Cybersecurity analyst and ethical hacker focused on vulnerability assessment, penetration testing, and blue team defence. Building hands-on industry experience through independent security research under SAIZERO β Ground Zero Defence (2024 β Present).
- π΄ Offensive: VAPT, Web App Security, OWASP Top 10, Android Malware Analysis
- π΅ Defensive: Wazuh SIEM, Honeypot Deployment, Log Analysis, Phishing Analysis, API Security
- π€ Research: ML-based Malware Detection, Network Forensics (Wireshark DPI)
- π Tools: Kali Linux, Burp Suite, Nuclei, XnLinkFinder, Nmap, Postman, androguard, scikit-learn, Cowrie, Wireshark
| Project | Description | Tools |
|---|---|---|
| NCSA-VDP-Assessment | Passive security assessment under NCSA Bug Bounty VDP β awarded Certificate of Appreciation | Burp Suite, Nuclei, XnLinkFinder, ffuf, Subfinder, curl, whatweb |
| Supply-Chain-Secret-Hunting | Bug bounty research β SSR framework token exposure β passive recon β CWE-798 β HackerOne VDP | curl, Burp Suite, grep, Kali |
| FUTURE_CS_01 | VAPT Report β OWASP Juice Shop β 7 vulnerabilities identified | ZAP, Nmap, Burp, Kali |
| FUTURE_CS_02 | Phishing Detection β 3 real samples β Gmail, Microsoft, XRP scams | Thunderbird, MXToolbox, VirusTotal |
| FUTURE_CS_03 | API Security Risk Analysis β OWASP crAPI β 9 vulnerabilities mapped to OWASP, CVE, MITRE | Postman, jwt.io, Mailhog, Docker |
| SAIZERO-Cowrie-Honeypot | Real-time SSH Honeypot β Cowrie + Wazuh SIEM + Wireshark DPI β Automated botnet confirmed | Cowrie, Wazuh, Wireshark, Kali |
| android-malware-analysis | Android Malware Detection β Static analysis + Random Forest ML β 100% malware recall | androguard, scikit-learn, Python, Kali |
| wazuh-nmap-detection | Real-time Nmap port scan detection β TCP, UDP, ICMP β Level 15 critical alerts | Wazuh SIEM, iptables, Kali |
| wazuh-homelab | Wazuh Manager & Agent homelab setup | Wazuh |
Independent vulnerability research under responsible disclosure programs. All findings reported via authorized VDP/bug bounty platforms. No production data accessed or modified.
Duplicate findings confirm the vulnerability was real and independently discovered using the same passive methodology.
| Finding | Class | Severity | Platform | Result |
|---|---|---|---|---|
| Security vulnerabilities identified across live production assets β RBAC failures, AI over-privilege, security misconfigurations β mapped to OWASP Top 10:2025 | CWE-862, CWE-1336, CWE-693 | π‘ Medium / Low | NCSA Bug Bounty VDP | Awarded Certificate of Appreciation |
CMS API token exposed in Nuxt.js SSR client-side state (window.__NUXT__) β read/write access to production dataset |
CWE-798 β Hard-coded Credentials | π΄ High | HackerOne VDP | Duplicate β Pre-validated |
- π Certificate of Appreciation β NCSA Bug Bounty Program (VDP) Β· May 2026 Β·
- π― CICSA β Certified IT Infrastructure & Cyber SOC Analyst Β· RedTeam Hacker Academy.
- π― TryHackMe β Active
- π― LetsDefend β Active
- π― Bugcrowd β Active
- π― HackerOne VDP β Active
SAIZERO β Ground Zero Defence CyberLycan β Every shadow has a hunter