Reported vulnerabilities to
Offensive security with a defender's mindset.
I'm a recent Cyber Security graduate based in Nagpur, India, working hands-on as a penetration tester and bug bounty hunter. My focus: web & API security, business-logic flaws, and turning low-noise bugs into high-impact findings.
Across two internships I've led VAPT engagements on production web apps and written 20+ vulnerability reports with PoCs, CVSS scoring, and remediation guidance.
Quick Facts
- Nagpur, Maharashtra, India
- Bachelor's in Cyber Security · CGPA 8+
- CEH v13 · EC-Council Certified
- HackerOne @whitehat411
- Open to full-time roles
Skills & stack
Security Domains
Offensive Tools
Platforms & Protocols
Practices
Where I've worked
Project Trainee — Client-Side Attack Simulation
Dec 2025 – Apr 2026Softsense Technoserve (India) Pvt. Ltd.
- Simulated 10+ phishing and client-side attack scenarios to evaluate endpoint security and user awareness.
- Executed privilege escalation & post-exploitation across 5+ Windows enterprise environments — uncovered 15+ critical misconfigurations.
- Built VBA-based phishing simulations with full attack-vector documentation and remediation playbooks.
Cybersecurity Intern
Jun 2025 – Nov 2025Softsense Technoserve (India) Pvt. Ltd.
- Conducted VAPT on 5+ web applications targeting the OWASP Top 10.
- Identified & validated 20+ flaws — IDOR, broken access control, auth & session issues — using Burp Suite Pro.
- Authored 15+ vulnerability reports with PoCs, CVSS scoring, and remediation guidance.
Responsible disclosure.
Active researcher on HackerOne (@whitehat411) with validated reports across 9+ organizations. Focus: manual business-logic testing, JWT analysis, payment & auth bypass, and chaining low-impact bugs into critical findings.
Disclosed to
Finding types — by target
Payment Bypass
OTP Bypass
IDOR
Stored XSS
Hardcoded Creds
Business Logic — Premium Bypass
CORS Misconfig
Auth Flaws
Mass Account Creation (Firebase)
Featured projects
ESP32 BLE Keyboard Attack Simulator
ESP32-based BLE HID attack simulator with automated keystroke injection and reverse-shell payload execution. Demonstrates risks of unauthorized USB/BT device trust.
Evil Twin Access Point Framework
Rogue WPA2/WPA3 access point framework simulating wireless impersonation attacks on Linux. Identifies insecure client behavior and network trust vulnerabilities.
WiFi Deauthentication Testing Tool
Python-based deauth tool assessing wireless network resilience against DoS. Performs packet injection and traffic analysis to evaluate infrastructure response.
Latest from the blog
From a Simple Input Field to Stored XSS — A Realistic Bug Bounty Journey
How a tiny innocuous input field turned into a stored XSS — methodology, payload crafting, and bypassing filters.
Read on MediumA Premium Feature Bypass Hidden Behind a Single Boolean Parameter
Flipping one parameter unlocked premium features — a reminder that authorization belongs on the server.
Read on MediumHow I Found an OTP Authentication Bypass While Hunting for Bugs
An OTP flow that looked airtight until response manipulation revealed a complete auth bypass.
Read on MediumHow a Failed Payment Turned Into a Successful Order
Most payment flows look secure from the outside — until you replay the right request.
Read on MediumEducation & certifications
Certified Ethical Hacker (CEH v13)
EC-Council
ECC6149873520
Cybersecurity Fundamentals
CyberExam · Certified Cybersecurity Practitioner — Distinction
CSF-2026-20865
VerifyBachelor's in Cyber Security
St. Vincent Pallotti College of Engineering & Technology, Nagpur
2023 – 2026 · CGPA 8+
Let's build something secure together.
Looking for a pentester, a VAPT engagement, or have a vulnerability to disclose? I usually reply within 24 hours.
