Sr. Security Consultant at NetSPI · Hacker Side at Black Hat India · Chapter Lead at OWASP Chandigarh
I break things for a living — responsibly. From Web and API flaws to AI/ML attack surfaces, I specialize in finding what others miss and building open-source tools that make the community sharper. I've authored multiple CVEs, been recognized across government and enterprise Hall of Fames worldwide, and published security research.
| Organization | Type |
|---|---|
| 🇮🇳 CERT-In (Indian Computer Emergency Response Team) | Hall of Fame |
| 📡 Federal Communications Commission — US Government | Hall of Fame |
| 📱 Nokia | Hall of Fame |
| 🔧 MediaTek | Hall of Fame |
| 🌿 Wageningen University & Research | Hall of Fame |
| 🛒 Healthy Supplies | Hall of Fame |
| (+ more not listed here) | Recognition Letters |
CVEs Authored:
CVE-2021-27539·CVE-2022-33041·CVE-2021-27295·CVE-2021-27296·CVE-2021-27190· and more
Built because I needed them. Free because you deserve them.
🤖 AI / ML Security
| Tool | What it does |
|---|---|
| LLM Injector |
Burp Suite extension for automated LLM prompt injection testing — one of the first of its kind |
| AI/ML Pentest Roadmap |
Zero-to-practitioner curriculum for AI/ML security — structured, free, and comprehensive |
🕵️ Recon & OSINT
| Tool | What it does |
|---|---|
| The Time Machine |
Mines Wayback Machine snapshots to surface forgotten endpoints, subdomains, and buried secrets — got me into CERT-In HOF |
| WayBackLister |
Discovers exposed directory listings through archived Wayback Machine URLs |
| WayBackup Finder |
Hunts for leaked backup files and sensitive data in historical snapshots |
| CloudFail v2 | Finds real IPs behind Cloudflare — rebuilt from scratch because the original was broken |
| Project Dork | Curated Google Dorks for serious OSINT operations |
🔎 Vulnerability Research
| Tool | What it does |
|---|---|
| ThreatTracer |
Feed it a component name and version — get CVEs and public exploits back instantly |
| CVE Seeker | Fast, clean CVE lookup and related exploit search |
| JIRA"YA | Scans JIRA instances for misconfigurations and unauthenticated data exposure |
| DKIM Lookup | Verifies DKIM records for email security audits |
⚔️ Exploitation & CTF
| Tool | What it does |
|---|---|
| CrossInjector | End-to-end automated XSS payload testing framework |
| What The Cipher | Cipher identification and decryption toolkit for CTF challenges |
📄 "AI: Perilous Threat to Both Physical and Cyber Worlds" — JETIR
Explores how AI simultaneously empowers defenders and weaponizes attackers — published before it was a trending topic.
✍️ Recent articles on Medium:
- I Built a Burp Suite Extension to Automate LLM Prompt Injection Testing
- How "The Time Machine v3.0" Landed Me in the CERT-In Hall of Fame
- CloudFail v2: Finding the Real IP Behind Cloudflare
- GraphQL Pentest Checklist for Bug Bounty Hunters
All tools are for authorized testing and educational use only · MIT License