Rewanth Tammana

Rewanth Tammana

Senior Security Architect

Emirates NBD

*Upcoming Presentation* @ BlackHat EU

Rewanth Tammana is a security ninja, open-source contributor, and Senior Security Architect at Emirates NBD. He is passionate about DevSecOps, Application, and Container Security. He added 17,000+ lines of code to Nmap (famous as Swiss Army knife of network utilities). Holds industry certifications like CKS (Certified Kubernetes Security Specialist), CKA (Certified Kubernetes Administrator), etc.

Rewanth speaks and delivers training at multiple international security conferences around the world including Black Hat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others.

He was recognized as one of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. He also published an IEEE research paper on an offensive attack in Machine Learning and Security. He was also a part of the renowned Google Summer of Code program.

Interests
  • Security Engineering
  • Automation
  • DevSecOps
  • Development
Education
  • Bachelors in Computer Engineering

    National Institute of Technology, Kurukshetra, India

Experience

 
 
 
 
 
Senior Security Architect
Jun 2021 – Present Dubai
  • Designing, building and managing PaaS security.
  • Containers and Kubernetes security.
  • Integration of automation and DevSecOps.
 
 
 
 
 
Security Architect
Nov 2020 – Jun 2021 Dubai
  • Responsible for architectural and design reviews of new integrations and projects.
  • Responsible for end-to-end security review of projects developed by multiple squads.
  • Perform source code review, penetration testing, container review, etc.
  • Developed open source projects extending Kubernetes functionalities.
 
 
 
 
 
Security Consultant
Jul 2018 – Nov 2020 Pune, India
  • Delivered Android Mobile Application Security training’s to developers and pen-testers across the globe.
  • Perform Cloud, Docker and Kubernetes security assessments.
  • Implemented end-to-end workflow for DevSecOps service offerings.
  • Perform security assessment of web and android applications (both black box and white box).
  • Collaborate with experts while performing infrastructure assessments.
  • Perform source code review to discover new vulnerabilities.
  • Responsible for end-to-end client delivery.
  • Published IEEE research paper on Machine Learning and security.
  • Delivered training and talks at multiple international security conferences
    • CISO Platform, Virtual
    • Nullcon, Virtual
    • PHDays, Moscow, Russia
    • Hack In The Box (HITB), Amsterdam
    • CRESTCon, London
    • Bsides, Egypt
    • Hack In The Box (HITB), Dubai
    • DEFCON, Las Vegas (Couldn’t present there due to delayed visa process)
  • Organized local security meetups as a part of null Pune chapter, India
 
 
 
 
 
Associate Security Researcher Intern
Provensec
Jun 2017 – Sep 2017 Remote
  • Developed automated web vulnerability scanner using Python, selenium and PhantomJS along with 3 other employees.
  • The license of the product costs $2000 USD/year.
  • Authored and integrated plugins to the vulnerability scanner.
  • Developed module to save screenshot of the website when the payload is executed as a POC.
  • Collaborated with experts on penetration testing projects
 
 
 
 
 
Nmap Developer
May 2017 – Aug 2017 Remote
  • One among the only 4 people (2 PhD’s and 1 B.Tech) to get selected around the world.
  • My contribution during this 3 month period: Integrated 17,000+ lines of code into Nmap.
  • Authored script to fetch smb enum services from remote windows machine.
  • Authored script for enumerating (iOT)devices running on OpenWebNet protocol.
  • Authored punycode and idna libraries for nmap to handle unicode input.
  • Refactored http-enum script for optimization purposes.
  • Made ncat enhancement to limit data using a delimiter while transferring data.
  • Fixed issues related to cve-2014–3704 nse script.
  • Enhancements made to cve-2014–3704 nse script.
  • Removed redundant parsing functions by making enhancements from few libraries.
  • Autocomplete feature for –script-args parameter in nmap. Due to lack of compatibility issues with Windows OS and zsh shell, it is not merged yet.
  • Colored output for nmap.
  • Added missing ip protocols to netutil.cc.
  • Complete report - https://medium.com/@rewanthcool/gsoc-2017-with-nmap-security-scanner-80d9bd54a97a
 
 
 
 
 
Security Engineer Intern
May 2017 – Aug 2017 Remote
  • Security assessment of website and writing patches for the vulnerabilities found.
  • Discovered and patched critical payment gateway bugs which saved thousands of dollars to the company.
  • Handled the security of cloud services and servers.
  • Impressed with my work they added my name to their About-Us page (I was just an intern).
  • View me @ https://oxcean.com/About-us
 
 
 
 
 
Full Stack Developer Intern
Appyfest
Jun 2016 – Jul 2016 Gurugram, India
  • Integrated new features to the website.
  • Optimized the functionality of existing features in the website.

Projects

*

Containers from scratch

Running a rootless container in a few lines of Go code with just linux syscalls

Damn Vulnerable Bank

Vulnerable Banking Application for Android

Detect phishing URLs with Machine Learning

Simple project that trains a model to detect phishing URLs.

Dictionary Attack Cyberoam

Dictionary Attack on NIT Kurukshetra User-Portal (Cyberoam)

Drone UI

UI interface for drone CI/CD

Firefox vuln headers extension

Firefox browser extension which parses the headers of all the requests which are being flowing through your firefox browser to detect for vulnerabilities

Hack Kit

This kit automatically converts your firefox browser into a hacking tool by installing all the primitive hacker plugins

Kubectl fields

Plugin to parse and search fields from kubectl resources hierarchy tree

Kubectl whisper secret

Plugin to create secrets with secure input prompt to prevent information leakages through terminal history, shoulder surfing attacks, etc

Kubernetes Goat

Kubernetes Goat is Vulnerable by Design Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

mp3 downloader

Downloads mp3 file of a youtube video

Nmap

Nmap - the Network Mapper. The swiss army knife network utility

NodeJS Coding Assessment Solutions

My proposed solutions to a few full stack developer interview questions

QB (cube) game

First ever 3D multiplayer game built for FlockOS

Syndi

Advanced windows local network file sharing software

Techspardha

Annual technical fest website NIT Kurukshetra

Contact