Rikunj Sindhwad

Offensive Security Expert

Senior Cyber Security Consultant

Red & Purple Team Specialist

Penetration Testing Active Directory Exploit Development Security Architecture OSINT Mentoring
Contact Me View Projects
R
B
P

Profile

Profile Image

About Me

I’m a cybersecurity professional with over years of experience in Red Team, Purple Team, and advanced penetration testing across BFSI, e-commerce, and enterprise environments. My work blends technical precision with strategic thinking — from simulating real world attacks using MITRE ATT&CK tactics to advising leadership on risk mitigation and secure architecture design.

I’ve led complex offensive security engagements, consistently breaching high-value targets, bypassing advanced defenses, and uncovering critical vulnerabilities in web, API, and thick-client applications. Beyond the tests themselves, I focus on building automation, hardening systems, and ensuring findings translate into meaningful security improvements.

Outside of client work, I contribute to the community through free courses, research publications, and the occasional open-source tool release. My mission is simple: to make security smarter, sharper, and more resilient — one engagement at a time.

Education

Bachelor of Computer Application (BCA) - TMV University / L.F Polytechnic
CGPA 7.48

Certifications

  • Certified Red Team Operator (CRTO) - ZeroPoint Security
  • Offensive Security Experienced Penetration Tester (OSEP) - ID: OS-OSEP-22788
  • Offensive Security Web Expert (OSWE) - ID: OS-AWAE-22410
  • Offensive Security Certified Professional (OSCP) - ID: OS-101-51356
  • Certified Ethical Hacker (CEH) - EC-Council

Experience

Senior Cyber Security Consultant

Ernst & Young LLP, India | Dec 2022 - Present

Lead enterprise-grade Red Team engagements simulating advanced, persistent threats targeting critical infrastructure and high-value assets.

  • Conduct targeted Purple Team assessments to evaluate and enhance the detection and response capabilities of security products, operating systems, and enterprise solutions.
  • Perform internal Red Team assessments with a focused, goal-driven approach to identify exploitable weaknesses and validate security controls.
  • Collaborate with SOC and Blue Team stakeholders to improve incident detection, investigation, and remediation processes based on real-world attack simulations.
  • Deliver actionable intelligence and executive-level reports that translate technical findings into strategic security improvements.

Cyber Security Consultant

Aujas Cybersecurity Pvt. Ltd., India | Sep 2021 - Dec 2022

Performed extensive VAPT across network infrastructure, web applications, and APIs for a major client in the BFSI sector, identifying and exploiting high/critical vulnerabilities.

  • Conducted detailed security assessments of production environments, ensuring minimal operational disruption while uncovering severe security gaps.
  • Delivered multiple Red Team engagements simulating real-world adversaries to assess overall security posture and validate defense mechanisms.
  • Produced in-depth technical reports and remediation guidance to strengthen security controls and reduce attack surface.

Cyber Security Consultant

Freelance Cyber Security Consultant | Feb 2020 - Aug 2021

Delivered security services to multiple clients in BFSI and healthcare sectors, focusing on both preventive and offensive measures.

  • Performed OS hardening and security configuration in line with NIST and industry best practices to strengthen system resilience.
  • Developed automation scripts and tooling to streamline repetitive security tasks and improve assessment efficiency.
  • Built and deployed pre-hardened Windows OS images for hospital surgery systems and enterprise environments.
  • Conducted VAPT for web applications, network infrastructure, and thick-client applications, identifying and remediating critical vulnerabilities.

Cyber Security Analyst & Trainer

Macksofy Technologies Pvt. Ltd., India | Sep 2018 - Jan 2020

Delivered training programs for students on CEH, ECSA, and OSCP, covering core penetration testing methodologies, tools, and real-world exploitation techniques.

  • Performed vulnerability assessments using Nessus to identify and report security weaknesses in client systems.
  • Assisted in remediation planning and provided guidance on strengthening security posture based on VA findings.
  • Combined hands-on teaching with practical assessment work to bridge the gap between theoretical knowledge and operational security skills.

Notable Projects

Task-Ninja

Custom automation framework to accelerate common red-team tasks. Developed to streamline security assessment workflows, automate repetitive actions, and enhance team efficiency during engagements.

Red Team Automation Tooling
View on GitHub

MSSQL-Attacker

Advanced offensive utility targeting MSSQL attack paths. Features privilege escalation techniques, lateral movement capabilities, and data exfiltration methods specifically designed for Microsoft SQL Server environments.

Database Security Red Team MSSQL
View on GitHub

ProxyJacker

Specialized proxy DLL generator for exploiting DLL hijacking vulnerabilities. Creates proxy DLLs that forward function calls while executing custom payloads, enabling sophisticated persistence and privilege escalation attacks.

DLL Hijacking Binary Exploitation Windows Security
View on GitHub

Free Community Courses

YouTube + GitBook content for the security community. Educational resources designed to share cybersecurity knowledge and best practices.

Education YouTube Documentation
Visit GitBook YouTube Channel

Technical Skills

Core Competencies

Methodologies & Frameworks

  • MITRE ATT&CK & D3FEND
  • OWASP Top 10 (Web, API, Mobile)
  • CVE / CWE / CVSS
  • NIST Cybersecurity Framework (CSF)
  • CIS Benchmarks & NIST Hardening
  • Purple Team Exercise Framework (PTX)

Web & API (Tools)

  • Metasploit
  • Burp Suite Pro
  • Fiddler
  • Acunetix
  • SQLmap

Red Team (Core Competencies)

  • Initial Access & Phishing Simulation
  • Command & Control Operations & OPSEC
  • Privilege Escalation (Local & Domain)
  • Lateral Movement & Active Directory Exploitation
  • Defense Evasion & EDR Bypass
  • Credential Access & Token Manipulation
  • Persistence & Post-Exploitation
  • Purple Team Collaboration for Detection Gaps

Thick Client / Reversing (Tools)

  • Process Monitor
  • Immunity Debugger
  • IDA Pro
  • dnSpy
  • PEiD

Industry Experience

Publications & Media

YouTube Channel

@Robensive

Weekly cybersecurity tutorials, threat analysis, and industry insights

Publications

Get In Touch

Contact Information

  • sindhwadrikunj@gmail.com
  • +91 8850585972
  • India

Professional Inquiries

Available for

Security Consulting, Red Team Engagements, Security Architecture Design

Response Time

Typically within 24-48 hours for professional inquiries

Connect With Me

LinkedIn Profile Schedule a Call

Offensive security specialists who simulate real-world attacks

Defensive security specialists who detect and respond to threats

Integration of red and blue team capabilities for enhanced security