Available for offensive security engagements

Offensive security,
engineered with precision.

I'm Christopher Arock — a Penetration Tester focused on Active Directory attacks, web application security, and cloud misconfiguration. Every internship, project, and certification has been deliberately chosen to build toward a career in adversary emulation.

Rank Top 2% · TryHackMe
Focus Pentesting · AD · Web
Pursuing OSCP
Christopher Arock

A deliberate path into offensive security.

My trajectory blends adversary tradecraft with real defender visibility — an unusual combination that produces sharper, more defensible engagements.

  1. 2022

    Started B.Tech in Computer Science & Engineering (Cyber Security)

    Kalasalingam Academy of Research and Education · GPA 8.79 / 10.0.

  2. 2023

    Web application pentesting foundation

    Interned at Infoziant Security — tested 3+ live production systems, discovered XSS and SQL injection.

  3. 2024

    Cloud & Active Directory depth

    Cloud auditing at Max Conformance, then built a full AD home lab practicing Kerberoasting, LLMNR poisoning and Pass-the-Hash.

  4. 2025

    Defender's perspective at Ernst & Young

    SOC internship with Splunk and Microsoft Sentinel — deliberately gaining blue-team visibility.

  5. 2026

    Freelance engagements & OSCP

    Delivering formal penetration test reports to real clients while preparing for OSCP.

Breaking Systems, Understanding Signals.

Four roles chosen to build attacker fluency and defender empathy in parallel.

  1. Self-Employed · Remote 2026

    Freelance Penetration Tester

    • Grey-box penetration test on a Compliance-as-a-Service web app, simulating an authenticated attacker scenario.
    • Identified 2 critical vulnerabilities — IDOR enabling unauthorized access to any user account, and an API response leaking MFA codes.
    • Delivered a formal report with CVSS risk ratings, proof-of-concept steps and remediation guidance.
  2. Ernst & Young (EY) · Chennai, India 08/2025 – 10/2025

    SOC Intern

    • Worked with Splunk and Microsoft Azure Sentinel for SIEM monitoring, use case creation and tuning.
    • Gained enterprise-level understanding of threat monitoring and alert analysis inside a large-scale SOC.
    • Used defender visibility to sharpen offensive tradecraft and evasion awareness.
  3. Max Conformance · Remote 06/2024 – 07/2024

    Cybersecurity Intern

    • Applied AWS, Prowler, Powerpipe and Steampipe for cloud security and compliance auditing.
    • Built a Flask API to automate AWS compliance reporting, significantly improving audit efficiency.
    • Developed attacker-relevant insight into how cloud misconfigurations are identified and exploited.
  4. Infoziant Security · Virudhunagar, India 09/2023 – 12/2023

    Student Intern — Penetration Testing

    • Performed web vulnerability testing and penetration assessments on 3+ live production systems.
    • Identified critical issues including XSS and SQL injection.
    • Built reconnaissance automation scripts, improving vulnerability discovery efficiency.

Selected work & case studies.

Engagements and labs that shaped my offensive security craft.

Active Directory Home Lab

2024

Simulated a full enterprise AD environment to test real-world attack chains aligned with OSCP scenarios and red team engagements. Deployed AD DS with realistic users and GPOs, mapped attack paths with BloodHound and executed Kerberoasting, LLMNR poisoning and Pass-the-Hash.

Windows Server 2022BloodHoundMimikatzCrackMapExecNetExec
Impact Hands-on red team skills directly applicable to OSCP and enterprise pentesting engagements.

EmailScanner — Phishing Detection

2024

Built to understand attacker-side phishing techniques, strengthening web application security intuition. Combined ClamAV signatures, ML anomaly detection and the VirusTotal API for multi-layered phishing detection.

PythonClamAVMachine LearningVirusTotal API
Impact Reduced false positives in simulated datasets through multi-layered detection.
Read Case Study

TryHackMe Labs & Challenges

2025 — Present

Structured learning path chosen to complement real-world internship experience and systematically prepare for OSCP. 200+ hands-on labs covering network exploitation, web vulnerabilities (OWASP Top 10) and privilege escalation.

NmapBurp SuiteMetasploitWiresharkGobuster
Impact Ranked Top 2% globally — consistent, self-driven offensive security practice.

Tools I reach for in engagements.

A working toolkit spanning offensive tradecraft, defender platforms and cloud auditing.

Offensive Security

Burp SuiteMetasploitNmapBloodHoundCrackMapExecMimikatzNetExecWiresharkGobuster

Blue Team

SplunkMicrosoft Sentinel

Cloud

AWSProwlerSteampipePowerpipe

Programming

PythonCSQLBash

Credentials & achievements.

Formal validation of practical offensive and defensive knowledge.

CAP

AppSec Practitioner

SecOps Group

Feb 2024
APIsec

APIsec Certified Practitioner

APIsec University

Oct 2025
CNSP

Certified Network Security Practitioner

SecOps Group

Dec 2025
Top 2%

TryHackMe — Global Ranking

200+ labs across Offensive Pentesting & Pre Security paths

Ongoing

Core areas of practice.

Domains I operate in with confidence — no vanity progress bars, just what I actually do.

01

Web Application Security

OWASP Top 10, authentication bypass, IDOR, injection, business-logic flaws.

02

Active Directory Attacks

Kerberoasting, LLMNR poisoning, Pass-the-Hash, BloodHound attack path analysis.

03

Network Penetration Testing

Recon, service enumeration, exploitation and post-exploitation across enterprise networks.

04

Cloud Security

AWS misconfiguration identification and auditing with Prowler, Steampipe and Powerpipe.

05

CVSS & Risk Rating

Accurate severity scoring with business context to prioritise remediation.

06

Formal Reporting

Executive summaries, PoC reproduction steps and remediation guidance clients can act on.

Let's discuss your next engagement.

Available for penetration testing engagements, adversary emulation and security research collaboration.