r/cybersecurityindia

Looking for any referrals for VAPT role (Open to any state)

CompTIA security+ certified , B.Tech in AI and ML . I am actively looking for VAPT roles . 6 months of relevant experience and proficient in Web and AI security. Currently based in Noida.

reddit.com
u/Xx_MDN_xX — 13 hours ago
▲ 5 r/cybersecurityindia+1 crossposts

Gsoc for cybersecurity student

Hi everyone,

I am a 2nd-year B.Tech Cybersecurity student currently learning penetration testing and working with Python. I am very interested in diving into open-source contributions later on and recently came across Gsoc

As a cybersecurity-focused student, is it worth preparing for GSoC? If so, I would love some guidance on the following:

Organizations: Which security-focused open-source organizations should I look into or start with

Languages & Tech: What programming languages, frameworks, or tools should I focus on mastering to be competitive?

General Advice: What actionable steps should I follow to successfully prepare and contribute?

Thank you in advance for your help

reddit.com
u/LonelyProperty7164 — 9 hours ago

Weekly Mentorship - Post All Career, Resume, Education and Job questions here!

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.

Note - This post template has been copied from cybersecurity subreddit.

reddit.com
u/AutoModerator — 23 hours ago

Where do you buy comptia exam vouchers for reasonable price ?

Official site shows pretty high prices for security+ , due to current exchange rates between USD and INR probably, even going into around 37k when talking about course bundles from udemy , although udemy is one is better deal. I am thinking about getting security+ for HR filtering.

if there is no option i'm thinking about convincing parents to buy udemy course with voucher which has a retake, and delay buying a new laptop, since current one is about 5.5 years old. they wanted to buy a new laptop since i have been using this one since mid 11th and i just finished my 8th semester end sem exams.

reddit.com
u/Pkai876 — 1 day ago

AI Data Engineering starting a new role in Cybersecurity - Should focus on job or look for Plan B(usiness) : AI fear

I keep seeing this debate everywhere and honestly can't tell what's true anymore. Every other day there's a headline about AI causing layoffs, but when you actually read the story, half the time it sounds like normal cost-cutting or restructuring, and companies are just using "AI" as a convenient reason to say it out loud. But then some layoffs do seem real, like certain roles are actually shrinking because AI tools now handle most of what a junior person used to do.

I have 5 years of experience[India], mostly in data engineering, and I'm about to start a new job that's a mix of cybersecurity and AI data engineering. On paper it feels like a safer space since security work isn't going anywhere and AI is actually making that field grow rather than shrink. But I have a lot of financial responsibilities and people depending on me, so I can't just assume I'm safe and relax.

This is where I'm stuck. Should I go all in on this job and get really good at it, or should I use some of my time and energy to build something on the side, like a business, just in case things change later. I genuinely don't have the bandwidth to do both properly right now, so I have to pick one as my main focus for the next couple of years.

If anyone has been in a similar spot, new job, real financial pressure, watching all this AI job talk and wondering if your role is actually safe or not, how did you decide where to put your energy? You focus fully on the job or build something on the side as backup?

I come from true data engineering and AI background - Do you recommend coming to cybersecurity domain? Any tips

reddit.com
u/Many-Revolution965 — 1 day ago

7-year gap, 50% in 12th.rate my 8-month plan to an overseas CyberSec/Cloud job?

Hey guys,

​I’m 25, restarting after a 7-year gap from high school (had 50% in 12th). My absolute end goal is to get a Cloud Security/Architecture job and move overseas (EU, Middle East etc).

​To clear visa/HR filters, I just enrolled in the Online bca from Manipal (MUJ). I'm treating the degree as a background checklist item while I grind skills.

​Rate my 8-month roadmap. Be as brutal as you want:

​Done: Google IT Support Professional Cert (built my networking/OS basics).

​Current: Google Cybersecurity Cert (learning Python, SQL, SIEM).

​Next (Months 3-5): Moving to Microsoft/IBM security fundamentals, then jumping straight into AWS Solutions Architect Associate to learn enterprise cloud infrastructure.

​Final Step (Months 6-8): Clear CompTIA Security+ to actually bypass HR filters.

​Plan is to finish this stack, get a junior/associate role in India for experience, and apply abroad the second my BCA finishes.

​My main questions for veterans here:

​Will Indian companies flat-out reject me in automated background checks due to my 7-year gap and 50% score, or will AWS + Security+ save me at mid-sized firms? how hard would be my 1st year?

​For anyone who moved abroad from India in CyberSec, which countries offers highest pay?

reddit.com
u/ThePhenomenal786 — 1 day ago

3rd Year Cybersecurity Student with 1 Year Left – Need Honest Career Advice

Hi everyone,

I just finished my 3rd year of B.E. CSE (Cyber Security) and have around 1 year left before graduation. I'm looking for honest advice on what I should focus on to maximize my chances of landing a cybersecurity role in India.

