Bug Bounty Hunter

Cybersecurity Specialist

Breaking systems to secure them.

View ProjectsLaunch TerminalContact
About

The Hacker Mindset

I'm a cybersecurity professional who believes the best defense starts with understanding the attack. My passion lies in penetration testing and red teaming — essentially, I break things professionally so developers can build them stronger.

Specializing in OWASP Top 10 vulnerabilities, I've identified critical flaws in web applications including XSS, SQL Injection, SSRF, CSRF, and IDOR vulnerabilities that could have been catastrophic if left unchecked.

Every vulnerability I find is a victory — not just for me, but for the security of thousands of users whose data stays protected.

Web Security

OWASP Top 10

Bug Bounty

HackerOne & Bugcrowd

Red Teaming

Offensive Security

Threat Detection

SIEM & Monitoring

My Philosophy

"In cybersecurity, you're either breached or about to be breached." My mission is to make that second option as difficult as possible — one vulnerability at a time.

Expertise

Skills & Tools

95%

XSS

Cross-Site Scripting detection & exploitation

ReflectedStoredDOM-based
90%

SQL Injection

Blind & union-based SQL injection

MySQLPostgreSQLNoSQL
88%

SSRF

Server-Side Request Forgery

Port scanningCloud metadataInternal services
92%

CSRF

Cross-Site Request Forgery

Token bypassState changing
94%

IDOR

Insecure Direct Object Reference

HorizontalVerticalBOLA
85%

CORS

CORS misconfiguration exploitation

PreflightWildcardCredentials
Experience

Projects & Findings

Critical

Web Application Penetration Testing

Security Assessment

Comprehensive security audit of enterprise web applications to identify vulnerabilities before malicious actors can exploit them.

Impact: Identified 3 critical XSS vulnerabilities in authentication flows affecting 50,000+ user accounts

Vulnerability

Reflected XSS in login form

Burp SuiteOWASP ZAPManual TestingBrowser DevTools
Critical

E-Commerce SQL Injection Assessment

Vulnerability Assessment

Found critical SQL injection vulnerability in product search functionality of a major e-commerce platform.

Impact: Prevented potential data breach of 2M+ customer records including PII and payment information

Vulnerability

Union-based SQL Injection

SQLmapBurp Suite IntruderCustom Payloads
High

Red Team Social Engineering Simulation

Red Teaming

Executed phishing campaign to test organizational security awareness and incident response capabilities.

Impact: Achieved 23% click-through rate, helping organization implement enhanced security training

GoPhishCredSniperMaltegoSocial-Engineer Toolkit
High

API Security Assessment

Web Security

REST API security testing for a fintech startup, identifying authentication and authorization flaws.

Impact: Found IDOR vulnerability allowing unauthorized access to user financial data - patched before production release

Vulnerability

IDOR + Broken Access Control

PostmanBurp SuiteJWT DecoderAmass
Critical

Cloud Infrastructure Assessment

Cloud Security

AWS and Azure cloud environment security review for a healthcare SaaS company.

Impact: Identified misconfigured S3 buckets and over-permissive IAM roles - fixed to meet HIPAA compliance

ProwlerCloudMapperScoutSuiteAWS CLI
High

Network Penetration Test

Infrastructure

Internal network security assessment for a mid-sized enterprise.

Impact: Gained domain admin access through lateral movement, demonstrating need for network segmentation

MetasploitResponderImpacketBloodHound
Get In Touch
Platforms

Tools & Platforms

HackerOne

Leading bug bounty platform with enterprise clients and high-value programs

Status

Ranked

Bugcrowd

Crowdsourced security platform connecting researchers

Status

Active

TryHackMe

Hands-on cybersecurity learning platform

Status

Rooms Completed: 50+

Completed offensive security paths
Web exploitation specialist badge
Network security certifications

Hack The Box

Advanced penetration testing laboratory

Status

HTB Rank: Hacker

Core Security Tools

Burp Suite
Metasploit
SQLmap
Nmap
Nikto
Nessus
OWASP ZAP
Wireshark
John the Ripper
Hashcat
Hydra
Aircrack-ng

Framework Knowledge

Proficient with MITRE ATT&CK framework for threat modeling and adversary simulation. Familiar with OWASP testing guide and PTES methodology for comprehensive security assessments.

Credentials

Certifications

2024

Certified Ethical Hacker (CEH)

WsCubeTech

Comprehensive certification covering ethical hacking methodologies, footprinting, reconnaissance, and network penetration testing.

View PDF
2024

Certified Penetration Tester

WsCubeTech

Hands-on penetration testing certification with focus on real-world attack scenarios and vulnerability exploitation.

View PDF
2024

Web Security Specialist

TryHackMe

Advanced web application security certification covering OWASP Top 10, XSS, SQL Injection, and web penetration testing techniques.

2024

Computer Science and Engineering(Under Learning)

B.V.V.S S.R.Vastrad Rural Polytechnic, Guledagudd

The CSE diploma provides both theoretical knowledge and practical skills in areas like programming, computer systems, networking, and software development. It emphasizes hands-on learning through labs, projects, and internships.

Currently Pursuing

Pentest (Penetration Test)

Interactive

CyberTerminal

CyberTerminal v3.0
➜ shreyas@portfolio:~$

Type help for commands • scan target.com for demo • exploit xss for exploitation

Contact

Get In Touch

Interested in collaborating on security projects, discussing bug bounty opportunities, or just want to talk cybersecurity? Feel free to reach out.

0/200
0/1000

Frequently Asked Questions