Sharvind Rao

• Led APAC threat intelligence operation and performed advanced threat analysis.
• Analyzed raw intelligence and data used by cyber threat actors to identify and track their TTPs.
• Build threat hunting & detection capabilities using Behavioral Analysis and the MITRE ATT&CK framework.
• Conducted in-depth PCAP analysis to investigate exploits and post-compromise indicators, targeting enterprise networks.
• Develop ML models to detect web threats using visual, URL, and text processing.
• Researched web data flows and network patterns to uncover anomalies in large datasets.
• Developed detection use cases, threat signatures, scripts, and anomaly patterns to identify unknown malware across network products (Web Proxy & IPS).
• Delivered actionable intelligence reports and in-depth root cause analyses to enhance proactive threat response.

Key Projects:

• Auto-gen YARA Rule: Generated YARA rules by leveraging fuzzy hashing techniques to counter AI-driven web threats.
• URL-categorization: Developed an automated URL categorization system using intelligence feeds and pattern recognition, achieving real-time detection of 6M+ URLs.
• IOCParser: Automated the extraction of IOCs from RSS feeds.

• Part of the Global Threat Intelligence team performing developer-level profiling and analysis of web traffic logs.
• Handled customer incident response submissions and identified malicious traffic patterns, exploit kits, proxies, malvertising and other security threats.
• Conducted threat hunting using pDNS and WHOIS data.
• Analyzed network logs, uncovering sophisticated attack patterns and mitigating risks effectively.
• Classified web traffic based on analysis outcomes and threat intelligence alerts.
• Conducted proactive threat hunting using Spark SQL, Elasticsearch, Splunk, and other SIEM tools via custom queries, alerts, and dashboards.
• Developed tools and automations that improved classification quality and operational efficiency by 70%.

Key Projects:

• Exploit Kit Detector: Built a system to detect and deobfuscate Rig Exploit Kit through behavioral analysis.
• IP Subnet Generator: Automated IP classification within subnet ranges.
• JS Emulator: Developed an emulation tool using the headless browser (PhantomJS) to deobfuscate malicious scripts.

• Conducted static and dynamic malware analysis.
• Prepared detailed malware reports to enhance virus detection.
• Built URL pattern detections/signatures.
• Recommended engine changes for specific malware families.
• Handled false positive/negative cases.
• Analyzed and detect Android-based malware and exploits.
• Resolved customer escalations with tailored solutions.
• Developed automation tools to deal/manage growing amount of malware database.

Key Projects:

• Phishing Detector : Designed self-learning phishing detection rules, contributing to AV-Comparatives Anti-Phishing Test (2012) win.