Top 0.01% Cybersecurity Professional

Prasanth Kumar Malleboina

Purple Teamer | Blue & Red Team Hybrid | (ISC)² CC | Cloud Incident Response | Cybersecurity and Tech Blogger

Cloud Security | Offensive Security

Currently, I am delving into purple team strategies through the creation of cloud IR labs in AWS, simulating real-world attacks, and sharing my journey with a growing audience on Instagram. Always curious and learning — whether it's building custom AWS attack/defense scenarios, participating in CTF competitions, or developing security automation tools — I thrive at the intersection of technology, security, and education.

View ProjectsGet In Touch

About Me

Cybersecurity professional with around 3 years of combined experience across IT support, SOC operations, penetration testing, and AWS security labs. Currently building out purple team skills through hands-on cloud IR labs while documenting the process for followers on Instagram. Background includes finding and reporting OWASP vulnerabilities during client assessments, triaging SIEM alerts in a SOC environment, and building detection content mapped to MITRE ATT&CK. Comfortable with Burp Suite, Nessus, AWS services (GuardDuty, CloudTrail, IAM), and scripting in Python and Bash.

~3 Years
Cybersecurity Experience
8
Client Pentests
50-60
Daily SIEM Alerts Reviewed
95%
Vulnerability Closure Rate

Core Competencies

Cloud Security & Cloud Penetration Testing

AWS SecurityAdvanced

GuardDuty, CloudTrail, IAM, S3, EC2, Lambda, VPC, CloudWatch - Cloud IR labs, attack simulations, detection engineering

Microsoft AzureProficient

Log Analytics, Azure security services

Infrastructure as Code (IaC)Proficient

Terraform, CloudFormation security review and implementation

Cloud Incident ResponseAdvanced

Purple team cloud IR labs, attack/defense scenarios, detection playbooks

Penetration Testing & Offensive Security

Web Application TestingAdvanced

OWASP Top 10: SQL Injection, XSS, CSRF, IDOR, Authentication bypass - discovered critical vulnerabilities across 8 client applications

Burp Suite ProfessionalAdvanced

Repeater, Intruder, Scanner - primary tool for web app security testing

Metasploit FrameworkAdvanced

Exploitation framework, payload generation, post-exploitation

Vulnerability AssessmentAdvanced

Nessus scanning, vulnerability analysis, patch validation - 95% successful closure rate

Network AnalysisAdvanced

Wireshark, Nmap, IDS/IPS systems, network service scanning

Threat Emulation, Automation & Security Engineering

Purple TeamingAdvanced

Building attack/defense scenarios, detection engineering, combining red and blue team methodologies

MITRE ATT&CKAdvanced

Mapping detections to techniques, threat modeling, attack pattern recognition (T1110, T1046)

Detection EngineeringAdvanced

Writing detection rules, SIEM alert tuning, reducing false positives, building detection content

Python DevelopmentAdvanced

Security automation, ML-based IDS (92% accuracy), Flask APIs, Pandas, NumPy, Scikit-learn

Bash/Shell ScriptingAdvanced

Automation scripts, system administration, security tooling

PowerShellAdvanced

Windows automation, security operations, Active Directory management

Security AutomationAdvanced

CTF automation, security lab setup, detection rule automation

SOC & Security Operations

SIEM OperationsAdvanced

Splunk, Elastic Cloud - monitored 50-60 alerts daily, log correlation, threat detection

Incident ResponseAdvanced

Alert investigation, IOC documentation, containment procedures, IR playbooks

Threat HuntingProficient

Proactive threat detection, anomaly identification, pattern recognition

Security Frameworks & Methodologies

Security FrameworksAdvanced

NIST Cybersecurity Framework, OWASP Top 10, CIS Controls, Zero Trust Architecture, SANS Top 25

Risk AssessmentAdvanced

CVSS scoring, vulnerability prioritization, security auditing

Systems & Infrastructure

Active DirectoryAdvanced

User management, GPO configuration, security group administration, event log analysis - 500+ tickets resolved

Windows ServerAdvanced

Windows Server 2022, user administration, security configuration

Linux AdministrationAdvanced

Ubuntu, Kali Linux, system security, vulnerability management

Professional Experience

Cybersecurity Educator & Purple Team Specialist

CloudIRTriadRemote
Oct 2025 - PresentFull-time

Running a 120-day purple teaming and cloud IR journey documenting AWS security labs, attack simulations, and detection engineering for approximately 1,000 followers on Instagram. Creating practical content covering GuardDuty alerts, CloudTrail log analysis, IAM privilege escalation simulations, and corresponding detection rules.

