About
"As a seasoned certified CISSP cybersecurity professional with a proven track record, I…
Articles by Akshay
Activity
14K followers
-
Akshay Tiwari posted thisSOC Alert: Axios npm Supply Chain Attack (2026) A widely used JavaScript library (Axios) has been compromised via npm, delivering a cross-platform Remote Access Trojan (RAT). This is not just another malware alert — this is a software supply chain attack impacting developers, CI/CD pipelines, and production environments. What Happened (High-Level) Threat actor compromised an npm maintainer account Published malicious versions: [email protected] and [email protected] Injected a malicious dependency: plain-crypto-js Triggered via npm install → postinstall script executes automatically Result: Silent RAT deployment across Windows, Linux, and macOS Attack Flow (Simple View) 1. Developer or CI/CD pipeline runs npm install 2. Malicious package executes postinstall script 3. Script spawns system-level processes (PowerShell / bash / python) 4. Payload executes (file-based or fileless) 5. Endpoint initiates outbound connection (commonly port 8000) 6. Attacker gains remote access. --- How SOC Teams Can Detect This 🔹 SIEM (Chronicle / Splunk / Sentinel) Look for npm install execution logs Monitor DNS requests to suspicious domains Hunt outbound traffic on uncommon ports (e.g., 8000) 🔹 EDR (CrowdStrike / SentinelOne) Watch for: npm or node spawning PowerShell / bash / python Identify: Suspicious child processes File drops (e.g., wt.exe, /tmp/ld.py) Short-lived execution chains 🔹 Golden Detection Chain npm install → script execution → abnormal process → outbound connection --- How to Secure CI/CD Pipelines Enforce strict version pinning (avoid auto-updates) Use dependency scanning tools (Snyk, Socket, etc.) Monitor or disable postinstall scripts Use isolated / ephemeral build environments Rotate all secrets: npm tokens, API keys, SSH keys --- Reality Check for Security Teams Most organizations will miss this because: No visibility into developer activity No logging of npm/package installs Over-reliance on traditional IOC-based detection If you’re not monitoring your build pipeline, you’re already at risk. --- Final Takeaway Supply chain attacks are evolving fast. Detection must shift from: IOC-based → Behavior-driven + pipeline security --- #CyberSecurity #ThreatHunting #SOC #SupplyChainSecurity #npm #Axios #EDR #SIEM #DevSecOps #IncidentResponse
-
Akshay Tiwari posted thisSOC Analysts — AI Agents Are Becoming the Next Attack Surface (OpenClaw Case Study) Recently multiple Researchers, Products organisation highlighted risks associated with AI agents.Openclaw being the most highlighted.This being a case study let's understand how AI agents can be another attack surface to monitor. AI “super agents” like OpenClaw are rapidly entering enterprise environments. While they boost productivity, they also introduce new security risks SOC teams cannot ignore. Here are the key threats analysts should start tracking: AI Agents as Potential Backdoors Many AI agents run locally with broad access to files, terminals, APIs, and sometimes root privileges. If misconfigured or exposed, they can be hijacked by adversaries and effectively become an automated insider threat. Prompt Injection = Data Exfiltration Risk Attackers can manipulate AI agents using malicious prompts or hidden instructions in emails, documents, or web content. This can result in: • Sensitive data leaks • Unauthorized command execution • Reconnaissance and lateral movement via the agent’s access Indirect Prompt Injection — The Silent Threat Unlike traditional attacks, adversaries may never interact directly with the AI. Instead they poison data sources the agent consumes, causing it to execute attacker instructions unknowingly. This blurs the boundary between trusted data and malicious control signals. Internet-Exposed AI Instances Some deployments have already been observed exposed externally, sometimes over unencrypted connections — creating interception and unauthorized access risks. Agentic Blast Radius Compromised AI agents don’t just leak data — they can: • Execute chained actions across systems • Abuse legitimate API/database access • Automate attacker objectives at machine speed SOC Takeaway: AI agents are not just tools anymore — they’re potential identities, automation engines, and attack surfaces combined. Detection strategies must evolve beyond malware to include: ✔ AI usage visibility ✔ Prompt-level threat hunting ✔ Monitoring AI-driven automation paths ✔ Governance around AI agent deployment #SOC #CyberSecurity #ThreatHunting #AIsecurity #PromptInjection #BlueTeam #SecurityOperations #GenAI #CyberDefense
