AGAtharva GhamBackend · Platform · Security
Theme
Menu

Workbench

Research, reverse engineering, and the practice behind the shipped work.

This section shows how I keep sharpening the fundamentals behind the portfolio work: binaries, operating-system behavior, exploit mechanics, cloud security, and the debugging habits that feed back into real systems.

Applied OffenseApplied track

Offensive Workflow in Labs and Challenge Environments

Hands-on offensive practice built around enumeration discipline, exploit-path development, privilege escalation, and reporting quality.

Where it showed up

  • PEN-200 / PWK applied modules and challenge labs
  • ENPM634 penetration testing labs and VM-based exercises
  • Reconnaissance and exploitation practice across Linux and Windows targets

What I worked through

  • Enumerated hosts and services with targeted scanning and OSINT-style workflows
  • Worked through web, client-side, and perimeter attack paths
  • Practiced privilege escalation, lateral movement, and communicating findings in report form
Kali LinuxNmapMetasploitPythonReporting
OperationsApplied track

Linux Systems, Administration, and Hardening

Operational Linux experience covering host setup, shell-based administration, service troubleshooting, and hardening.

Where it showed up

  • ENPM818P Linux administration labs
  • Virtual machine setup and management for security coursework
  • Shell-based workflows used throughout systems and security exercises

What I worked through

  • Worked through file systems, boot behavior, process management, and command-line administration
  • Used shell scripting and CLI tooling to automate repetitive tasks
  • Applied secure administration habits while configuring and troubleshooting Linux environments
LinuxBashVMwareSystem ServicesCLI Tooling
CloudApplied track

Cloud Security and IAM in Practice

Applied cloud security work across IAM, workload configuration, incident-response scenarios, and platform-specific failure modes.

Where it showed up

  • ENPM665 cloud security coursework
  • Hands-on exercises across AWS, Azure, and GCP free-tier environments
  • Identity, data protection, incident response, and cloud forensics scenarios

What I worked through

  • Worked through secure workload migration and cloud-specific threat considerations
  • Applied IAM and data protection concepts to cloud-native contexts
  • Studied incident response and forensics patterns specific to IaaS, PaaS, and SaaS
AWSAzureGCPIAMCloud Forensics
Binary SecurityApplied track

Exploit Development and Vulnerability Analysis

Binary exploitation work focused on memory-corruption mechanics, mitigation behavior, and debug-driven reasoning about vulnerable code paths.

Where it showed up

  • Stack overflow walkthroughs and exploit exercises
  • Detailed study of format strings, ASLR behavior, integer flaws, and NULL-related exploitation
  • Binary-debugging oriented labs and research

What I worked through

  • Practiced stack-based exploitation workflow from crash to offset control and payload shaping
  • Studied how ASLR changes exploit assumptions and how attackers adapt
  • Built intuition for memory disclosure, arbitrary writes, integer security, and exploit reliability
GDBPythonImmunity Debugger ConceptsASLR AnalysisFormat Strings
DefenseApplied track

Detection, Automation, and Security Communication

Defensive practice around packet analysis, rule development, automation, and reporting that engineers can act on.

Where it showed up

  • Snort rule-writing references and packet-analysis exercises
  • Python-based scripting and security automation work
  • Pen-test reporting and technical writing practice

What I worked through

  • Worked with detection logic that targets vulnerability behavior instead of one-off exploit signatures
  • Used Python as a practical tool for automation and repeatable analysis
  • Practiced writing findings so they are useful to engineers and decision-makers, not just technically correct
SnortPythonPacket AnalysisTechnical WritingReporting

Distilled Study

What the study actually changed in how I think.

Program Representation and Reverse Engineering

Applied theme

I worked through how C code becomes assembly, object code, and executables, then used disassembly to reason about real program behavior instead of treating binaries like black boxes.

  • Used disassembly workflows such as objdump to connect source-level intent to generated IA-32 instructions.
  • Built fluency around stack frames, calling conventions, return paths, linking, and how compiler output shapes runtime behavior.
  • Used that grounding to make later exploit analysis and debugging work much more concrete.

Memory Corruption, Shellcode, and Exploit Construction

Applied theme

The low-level material went beyond labels and covered the mechanics of stack layout, payload shaping, NOP sled strategy, return-address control, and shellcode placement.

  • Worked through buffer-overflow flow from crash state to offset control and redirection to useful execution targets such as jmp-ESP style pivots.
  • Studied shellcode construction strategy, return-address setup, and how exploit reliability changes once stack layout details matter.
  • Used these exercises to sharpen how I reason about unsafe memory behavior and defensive coding boundaries.

Format Strings and Runtime Hooking

Applied theme

I studied exploit paths that rely on disclosure and dynamic runtime manipulation rather than only classic buffer overwrites.

  • Worked through format-string behavior for stack disclosure, process instability, and attacker-controlled use of printf-family functions.
  • Studied LD_PRELOAD-based wrapper techniques to observe arguments, modify behavior, and understand runtime control-flow interception.
  • That combination improved my intuition for both offensive technique and practical detection or mitigation strategy.

Secure Communications and Trust Boundaries

Applied theme

The networking and crypto material reinforced how secure channels are actually constructed and where trust can fail across real systems.

  • Reviewed SSL/TLS, VPN, and Secure Shell as concrete communication patterns rather than abstract security buzzwords.
  • Connected encryption, channel protection, and authentication decisions back to real operational tradeoffs.
  • Used that perspective in later work involving certificates, transport hardening, and secure service-to-service communication.

Operating System and Kernel Security

Applied theme

The systems material covered memory management, processes and threads, kernel security, secure hardware, and OS trust boundaries as the layer that ultimately decides what higher-level software can safely do.

  • Built stronger mental models for allocator behavior, process isolation, concurrency, and how OS architecture shapes attack surface.
  • Studied Linux security controls such as LSM and SELinux, along with the broader role of the kernel as a system-wide trust anchor.
  • That work improved both low-level debugging depth and the quality of my defensive system design decisions.

How It Shows Up

How this work changes the way I build, debug, and secure systems.

Built from graduate-level study across secure systems, cloud security, communications, operating-system behavior, and offensive technique.

Strengthened through PEN-200 / PWK modules, applied exercises, challenge labs, and repeated report-writing practice.

Extended with hands-on work in disassembly, shellcode, format strings, LD_PRELOAD-style hooking, memory management, and kernel trust boundaries.