AARAV SHAH

Actively contributing to defensive security initiatives within Mphasis's CRO SOC team, gaining direct mentorship from a former CERT-In scientist and cyber defense head. My primary focus involves developing an automated forensic tool to streamline system compromise assessment based on advanced artifact analysis.• Deveveloping a forensic tool to automate compromise assessment for Windows/Linux systems, analyzing 220+ key artifacts to determine system integrity. • Supported Integrating industry-standard tools like KAPE, Eric Zimmerman's tools, and Sigcheck, alongside Zircolite with Sigma rules, for comprehensive event log and file-based threat hunting. • This ongoing project aims to streamline forensic investigations, significantly enhancing the ability to rapidly identify and confirm system compromises through robust artifact analysis.

• Developing an automated forensic tool to determine system compromise by analyzing 220+ key Windows/Linux artifacts.
• Integrating industry-standard tools like KAPE, Eric Zimmerman's tools, and Sigcheck, alongside Zircolite and Hayabusa with Sigma rules, for comprehensive event log and file-based threat hunting.
• Learning advanced defensive security strategies and practices through direct collaboration with the CRO SOC team and mentorship from a former CERT-In scientist and cyber defense head.
• This ongoing project aims to significantly enhance the speed and accuracy of forensic investigations, directly impacting incident response capabilities.

Contributed to enhancing threat detection and intelligence capabilities within an Operational Technology (OT) team, focusing on data analysis and cross-functional collaboration.

• Contributed to an Operational Technology (OT) team, enhancing threat detection and intelligence capabilities through targeted research and analysis.
• Conducted in-depth research to update over 1,000 CISA Threat Alerts, significantly improving the accuracy and effectiveness of the Threat Intelligence Engine.
• Enhanced the Data Breach Database by identifying and integrating over 20GB of DarkWeb breach data, leveraging advanced data analysis for real-time threat intelligence updates.
• Collaborated effectively with cross-functional teams in a dynamic environment, contributing to core threat intelligence initiatives and gaining exposure to innovative cybersecurity solutions.

Supported cybersecurity intelligence efforts through DarkWeb data analysis and internal team collaboration, undergoing training as a Cybercriminal Intervention Officer.

• Executed comprehensive research to collect and analyze DarkWeb data sources, directly contributing to enhanced cybersecurity intelligence and proactive threat mitigation.
• Provided critical support to internal teams by streamlining information gathering and ensuring efficient data collection processes for intelligence operations.
• Completed rigorous training to qualify as a Cybercriminal Intervention Officer (CCIO), developing expertise in combating cybercrime.

Developed Vigilance Endpoint Protector (VEP), a proof-of-concept unified EDR/DLP agent. This agent collects high-fidelity endpoint telemetry from Windows systems via Sysmon, processes it into structured JSON logs, and seamlessly forwards it to Wazuh for centralized aggregation. VEP's foundation aims to provide scalable threat detection and data loss prevention capabilities, specifically enhancing security for resource-constrained small to medium-sized businesses.

Led the software team for a NASA CANSAT competition, developing avionics and flight software, achieving top marks in software during the Preliminary Design Review (PDR), and designing active fin control systems.

Conducted research and developed an ML-based system for real-time object detection using drone footage, including training deep learning models and integrating computer vision techniques.

Published research on developing an ML-based system for real-time object detection using drone footage, optimizing models for challenging conditions, and integrating computer vision techniques.