Key Achievements:

  • Built several AWS lab scenarios from scratch including S3 bucket exploitation, EC2 instance compromise, and suspicious Lambda invocations
  • Created comprehensive red team attack steps paired with blue team detection/response playbooks for each scenario
  • Documenting hands-on cloud incident response techniques and purple team methodologies for growing audience of security professionals
  • Developed reusable AWS security lab templates for common attack patterns and detection scenarios
AWS (GuardDuty, CloudTrail, IAM, S3, EC2, Lambda)CloudWatchMITRE ATT&CKPurple TeamingIncident ResponseDetection Engineering

Internship Experience

Penetration Testing Intern

Cyber Secured IndiaRemote
Apr 2024 - Sep 2024Internship

Conducted comprehensive web application security assessments for 8 client applications using industry-standard penetration testing methodologies. Identified and documented critical vulnerabilities including SQL injection, XSS, CSRF, broken authentication, and IDOR bugs.

Key Achievements:

  • Tested 8 client web applications, discovering SQL injection vulnerabilities that allowed database credential extraction, XSS capable of session cookie theft, and multiple CSRF issues
  • Performed reconnaissance using Burp Suite Pro (Repeater/Intruder), identifying outdated WordPress plugins with known CVEs, exposed admin panels with default credentials, and IDOR vulnerabilities allowing unauthorized account access
  • Authored detailed penetration test reports with executive summaries, CVSS scores, proof-of-concept code, and prioritized remediation steps
  • Collaborated with development teams during remediation phase, conducting retesting after patches and achieving 100% closure rate for critical/high severity findings
  • Discovered unauthenticated database access on one client application, enabling complete data exposure
Burp Suite ProfessionalWappalyzerOWASP Top 10SQL InjectionXSSCSRFIDORCVE AnalysisWordPress SecurityCVSS Scoring

Cybersecurity Intern - SOC Operations

SmartInternzRemote
Feb 2024 - May 2024Internship

Gained hands-on experience in Security Operations Center (SOC) operations, monitoring SIEM platforms, investigating security alerts, and performing vulnerability management. Built and maintained cyber lab infrastructure for blue team training exercises.

Key Achievements:

  • Monitored SIEM platforms daily, reviewing 50-60 alerts per day and learning to distinguish false positives from genuine threats including repeated failed logins, off-hours access attempts, and unusual account lockout spikes
  • Investigated security alerts related to brute-force attacks on RDP/SSH, credential stuffing campaigns, and malware signatures in simulated environments, documenting incidents with affected systems, timestamps, IOCs, and containment procedures
  • Designed and maintained VirtualBox-based cyber lab for blue team training with pre-configured logging and reusable VM templates, reducing setup time by 40%
  • Conducted post-patch validation scans with Nessus on Windows and Linux systems, achieving 95% successful vulnerability closure rate with comprehensive tracking
  • Contributed to SOC knowledge base by documenting common alert types, triage procedures, escalation criteria, and learning threat hunting techniques from senior analysts
  • Assisted in tuning detection rules to reduce alert noise and improve signal-to-noise ratio
SplunkElastic Cloud (SIEM)NessusVirtualBoxIncident ResponseThreat HuntingVulnerability ManagementMITRE ATT&CKWindows/Linux Security

Student IT Help Desk Specialist

Loyola Institute of Technology and ManagementGuntur, India
Mar 2022 - May 2023Full-time

Provided comprehensive IT support for campus environment with ~2,000 users, managing Active Directory administration, user account lifecycle, Group Policy configuration, and security awareness training.

Key Achievements:

  • Resolved 500+ support tickets focused on Active Directory operations including user account creation, password resets, group membership management, and GPO configuration
  • Managed Windows Server 2022 environment for user administration, organizing OUs, configuring security groups, and troubleshooting login issues and policy conflicts through event log analysis
  • Delivered security awareness training sessions for students and staff, reducing repeat security incidents by approximately 40%
  • Maintained 95%+ first-contact resolution rate for hardware, software, OS, and network connectivity issues across Windows, macOS, and Linux systems
  • Successfully supported MFA rollout across campus environment during mid-year implementation
Active DirectoryWindows Server 2022Group Policy Objects (GPO)Multi-Factor Authentication (MFA)Windows/macOS/LinuxSecurity Awareness

Computer Lab Assistant

Loyola Institute of Technology and ManagementGuntur, India
Aug 2021 - Feb 2022Full-time

Maintained computer lab infrastructure with approximately 100 workstations, ensuring system health, security patch deployment, and policy enforcement.

Key Achievements:

  • Performed daily maintenance on ~100 lab workstations including system health checks, security patch deployment, antivirus signature updates, and proactive issue resolution
  • Enforced IT security policies and monitored for suspicious activity or misconfigurations
  • Provided user support for login issues, software installation (MATLAB, Python IDEs), and general troubleshooting
  • Maintained comprehensive ticketing system to track issues and identify recurring problems for continuous service improvement
Windows AdministrationPatch ManagementAntivirus ManagementIT Security PolicyTicketing Systems

Featured Engagements

Real-world offensive security engagements showcasing advanced red teaming, cloud security assessments, and security research initiatives.