-
Akshay Tiwari posted this𝐀𝐭𝐭𝐞𝐧𝐭𝐢𝐨𝐧 𝐒𝐎𝐂 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 - 𝐋𝐚𝐭𝐞𝐬𝐭 𝐓𝐡𝐫𝐞𝐚𝐭 𝐀𝐥𝐞𝐫𝐭 𝐍𝐨𝐭𝐞𝐩𝐚𝐝++ Rapid7 recently published a deep dive on the Chrysalis backdoor, attributed to the Lotus Blossom APT. The campaign abused a trusted software update path (Notepad++) to deliver a multi-stage, memory-resident backdoor. From a SOC perspective, the attack flow is worth studying: Initial access Attackers compromised the update infrastructure, redirecting users to a malicious installer. What looked like a legitimate update became the initial execution vector. Execution & defense evasion The installer dropped a legitimate binary and a malicious DLL to perform DLL side-loading. The payload decrypted shellcode in memory, used API hashing, and avoided traditional static detection. Command and control Once active, the Chrysalis backdoor established encrypted C2 and supported command execution, file operations, and interactive access. Follow-on activity blended custom malware with commodity frameworks like Cobalt Strike. Why this matters for SOC teams: • Trusted software can still be the entry point • DLL side-loading continues to be a reliable attacker technique • Memory-only execution reduces disk-based indicators • Supply-chain attacks often bypass perimeter controls entirely What SOC analysts should hunt for: • Update or installer processes spawning from unusual paths • Legitimate binaries loading DLLs from user-writable directories • Encrypted outbound traffic from software that normally shouldn’t beacon • Persistence via unexpected services or Run keys tied to “trusted” apps Detection needs to move beyond “is the file malicious?” to “does this behavior make sense?” If you’re in a SOC, this is a good case study to re-evaluate how you monitor installers, updaters, and DLL loading behavior. #SOC #ThreatHunting #MalwareAnalysis #APT #DetectionEngineering #IncidentResponse #CyberSecurity
-
Akshay Tiwari shared this𝐒𝐎𝐂 𝐇𝐢𝐫𝐢𝐧𝐠 𝐀𝐥𝐞𝐫𝐭 We are expanding our team and looking for 𝐒𝐩𝐥𝐮𝐧𝐤 𝐩𝐨𝐰𝐞𝐫 𝐮𝐬𝐞𝐫 certified SOC analysts along with EDR experience. Location - Bangalore(Hybrid) Exp - 2 to 4yrs Apply directly - https://lnkd.in/dHy_NP4N
-
Akshay Tiwari posted this🔒 We’re Hiring: SOC Analysts 🔒 Are you passionate about defending organizations against cyber threats? Do you want to join a team that lives by values like Trailblazing, Reliability & Respect, Unity, Service-Obsessed, and Tireless drive? If yes — we want to meet you at Cyderes What You’ll Do: Monitor security alerts and logs in real time from firewalls, endpoints, SIEMs (e.g. Microsoft Sentinel / Zscaler, Splunk, etc.). Investigate suspicious events, triage incidents, and escalate to Incident Response as needed. Perform root-cause analysis of security events and document findings with clear remediation steps. What We’re Looking For: Prior experience in a 24×7 Security Operations Center (SOC) or Incident Monitoring role. Good understanding of log management, threat detection, and triage — especially in mail, network, and endpoint telemetry. Familiarity with common alerting frameworks (e.g. MITRE ATT&CK) What You’ll Get: Opportunity to work with seasoned security professionals. Exposure to enterprise-grade tools and real-world threat scenarios — a great place to learn, grow, and fast-track your career in Incident Response / Threat Hunting. A collaborative, value-driven culture. Competitive compensation. DM or Apply directly https://lnkd.in/dSis3ehD ✨ Feel free to share this post — you might help someone take their first step into a meaningful SOC career!
