Available for new opportunities

Hi, I'm Ankit Singh

Securing the web,
one vulnerability
at a time.

CEH v13 certified Cyber Security Analyst & Bug Bounty Hunter. I find and fix the flaws attackers hope you'll miss.

20+.
Bugs Validated
9+.
Orgs Disclosed
2.
Internships
Ankit Singh — Cyber Security Analyst
VAPT
Bug Bounty
Burp Suite
CEH v13

Reported vulnerabilities to

DellMeeshoAudibleFronteggPoorvikaNapkinLinktreeSwayamWorldlabsHackerOne
About Me

Offensive security with a defender's mindset.

I'm a recent Cyber Security graduate based in Nagpur, India, working hands-on as a penetration tester and bug bounty hunter. My focus: web & API security, business-logic flaws, and turning low-noise bugs into high-impact findings.

Across two internships I've led VAPT engagements on production web apps and written 20+ vulnerability reports with PoCs, CVSS scoring, and remediation guidance.

Quick Facts

  • Nagpur, Maharashtra, India
  • Bachelor's in Cyber Security · CGPA 8+
  • CEH v13 · EC-Council Certified
  • HackerOne @whitehat411
  • Open to full-time roles
Toolkit

Skills & stack

Security Domains

VAPTWeb App SecurityAPI SecurityNetwork SecurityOWASP Top 10

Offensive Tools

Burp Suite ProNmapMetasploitSQLmapWiresharkNikto

Platforms & Protocols

LinuxActive DirectoryTCP/IPDNSHTTP/SJWT

Practices

PythonRecon & EnumerationAuth TestingSession MgmtThreat ModelingVuln Reporting
Experience

Where I've worked

Project Trainee — Client-Side Attack Simulation

Dec 2025 – Apr 2026

Softsense Technoserve (India) Pvt. Ltd.

  • Simulated 10+ phishing and client-side attack scenarios to evaluate endpoint security and user awareness.
  • Executed privilege escalation & post-exploitation across 5+ Windows enterprise environments — uncovered 15+ critical misconfigurations.
  • Built VBA-based phishing simulations with full attack-vector documentation and remediation playbooks.

Cybersecurity Intern

Jun 2025 – Nov 2025

Softsense Technoserve (India) Pvt. Ltd.

  • Conducted VAPT on 5+ web applications targeting the OWASP Top 10.
  • Identified & validated 20+ flaws — IDOR, broken access control, auth & session issues — using Burp Suite Pro.
  • Authored 15+ vulnerability reports with PoCs, CVSS scoring, and remediation guidance.
Bug Bounty

Responsible disclosure.

Active researcher on HackerOne (@whitehat411) with validated reports across 9+ organizations. Focus: manual business-logic testing, JWT analysis, payment & auth bypass, and chaining low-impact bugs into critical findings.

Disclosed to

DellMeeshoFronteggPoorvikaNapkinAudibleLinktreeSwayamWorldlabs

Finding types — by target

Critical

Payment Bypass

DellPoorvika
Critical

OTP Bypass

Dell
High

IDOR

Dell
High

Stored XSS

Linktree
High

Hardcoded Creds

AudibleMeesho
High

Business Logic — Premium Bypass

Napkin
Medium

CORS Misconfig

Frontegg
High

Auth Flaws

Swayam
Critical

Mass Account Creation (Firebase)

Worldlabs

Impact

20+Validated bugs
30+Endpoints tested
9+Organizations
View HackerOne profile
Selected Work

Featured projects

ESP32 BLE Keyboard Attack Simulator

ESP32-based BLE HID attack simulator with automated keystroke injection and reverse-shell payload execution. Demonstrates risks of unauthorized USB/BT device trust.

ESP32BLEHID InjectionHardware

Evil Twin Access Point Framework

Rogue WPA2/WPA3 access point framework simulating wireless impersonation attacks on Linux. Identifies insecure client behavior and network trust vulnerabilities.

WPA2/WPA3LinuxWireless

WiFi Deauthentication Testing Tool

Python-based deauth tool assessing wireless network resilience against DoS. Performs packet injection and traffic analysis to evaluate infrastructure response.

PythonScapy802.11DoS
Writing

Latest from the blog

Credentials

Education & certifications

Certified Ethical Hacker (CEH v13)

EC-Council

ECC6149873520

GRC Fundamentals

CyberExam · Certified GRC Practitioner — Distinction

GRCF-2026-03638

Verify

Cybersecurity Fundamentals

CyberExam · Certified Cybersecurity Practitioner — Distinction

CSF-2026-20865

Verify

Bachelor's in Cyber Security

St. Vincent Pallotti College of Engineering & Technology, Nagpur

2023 – 2026 · CGPA 8+

Contact

Let's build something secure together.

Looking for a pentester, a VAPT engagement, or have a vulnerability to disclose? I usually reply within 24 hours.