Machine Learning-Based Network Intrusion Detection System
Security Research

Machine Learning-Based Network Intrusion Detection System

Built a network IDS using supervised machine learning with SVM and Random Forest classifiers on the NSL-KDD dataset, achieving 92% accuracy and 80% F1-score with 6% false positive rate.

Key Outcomes:

  • Achieved 92% accuracy and 80% F1-score with 6% false positive rate after feature engineering and model optimization
  • Used StandardScaler for normalization, SMOTE for class balancing, and 5-fold cross-validation for robust model evaluation
PythonScikit-learnAWS EC2
Read Case Study
Cryptographic E-Voting Platform with Zero-Knowledge Proofs
Security Research

Cryptographic E-Voting Platform with Zero-Knowledge Proofs

Built a secure e-voting system using PGP encryption (2048-bit RSA), digital signatures (RSA-PSS), and Zero-Knowledge Proof concepts to ensure ballot confidentiality and voter authentication.

Key Outcomes:

  • Implemented PGP encryption (2048-bit RSA) for ballot confidentiality and RSA-PSS digital signatures for voter authentication
  • Integrated Zero-Knowledge Proof concepts allowing voters to verify their vote was counted without revealing their choice
PythonFlaskPGP Encryption
Read Case Study
AWS Security Lab - Cloud Attack & Detection
Cloud Security

AWS Security Lab - Cloud Attack & Detection

Built comprehensive AWS security lab environment simulating cloud attacks with corresponding detection rules using GuardDuty, CloudTrail, and Elastic Stack for centralized logging.

Key Outcomes:

  • Configured complete AWS security stack: EC2, S3, IAM, CloudTrail, GuardDuty for attack simulation and detection
  • Implemented Elastic Stack for centralized logging and security event correlation
AWS EC2AWS S3AWS IAM
Read Case Study
View All Projects

Certifications & Practical Experience

Professional Certifications

(ISC)² Certified in Cybersecurity (CC)

(ISC)²

Cybersecurity FoundationAug 2024

AWS Security Fundamentals (Second Edition)

Amazon Web Services (AWS)

Cloud SecurityJul 2024

AWS Networking Practical Approaches

Amazon Web Services (AWS)

Cloud NetworkingJun 2024

DROP Certified Security Course (DCSC)

DROP

Security TrainingMay 2024

OSINT CTRL ALT ACT

OSINT Training Provider

OSINT & ReconnaissanceApr 2024

Full Stack Python Development

Training Provider

Software DevelopmentMar 2024

Conferences & Events

BSidesPGH 2025

Attendee & CTF Participant

Attended security conference and participated in capture the flag competition

Mar 2025

THRISS 2025

CTF Participant

Participated in cybersecurity challenges and CTF competition

Mar 2025

Hands-On Labs & Community

HackTheBox

CTF & Training Platforms

Active practice on offensive security labs and vulnerable machines

TryHackMe

CTF & Training Platforms

Continuous learning through guided security challenges and rooms

CloudIRTriad (Instagram)

Community & Education

120-day purple team and cloud IR learning journey with 1,000+ followers

AWS Security Labs

Cloud Security Practice

Hands-on cloud security practice with EC2, S3, IAM, GuardDuty, CloudTrail

Latest Research & Insights

Technical articles, research findings, and offensive security insights covering red teaming, cloud security, and advanced exploitation techniques.

Advanced Kubernetes Privilege Escalation Techniques
Cloud Security
Mar 15, 202412 min read

Advanced Kubernetes Privilege Escalation Techniques

Deep dive into sophisticated Kubernetes privilege escalation vectors including RBAC misconfigurations, container escapes, and admission controller bypasses.

KubernetesContainer Security
Read More
Bypassing Modern EDR Solutions: A Red Teamer's Perspective
Red Teaming
Mar 8, 202415 min read

Bypassing Modern EDR Solutions: A Red Teamer's Perspective

Comprehensive analysis of EDR evasion techniques including process injection, AMSI bypasses, and userland hooking evasion strategies used in real-world engagements.

EDREvasion
Read More
AWS IAM Privilege Escalation: 20 Methods Explained
Cloud Security
Feb 28, 202418 min read

AWS IAM Privilege Escalation: 20 Methods Explained

Complete guide to AWS IAM privilege escalation covering 20 different attack paths from low-privileged access to full administrative control.

AWSIAM
Read More
View All Articles

Let's Connect

Ready to collaborate?

Whether you're looking for red team expertise, cloud security consultation, or technical collaboration, I'm always open to discussing challenging security projects and research opportunities.

prasanthkumarmalleboina@gmail.com
LinkedInProfessional network
GitHubOpen source projects
MediumTechnical articles
YouTubeVideo content