-
Akshay Tiwari posted thisAWS Outage: Lessons for Security and IT Teams The recent AWS us-east-1 outage was a reminder that even the most reliable cloud platforms can fail in unexpected ways. It wasn’t just an AWS problem — it’s a learning opportunity for every organization running critical services in the cloud. - What happened A failure in the DNS update process led to key AWS services losing connectivity. Because many internal systems depend on DynamoDB and related components, the issue cascaded across EC2, networking, and authentication systems. Recovery took several hours as dependencies stabilized and network changes propagated. - Key lessons for security and IT professionals Cloud reliability isn’t guaranteed. Even a small DNS or database issue can create wide-scale outages. Dependencies can amplify impact. A single failure in a core service can ripple across monitoring, authentication, and response systems. Visibility is everything. If your logging, SIEM, or identity services fail, you may temporarily lose the ability to detect or respond to threats. Plan for partial recovery. Outages rarely resolve instantly — some systems will recover faster than others. Communication is part of incident response. During any large outage, clear internal updates build trust and reduce panic. Design for resilience. Multi-region and fallback designs help ensure critical functions like monitoring, authentication, and response remain available. - Action steps Map out dependencies in your SOC and IT stack — especially what breaks if a single service goes down. Test how your systems behave when key endpoints (like DNS or APIs) become unreachable. Ensure recovery plans include log storage, telemetry, and response tools. Simulate a regional outage and see how long it takes to restore full visibility and operations. Review communication protocols — who updates leadership, how often, and through which channels. Cloud outages will continue to happen. What defines resilient organizations is how they prepare, communicate, and recover when they do. #CloudSecurity #IncidentResponse #SOC #Resilience #ITOperations #CyberSecurity #AWS
-
Akshay Tiwari posted this!AI-SOC adoption! From buzzword to boardroom priority, AI-SOC adoption is accelerating as organizations seek faster detection, smarter triage, and automated response. From raw telemetry to automated containment — here’s a step-by-step view of an AI-powered SOC and how to build it in practice. 1) Ingest & Normalize Collect telemetry from endpoints, network, cloud, email, identity and business apps. ETL/parsers standardize events so downstream systems speak the same language. 2) Store & Enrich Index events in a searchable data lake / observability store and enrich with asset context, vulnerability data and threat intel (IP reputation, indicators). 3) Detect (AI + Rules) Combine detection engineering (signatures & correlation rules) with ML: supervised classifiers, anomaly detection and graph analytics. Map detections to MITRE/ATT&CK to keep coverage intentional. 4) Prioritize & Score Score events by risk (impact × likelihood) — this is the key decision point that separates events-of-interest from noisy alerts. Tune thresholds to balance precision vs recall. 5) Alerting & Triage (SOAR integration) Trigger SOAR playbooks for validated alerts: enrichment, IOC lookups, evidence collection and automatic ticket creation. Use playbooks to reduce repetitive work and contain simple incidents automatically. 6) Investigation (Human in the Loop) Analysts get a unified timeline, entity links and recommended hypotheses. Human validation handles edge cases, hunt-worthy activity, and complex decisioning. 7) Remediation & Orchestration Automated containment for high-confidence, low-risk actions; manual remediation for sensitive assets. Track MTTR and “REACT” (recognize → eradicate → confirm → teach). 8) Feedback & Continuous Learning Close the loop: label outcomes, feed them back to detection engineering and model retraining pipelines. Reduce false positives, improve recall, and evolve playbooks. 9) Governance & Observability Monitor data quality, model drift, fairness/explainability, and access controls. Maintain an audit trail for every automated action. Why this matters An AI-SOC isn’t “set it and forget it.” It’s a layered system: telemetry → enrichment → machine+rules → human judgement → automated remediation → learning loop. Each decision point should have clear SLAs, rollback paths, and observability. #AI #Cybersecurity #SOC #SIEM #SOAR #MLOps #ThreatDetection
-
Akshay Tiwari posted this!!Free Microsoft Security Learning Hub!! Microsoft has launched an easy-to-use, single-page Security Academy designed for anyone looking to build or strengthen their Microsoft Security skills—for free. https://lnkd.in/e7bRXaFm What makes this valuable for SOC analysts and security teams: Free access to curated Microsoft Security content Role-based learning paths for SOC Analyst, Threat Hunter, Compliance, IAM, and more Covers Microsoft Sentinel, Defender XDR, Entra ID, Intune, Purview, and other tools Includes Microsoft Learn modules, labs, certification prep, and documentation One simple, organized page—no searching, no sign-ins Whether you're getting started or looking to go deeper into Microsoft’s security stack, this hub is a great place to begin or grow.Share with your team and bookmark it for continuous learning. #MicrosoftSecurity #SOCAnalyst #Sentinel #DefenderXDR #ThreatHunting #CyberSecurity #BlueTeam #MicrosoftLearn #CloudSecurity #FreeTraining #SecurityOperations #IncidentResponse
-
