Abhijeet Singh
Security Researcher | Trainer | Red Teamer | Offensive Tradecraft
New Delhi, India
Actions
Abhijeet Singh is an offensive security specialist, exploit developer, and founder of Kubotor InfoTech Pvt. Ltd., where he leads cutting-edge research in red teaming, adversary simulation, and advanced offensive techniques. With over a decade of real-world experience, he focuses on bridging the gap between exposure and exploitation - showing how attackers can compromise systems using nothing but publicly available data, creativity, and precision.
Abhijeet's deep technical expertise spans Web Application and API Penetration Testing, Infrastructure Exploitation, Red Teaming Operations, Exploit Writing, Offensive Reconnaissance, and Intelligence-Driven Threat Hunting. His work pushes beyond checklists and into the adversarial mindset, equipping red teams and defenders with the skills to think, plan, and operate like real attackers.
He is the co-author of a published cybersecurity book, the solo author of an upcoming title, and the author of multiple white papers and peer-reviewed research publications focusing on exploit chaining, weaponized OSINT, and AI-assisted attacks.
As a sought-after speaker, Abhijeet has shared his insights on offensive security at major conferences including TEDx Delhi, C0C0N, BSides Noida, OWASP Meet, DefCon Delhi and SeaSides 2025.
When he’s not reverse-engineering protocols or crafting payloads, he’s educating others on how public data can be turned into powerful entry points - and why real security starts with knowing how you look from the outside.
Links
Area of Expertise
Topics
Offensive OSINT: Weaponizing Public Data for Initial Access and Reconnaissance
The vast majority of cyberattacks don’t start with zero-days - they start with data. And most of that data is already public.
This workshop focuses on how attackers and red teamers operationalize open-source intelligence (OSINT) to gain an initial foothold in target environments. From unprotected services indexed by internet-wide scanners to leaked credentials buried in old GitHub commits, we’ll walk step-by-step through how a modern adversary builds a complete picture of a target - and turns that picture into a pathway to compromise.
Participants will learn to use advanced search platforms such as Shodan, Censys, ZoomEye, Netlas, and GreyNoise to enumerate exposed systems, discover forgotten cloud assets, fingerprint technologies, and identify misconfigurations across global infrastructure. These platforms will be cross-referenced for deeper visibility and fingerprint validation.
Next, we’ll pivot into targeted data mining - hunting for breached credentials, mining document metadata, scraping LinkedIn/GitHub for developer footprints, and leveraging forgotten S3 buckets, unindexed APIs, and DNS leaks to expand the attack surface.
The second half of the workshop focuses on weaponization. You’ll take the intelligence gathered and craft:
• Spear-phishing payloads built around real personas, organizational structure, and internal language
• Infrastructure impersonation attacks using cloned login portals, domains, and social engineering lures
• Initial access simulation, where OSINT is used to move from information → impersonation → access
We’ll also explore (optionally) how AI tooling can support phishing automation, script generation, and voice cloning in vishing scenarios - showing how generative techniques can scale low-effort but high-impact campaigns.
Finally, we’ll wrap up with counter-OSINT techniques - how organizations can reduce public exposure, limit leakage from employees and code repos, and track adversarial OSINT collection patterns.
This is not a recon primer - it’s a full-spectrum adversarial simulation lab, where open data becomes offensive opportunity.
Key Learning Outcomes:
By the end of this session, participants will:
• Build OSINT-driven recon workflows using multiple internet-wide search engines
• Correlate infrastructure findings with real-world exposure
• Identify exploitable attack surfaces using public leaks, repo secrets, metadata, and misconfigs
• Craft phishing pretexts, payloads, and domains based on organizational intelligence
• Simulate adversary access strategies from nothing but public data
Breaking Boundaries: Practical Privilege Escalation in Modern Systems
Privilege escalation is often the defining moment in a real-world compromise-turning a simple foothold into complete system or domain control. This workshop dives deep into the practical aspects of local privilege escalation on both Linux and Windows systems, with a strong focus on post-exploitation techniques that work in the field.
We’ll start by understanding how attackers enumerate and fingerprint systems to uncover weak spots: misconfigured SUDO rules, SUID binaries, insecure services, unquoted paths, token privileges, and more. Participants will learn how to move from basic user to root or SYSTEM using real attack paths-without relying on outdated exploits.
The Linux section will cover classic and modern techniques such as exploiting cron jobs, abusing environment variables, leveraging GTFOBins, and privilege escalation via poorly configured permissions. In the Windows segment, we’ll walk through hands-on abuse of misconfigured registry keys, privilege tokens, DLL hijacking, and escalating through service misconfigurations.
Alongside tools like LinPEAS, WinPEAS, PowerUp, and custom scripts, you’ll get to practice techniques in live demo labs that simulate real environments.
This is not a passive session-expect to get your hands dirty, think like an attacker, and walk away with an arsenal of techniques you can apply in your next engagement or red team operation.
0-Day Thinking: The Hacker Mindset That Finds What Others Miss
Most organizations secure what they know is vulnerable. But real attackers breach what no one thought to question. This talk is a journey into the “0-Day mindset” - not just about discovering unknown vulnerabilities, but about thinking like an adversary who challenges assumptions, abuses edge cases, and builds exploits from overlooked logic.
We’ll explore how elite hackers and red teams reverse-engineer trust, find flaws in logic chains, and repurpose legitimate functionality for malicious gain. From bypassing authorization without a single exploit, to leveraging business logic for full account takeover, this session pulls back the curtain on offensive creativity.
Backed by real-world red team scenarios and subtle exploit chains (including one that went from forgotten staging domain to production shell), you’ll gain a new lens on vulnerability: not just as a technical glitch, but as a failure of imagination.
Key Takeaways:
• What the “0-day mindset” really means in modern offensive security
• How to spot security gaps that aren’t in any vulnerability database
• Red team logic: weaponizing features, flows, and design flaws
• A breakdown of real exploit chains built from “non-vulnerabilities”
Abhijeet Singh
Security Researcher | Trainer | Red Teamer | Offensive Tradecraft
New Delhi, India
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top