So far, I've completed internships in NLP/ML and AI & Data Analytics, and I've built a couple of cybersecurity-focused projects related to network intrusion detection and ML-based cyber threat prediction. Alongside that, I've been learning and using tools like Kali Linux, Wireshark, tcpdump, Nmap, Metasploit, Splunk, and Python for automation. I've also completed the Google Cybersecurity Certificate and I'm currently doing TryHackMe SOC Level 1. My resume is attached for reference.

My goal is to get into Blue Team / SOC / Security Engineering (not SDE). With one year left, what should I prioritize? Should I spend more time on HTB/THM, cloud security (AWS/Azure), SIEM, detection engineering, malware analysis, certifications like Security+ or BTL1, open-source contributions, or something else?

Also, based on my resume, what are the biggest weaknesses or gaps that could prevent me from getting shortlisted? I'm looking for direct, honest feedback, even if it's critical. Thanks!

u/Sufficient-Put9316 — 1 day ago
▲ 3 r/cybersecurityindia+1 crossposts

I want my first internship in Cybersecurity junior penetration

I'm final year student interested in cybersecurity red team. I daily solve CTF labs and I'm focusing on to get my first internship so please guide me how to find internship in mumbai

reddit.com
u/Ok_Blueberry8533 — 1 day ago

Looking to mentor freshers, no strings attached

I'm thinking of working towards being a corporate cybersecurity trainer, I've mentored students from the UK and India in the past (those were paid sessions, this one is free and I'm not going to even discuss any bullshit fee based training thing)

I'm now interested in starting a firm and mentoring/training more people to build up credibility.

If any student/freshers are looking for free, no upsell, training/mentorship in cybersecurity, feel free to comment below.

UPDATE: Updated to include dc invite: JFfWmtXSYE

reddit.com
u/lastidgotbanned — 3 days ago
▲ 24 r/cybersecurityindia+2 crossposts

My write up for a Memory Forensics/DFIR chall for Macos

https://mooofin.github.io/portfolio/blog/s4nct1m0ny.html

tuts for ISF from kernel DWARF. for vol as well . loginwindow plaintext credential extraction, Chainbreaker 3DES keychain decryption, and full RE of a Swift dropper using machine Hardware UUID as decryption key , ive tried to make it very less jargon and reader friendly

u/mewwwfinnn — 1 day ago

How difficult is switching to this domain

I'm an iOS developer with over 2.5 YOE. I've had interest in cybersecurity since my Uni days, even did my specialisation in cyber during my 6th sem, got placed in an mnc for cloud security role but didn't get the joining letter for like 1.5years. I was in need of a job obviously so I grabbed whatever opportunity I got and became an iOS dev.
I work in a lala company currently and I really need to get out of here before I can't anymore, but the market is really bad right now in general. iOS dev domain already had low demand from before but now it has become even worse.

So what are the chances of me successfully switching to cyber now? What is needed from me (like what I need to learn etc. as I've forgotten everything I learned about cyber in my Uni days) and are there any companies that would hire freshers like me?

reddit.com
u/ShadowLorddd — 1 day ago

i have 2 months summer break tell me what skills i can work on as a red team aspirant

my clg 1st year just got over and ik basics like networking and basic pentesting i was preparing for the ejpt bur unfortunately due to some things going in my life it got expired and i forget to extend the date so now i am hopeless too i still have the course videos i can lean that and i will learn from that in this gap but im broke now dont have money to buy it back :(

Suggest some skills guys i am really interested in bug bounty but idk where to start i dont have any structured path from where i can learn

reddit.com
u/Starguy_op — 2 days ago

Practice platform?

I know LeetCode is the go-to platform for coding practice, but what's the cybersecurity equivalent?

I'm looking for something where I can consistently practice and improve my skills through hands-on challenges—not just learn theory. Ideally, I'd like a platform that helps build real-world problem-solving skills, similar to how LeetCode does for programming.

What platforms do you recommend, and why?

reddit.com
u/Ill-illusion1625 — 2 days ago
▲ 2 r/cybersecurityindia+1 crossposts

Do these Process Monitor events look normal for a PDF file?

I'm investigating a PDF that was flagged as a Trojan by a single antivirus engine on VirusTotal about 10 days ago. The detection has since disappeared, and the file currently has 0 detections.

To better understand the file's behavior, I captured its activity with Process Monitor while performing the following actions:

  • Open the PDF in Microsoft Edge
  • Close it
  • Rename it
  • Rename it back to its original name
  • Delete it

The attached link contains a Process Monitor screenshot showing only the events related to this PDF.