Akshay Tiwari posted thisAttention AI Enthusiasts & Students! Whether you're diving into coding, building your first model, or exploring the boundaries of generative AI — here's something exciting for you. Google Gemini for Students - https://lnkd.in/dZaYGxUE is your new go-to learning companion! From brainstorming ideas to writing code and solving complex problems — Gemini is designed to help you learn faster, smarter, and more creatively. Perfect for: Computer Science & Engineering students AI/ML learners Anyone curious about how to harness AI for education, research, and real-world impact Let’s explore, build, and grow with AI. #AI #MachineLearning #Gemini #GoogleAI #Students #Coding #ArtificialIntelligence #TechForGood #LearningWithAI #FutureOfWork
-
Akshay Tiwari liked thisAkshay Tiwari liked this🔴 This is what a $300K SOC replacement looks like 🔴 A while ago I started asking: what if a small team could monitor infrastructure like a Fortune 500 — without the budget? This is where we are today: ⚡️ 35 autonomous security agents running 24/7 📊 Real-time CVE feeds — NVD + EPSS exploit probability scoring 🎯 MITRE ATT&CK mapping across all security failures 🛡️ Wazuh SIEM + custom Grafana threat intelligence dashboards 🔴 Live threat actor tracking — Akira, TeamPCP, ShinyHunters 💰 Costs???: less than €1,000/month Not a demo. Not a concept. Production. The hardest part wasn't the tech. It was learning that clarity beats complexity. Every dashboard, every alert, every agent should answer one question: what do I do right now? SEE IT LIVE → https://lnkd.in/dYPyEzKY We're building TIA — autonomous AI security for teams that can't afford a full SOC. If you're a startup, MSP, or solo engineer flying blind on security — let's talk. #cybersecurity #StatefulAI #SOC #threatintelligence #NIS2 #SIEM #infosec
-
Akshay Tiwari reacted on thisExcited to share that I will be speaking with the DEF CON Chennai Group. Looking forward to discussing our latest research, meeting the community, and exchanging ideas with others working in security and threat research. Grateful for the opportunity to be part of it. #cyderes #howlercellAkshay Tiwari reacted on thisHey Hackers, DEF CON Chennai DCG9144: Main Event 0x1 (Core Dump) | Speaker Sploit 0x5 Disk is monitored. Memory is trusted. That’s where the mistake begins. Fileless isn’t stealth. It’s strategy. This session breaks down how modern adversaries weaponize Node.js to deploy fileless RATs - executing in-memory, blending into trusted runtimes, and evading traditional detection. Join Reegun Richard Jayapaul as he dissects real-world tradecraft behind Node.js abuse - turning legitimate environments into covert command channels Boot up for "Modern Fileless RAT Tactics: Node.js Abuse : Technical Analysis" - where execution leaves no trace… and control lives in memory. Operational Brief: Venue: Zoho Corporation, Chennai Date: April 4th & 5th, 2026 Time: 09:00 AM - 05:00 PM IST Registration Link: https://lnkd.in/dMkJN3Cy If it writes to disk, it’s already too loud. #defcon #dcg9144 #defconchennai #infosec #hacking
-
Akshay Tiwari reacted on thisAkshay Tiwari reacted on thisI’m happy to share that I’ve obtained a new certification: Automation Practitioner from Torq! #TorqCertified
-
Akshay Tiwari reacted on thisAkshay Tiwari reacted on thisThrilled to be part of this exciting new chapter for Cyderes with the launch of our new office and Security Operations Center in Bangalore. Honored to see Chris Schueler mark the opening of the new office and CCO Richard R. (Rick) Miller lead the launch of the new SOC. 🚀 #Cyderes #cyderesIndia #LifeatCyderes
-
Akshay Tiwari liked thisAkshay Tiwari liked thisWe’re growing our Security Operations team and are looking to add strong Tier 2 and Tier 3 SOC Analyst. If you’re passionate about threat detection, incident response, colaborating with great people and making real impact, let's talk! We are looking for people based out of Vancouver or Seattle. Senior Security Analyst (Tier 3) Seattle: https://lnkd.in/dtbXCrgR Vancouver: https://lnkd.in/d_sj_PKi Security Analyst (Tier 2) Seattle: https://lnkd.in/d4b7myAz Vancouver: https://lnkd.in/dk4svhn4 Feel free to reach out if you have any questions or need additional information about the roles.
-
Akshay Tiwari reacted on thisAkshay Tiwari reacted on thisCyderes is now in Bengaluru, and the India team, led by Bhaskar Nagasai D, made sure we felt it from the moment we arrived. Badminton tournaments, live drums, dancing. The opening ceremony captured the culture this team has built and the energy they bring to the work every single day. Walking through that space and seeing the people behind our global operations reinforced something I already knew: this team doesn't support Cyderes from a distance. They are Cyderes. Around the clock, across time zones, through every client escalation and threat response, the Bengaluru team is a core part of how we deliver. That doesn't happen without the right people, and the right people showed up in a big way this week. Richard R. (Rick) Miller and I were glad to be there for it. Grateful for this team and excited for everything ahead.
Experience & Education
-
Cyderes
View Akshay’s full experience
See their title, tenure and more.
or
Licenses & Certifications
-
Certified Information Systems Security Professional (CISSP)
(ISC)²
Issued ExpiresCredential ID https://www.credly.com/badges/a0256ec0-ce88-4c02-a69d-a081c73a9cc8/public_url
Other similar profiles
Explore more posts
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Akshay Tiwari in India
777 others named Akshay Tiwari in India are on LinkedIn
See others named Akshay Tiwari