Keyur Aghao

MS in Information Security @CMU | CEHv11 | CND | Digital Forensics | AI in Cybersecurity | Red Teaming | Threat Hunting | Threat Modelling | Ex Cybersecurity - Domain Manager @Bajaj Finance Ltd.

Download Resume Schedule a Meeting Subscribe to Newsletter

About Me

I am a Master's student at Carnegie Mellon University, specializing in Cyber Forensics & Incident Response. With a strong background in red teaming, penetration testing, and application security, I am passionate about securing digital infrastructures.

My experience includes developing custom security tools, leading API security projects, and performing comprehensive security assessments across various platforms. I thrive on solving complex security challenges and continuously expanding my knowledge in the ever-evolving field of cybersecurity.

Keyur Aghao

Professional Experience

Enterprise Creation Intern

Center for Technology Transfer and Enterprise Creation | Pittsburgh, PA

May 2025 - Present

PLUS Tutor

Carnegie Mellon University | Pittsburgh, PA

Feb 2025 - Present

Domain Manager & Red Teamer

Bajaj Finserv | Pune, India

July 2023 - Dec 2024

  • Assessed security control configurations across wireless networks, IoT, APIs, web applications, and Active Directory via penetration testing.
  • Developed custom tools for attack surface management and continuous VAPT, achieving significant cost savings.
  • Led projects on API security, Client-Side Protection, and Akamai compliance.

Application Security and API Governance Intern

Bajaj Finserv | Pune, India

Jan 2023 - July 2023

  • Investigated 4000+ APIs for policy misconfigurations and mitigated logical vulnerabilities.
  • Published and maintained the company's API inventory for audits and troubleshooting.

Web Developer Intern

BRAINOVISION SOLUTIONS INDIA PVT.LTD | Remote

Feb 2022 - Mar 2022

Developed and maintained websites, primarily using WordPress and JavaScript.

Projects

Padding Oracle Attack on AES-CBC

Associated with Carnegie Mellon University

Jan 2025 - Feb 2025

A deep dive into the practical application of cryptographic attacks, specifically focusing on exploiting a vulnerability in the PKCS#7 padding scheme when used with AES in CBC mode. The project required both a decryption attack to reveal hidden plaintext and an encryption attack to forge arbitrary ciphertext.

Skills:

Cryptography AES Python

JackHammer - Endpoint Security Tool

Associated with Bajaj Finserv

Mar 2024 - Dec 2024

Simulated various attacks on implemented endpoint security solutions (like Microsoft Defender and CrowdStrike) to evaluate their effectiveness and identify vulnerabilities.

Skills:

Go Powershell Python Exploit Development

Golden Eye - ASM Tool

Associated with Bajaj Finserv

Jun 2023 - Feb 2024

Conceptualized, designed, and developed Golden Eye, a pioneering tool for Attack Surface Management (ASM) using Python, integrating tools like Sublist3r, Burp Suite and Nuclei for comprehensive enumeration and automated application testing.

Skills:

C++ Python Power BI

Cloud Piercer - Cloud Analysis Tool

Associated with Bajaj Finserv

Jul 2023 - Mar 2024

Spearheaded the development of a cutting-edge tool to enumerate and analyze exposed cloud buckets across GCP, DigitalOcean, AWS, and Azure. The tool uses GreyHatWarfare and delves deep into Azure buckets to provide a detailed risk assessment.

Skills:

Python JavaScript Cloud Security AI

Digital Forensics Investigation

Associated with Carnegie Mellon University

Conducted a comprehensive digital forensics investigation simulating a real-world case involving illegal wildlife trade. Analyzed disk images from a Windows laptop and an Android smartphone to uncover evidence and compile a professional forensic report.

Skills:

Digital Forensics NTFS Computer Forensics Mobile Forensics

X.509 Certificate Chain Validator

Associated with Carnegie Mellon University

Built a Python program from the ground up to verify the authenticity of a website's TLS certificate chain. This project involved implementing the validation logic and analyzing the limitations of a basic validator to understand how TLS prevents man-in-the-middle attacks.

Skills:

PKI X.509 TLS Python

Technical Skills

Languages

Advanced: C, C++, Python

Intermediate: GO, MATLAB, PowerShell, SQL, VHDL, JavaScript

Application Software

Adobe Photoshop, Akamai, Autopsy, Burp Suite, Cobalt Strike, Core Impact, Dradis CE, Defect Dojo, GDB, Ghidra, GIMP, GitHub, Ida, Metasploit, Nmap, Oxygen Forensics, Power BI, Visual Studio, Wireshark, WordPress, Xilinx

Publications & Conferences

Hardware Vulnerability: Meltdown. Lecture Notes in Networks and Systems, vol 676. Springer, Singapore. (2023); DOI 10.1007/978-981-99-1699-3

Show Publication →

Hardware Vulnerability: Meltdown. NIELIT's International Conference on Communication, Electronics and Digital Technologies (NICE-DT 23). (2023)

Show Credentials →

Hardware Vulnerability: Spectre. Pulzion 22 by PICT ACM. (2022)

Show Credentials →

Hardware Vulnerability: Spectre. Impetus and Concepts 2023. (2023)

Show Credentials →

Licenses & Certifications

Red Teaming

TryHackMe

Issued May 2025

Show Credential →

Jr Penetration Tester

TryHackMe

Issued Jan 2024

Show Credential →

Advent of Cyber 2023

TryHackMe

Issued Dec 2023

Show Credential →

Web Fundamentals

TryHackMe

Issued Nov 2023

Show Credential →

Cryptography ans Network Security

Indian Institute of Technology, Kharagpur

Issued July 2022

Show Credential →

Network Security and Cyber Forensics

National Institute of Technical Teachers Training and Research (NITTTR) Chandigarh

Issued Jan 2022

Show Credential →

Certified Ethical Hacker (CEHv11)

EC-Council University

Issued Dec 2021

Show Credential →

Certified Network Defender (CND)

EC-Council University

Issued Sept 2021

Show Credential →

Python real world Applications

Udemy

Issued Apr 2021

C Programming Projects

Udemy

Issued March 2021

Show Credential →

Penetration Testing

Udemy

Issued March 2021

Show Credential →

Python 3 MasterClass

Udemy

Issued March 2021

Show Credential →

Programming in C

Udemy

Issued Oct 2020

Show Credential →

Cyber Security Course as per AICTE Model Curriculum

National Institute of Technical Teachers Training and Research (NITTTR) Chandigarh

Issued July 2020

Show Credential →

Intermediate Grade Drawing Examination

Government of Maharashtra (GoM)

Issued December 2014

Show Credential →

Elementary Grade Drawing Examination

Government of Maharashtra (GoM)

Issued December 2013

Show Credential →

Maharashtra State Certificate in Information Technology (MS-CIT)

Maharashtra State Board of Technical Education (MSBTE)

Issued October 2012

Show Credential →

Contact Me

Feel free to reach out for collaborations or just a friendly chat!

kaghao@andrew.cmu.edu

412-330-8935