My question is:

Do these Procmon events look like normal Windows behavior for a regular PDF, or is there anything that stands out as suspicious?

I'm particularly interested in the meaning of events such as:

  • FAST IO DISALLOWED
  • BUFFER OVERFLOW
  • NAME NOT FOUND
  • INVALID PARAMETER
  • FILE LOCKED WITH ONLY READERS

I'm not looking for conclusions based solely on VirusTotal. I'm mainly interested in a technical interpretation of the Process Monitor events from people experienced with Windows internals and Procmon.

u/HappyConstruction387 — 2 days ago
▲ 115 r/cybersecurityindia+3 crossposts

I turned my Flipper Zero into a tiny Walkman-style MP3 controller

A few days ago I had this random idea: what if I used the Flipper Zero as the UI/brain for a tiny offline music player, and let an external MP3 module handle the actual decoding/audio output?

I ended up building it.

The project is called Flipper Walkman:
https://github.com/rynosec/flipper-walkman

What it is: -
a native Flipper Zero external app (.fap)
- retro cassette / Walkman-style UI
- controls a cheap UART MP3 module over GPIO/UART
- MP3 files live on the module s microSD card
- audio comes out from the external module, not the Flipper itself

Current controls:
- OK = play/pause
- Left/Right = previous/next track
- Up/Down = volume up/down
- Long OK = About/Help
- Long Back = exit

Hardware I used:
- Flipper Zero
- UART MP3 module (GD3300D / HW-311 / YX5300-style board)
- microSD card
- headphones/speaker connected to the MP3 module

A couple of notes:
- this is not native MP3 playback on Flipper
- the Flipper is basically acting as the controller + UI
- the MP3 module handles file storage, MP3 decoding, and audio output
- song names are not displayed yet because these cheap UART MP3 modules usually don t expose filenames or ID3 metadata nicely over UART

I wrote a full build write-up here too: https://ryno.sh/posts/building-a-walkman-style-mp3-player-on-flipper-zero/

This started as a fun nostalgia project more than anything serious.

Would love feedback from the community:
- Has anyone else built something similar?
- Any better MP3/audio modules I should try?
- Any ideas for improving track naming / metadata UX?
- Would people want playlist mapping from Flipper SD card in a future version?

I am also working on doing a proper plug and play solution with custom 3D printed case, let me know what you feel about this project.

u/rynosec — 4 days ago

Fake Experience in IT Audit & Cyber Assurance - Bengaluru

I was discussing with a friend today and I was told that a group of folks from HCL Tech have joined KMPG IT Audit and Cyber Assurance practice.

They worked for HCL Tech but not any relevant experience. They were trained by few folks who joined KPMG in the past 5+ years.

Its a group of friends and family in the practice, just casually corrupting the talent pool internally and externally.

reddit.com
u/auditduck — 3 days ago

I participated in the Microsoft AI Skills program. And got 4 voucher

I think the vouchers were distributed randomly, but I received four vouchers. I've already used two, and I still have two left.

If i pass all 4 exam in 2 month that is suspicious in my resume. So what i do now

u/helping_people01 — 4 days ago

made a simple maldev project

remote thread DLL injection, payload obfuscation (RC4 + UUID encoding), and resource‑section embedding. The final loader carries an encrypted payload inside its own .rsrc section, decrypts it at runtime, and injects it into a target process

Ik it's pretty basic😅, so I'll make the following changes to it

  • Avoid writing the DLL to the disk, and directly load it into memory using Reflective Loader or Prepended Loader, and change classic injection with Process Hollowing, or Early Bird
  • Change RC4 to AES
  • Integrate C2 so the enumeration result will be transmitted to the team server using beacon, and not written to a file on system

PROJECT LINK - github link

But I'm going to first practice some Reverse-Engineering on it lol.

would appreciate suggestions and stuff : )

u/adocrox — 3 days ago

Does freshers have job in cybersecurity????

Hey, I'm currently in my 4th year and like most of the people I just fkd around in my last 3 year of college and now I don't have any coding skill neither any technical skill but, I had a keen interest in cybersecurity so I just started learning some stuff but now I'm scared that are any freshers job is available or not in the cybersecurity field.....

reddit.com
u/budbak_lounda — 4 days ago

Name & Fame: Cybersecurity Companies That Truly Value Their Employees

Lets highlight the cybersecurity organizations that are getting it right.

Here are some companies where i worked.

Accenture: 3/5

Visa: great wlb , great tech 4/5

Walmart: beautiful perks and great people. Only need to come 2 days in office. 5/5

Sixt: wfh, modern engineering stacks, great increment 4/5

List yours as well

reddit.com
u/missyousachin — 5 days ago