinternals, Microsoft ATA, Atomic Red Team, Zeek, Suricata, and Caldera.
  • Created dashboards, threat hunting views, logging, and event correlation using Splunk SPL.
  • Conducted TTP simulations and Purple Teaming exercises.
  • Used MITRE ATT&CK, CAR, and DEFEND frameworks for threat detection.
  • Implemented NIST SF 800-53 standards for cybersecurity compliance.
  • Configured and maintained Snort IDS rules.
  • Deployed Canary Tokens for threat visibility.
  • Utilized KQL, Sigma, and YARA rules for advanced log analysis.
  • Simulated APT behaviors and mapped TTPs.
  • Conducted Verified Security Tests (VST) of Prelude.
  • Created a comprehensive Industrial-level Threat Landscape for the Healthcare & Pharma sector.
2

3
TheCyberHub

Jun 2023 - Jul 2023

Discord (Remote)

TheCyberHub provides a platform for pentesting and exploit development, supporting a community of cybersecurity professionals.

Pentester / Freelance

Jun 2023 - Jul 2023

Responsibilities:
  • Contributed to exploit development using Metasploit, Burp Suite, and custom scripts.
  • Performed external penetration tests on live clients.
  • Setup Snyk, Codacy, and Dependabot for projects.
  • Generated detailed vulnerability reports and remediation strategies.
  • Participated in Open-Source development and maintained the official website.

Null Community

May 2023 - Aug 2023

Pune, India (Remote)

Null Community is a platform focusing on cybersecurity, including web development and event management.

Web Developer Intern

May 2023 - Aug 2023

Responsibilities:
  • Contributed to the design and development of a gamified point-based event platform.
  • Utilized MERN stack for implementation and delegated tasks to other developers.
  • Maintained and Dockerized the Swachalit API using Grape.
  • Created UML, Low, and High-Level SRS for the event platform.
4

5
MI7 & XCOODE

Jan 2023 - May 2023

Pune, India (Remote)

MI7 & XCOODE specializes in OSINT and threat analysis, focusing on security assessments and intelligence gathering.

OSINT & Threat Analyst

Jan 2023 - May 2023

Responsibilities:
  • Identified critical security flaws in Web and Android applications.
  • Led OSINT investigations and HUMINT operations targeting high-value targets.
  • Conducted Threat Intelligence gathering and Breach Analysis.
  • Orchestrated Red/Purple Teaming activities.
  • Executed daily fact-checking tasks and managed community communications.
  • Planned meetups and events for the community.

TWC- The White Circle

Dec 2022 - Mar 2024

Discord (Remote)

TWC Discord focuses on CTF competitions, providing a platform for participants to engage in various cybersecurity challenges.

CTF Player

Dec 2022 - Mar 2024

Responsibilities:
  • Participated in Reverse Engineering, OSINT, Jeopardy-style, Hardware, and GeoGuessing CTFs.
  • Solved cryptographic challenges and created PoCs and walkthroughs.
  • Applied geospatial analysis skills and decompiled binary files for CTF challenges.
6

Education

B.Tech in Electronics And Telecommunications Engineering
CGPA: 8.82 out of 10
Honors in Cloud Computing
CGPA: 9 out of 10
Intermediate Public Examination (12th Grade)
Percentage: 83 out of 100

Projects

Kubernetes
Kubernetes
Contributor March 2018 - Present

Production-Grade Container Scheduling and Management.

Tensorflow
Tensorflow
Developer Jun 2018 - Present

An Open Source Machine Learning Framework for Everyone.

A sample academic paper
Team Lead Jan 2017 - Nov 2017

Lorem ipsum dolor sit amet consectetur adipisicing elit. Sapiente eius reprehenderit animi suscipit autem eligendi esse amet aliquid error eum. Accusantium distinctio soluta aliquid quas placeat modi suscipit eligendi nisi.

Nocode
Nocode
Nothing Oct 2019 - Dec 2019

The best way to write secure and reliable applications. Write nothing; deploy nowhere.

Publications

Voluptate in id id voluptate laboris. Minim mollit aliquip sit aliqua ut exercitation voluptate eiusmod consequat pariatur sunt enim veniam. Velit esse tempor laboris anim tempor officia. Magna non labore duis do esse sit do ipsum culpa. Officia consequat id non duis culpa dolor. Excepteur magna non nostrud cupidatat aute aliqua aliquip.

Featured Posts

Recent Posts

Accomplishments

Smart India Hackathon Winner

SIH brings the next generation evolution by inclusion of new methodology to inculcate the culture of startup and innovation ecosystem.

Google Summer of Code

This course provides a broad introduction to machine learning, datamining, and statistical pattern recognition. Topics include: (i) Supervised learning (parametric/non-parametric algorithms, support vector machines, kernels, neural networks). (ii) Unsupervised learning (clustering, dimensionality reduction, recommender systems, deep learning). (iii) Best practices in machine learning (bias/variance theory; innovation process in machine learning and AI).

Achievements

GSoC Contributor-2022.

Project Contributor

SIH Winner

Core Member