I dissect systems at the protocol level — API auth flows, Azure misconfigs, attack-surface intel — and build offensive tooling that simulates realistic adversary behavior. Recruiter-clean, blue-team-aware, red-team-deep.
Offensive mindset, infrastructure-deep, recruiter-clean. No filler, no fluff.
I specialize in offensive security, cloud infrastructure defense, and adversarial testing across modern web ecosystems. My work focuses on API security, Azure security operations, authentication flaws, attack-surface analysis, and real-world exploitation workflows.
I enjoy dissecting systems at the protocol level — understanding misconfigurations, chaining primitives, and building offensive tooling that simulates realistic attacker behavior rather than running point-and-click scanners.
My approach combines:
No progress bars. The stack I actually reach for when there's a system to break or a vulnerability to chase.
Offensive engagements, internships, and self-driven research.
Bachelor of Technology · B.Tech, Computer Science and Engineering
Selected red-team, cloud-security, and recon-automation projects.
Python framework that discovers, fingerprints and enumerates REST/GraphQL endpoints from OpenAPI specs and live traffic — auto-classifies auth flows and surfaces high-risk methods.
Tooling that enumerates IAM role assignments, storage public-access exposure, and Defender posture gaps across an Azure tenant — outputs CVSS-scored findings.
Decodes, audits and fuzzes JWTs — detects weak signing algs, key-confusion vulnerabilities, expired-token replays and insecure claim usage in real authentication workflows.
Modular pipeline chaining subdomain enumeration, port scanning, tech-stack fingerprinting, and screenshot capture — designed for bug-bounty asset discovery at scale.
Burp Suite extension + standalone Python tool that maps web-app routes, classifies parameters by behavior, and surfaces probable injection points and IDOR candidates.
Sandboxed environment exploring known and theoretical container-breakout primitives — capability misuse, hostpath mounts, runc CVEs — with reproducible writeups for blue teams.
Battle-tested prompts I use with AI assistants for real offensive workflows — recon, API auditing, threat modeling, and report writing.
Certifications, learning paths, and program completions — grouped by domain.
// 50+ verified certifications · sourced from LinkedIn licenses_and_certifications
Numbers don't lie. Click through and verify.
Open for security engagements, freelance VAPT, cloud-security research, and bug bounty collaboration.
Pick your protocol.
Add a fine-grained GitHub token and every saved prompt commits to prompts.json on your repo.
Stored locally in your browser. Refresh-safe.