Selected real-world assessments and operations.
Red team style assessment · LLM / AI security
Evaluated a LLM assistant for prompt injection, jailbreaks, data exfiltration and tool abuse. Executed practical attack chains end-to-end.
Web pentest
End-to-end VAPT on a multi-tenant SaaS. Focused on authentication, authorization and business-logic abuse — not just scanner noise.
Where I break my own stuff first — all offensive-focused.
Full domain environment built to practise end-to-end kill chains — initial access, internal recon, lateral movement, privilege escalation and domain compromise.
Intentionally vulnerable web app target for systematic web pentesting practice — from recon to authenticated exploitation, methodically covering the OWASP Top 10.
A complete phishing engagement built from scratch — OSINT to credential capture to report. Covers the full attacker workflow across infrastructure, tooling, evasion and social engineering.
End-to-end AWS penetration testing lab covering enumeration, exploitation and privilege escalation across core cloud services using real-world attack tooling.
Validated skills — not just lab badges.
Hands-on SOC operations, incident handling, alert triage and detection engineering.
Broad cybersecurity foundation — threats, architecture, implementation and operations.
Systematic web app security testing — covering different vulnerabilities.
Practical phishing simulation design, execution and detection — from attacker perspective.
Cloud attack surface enumeration and exploitation techniques on AWS environments.
API design, testing, automation and security fundamentals via the Postman platform.
Turning real attack paths and client lessons into knowledge.
A deep dive into Model Context Protocol — attack surfaces it exposes and how security teams should approach MCP.
read article →Behind the scenes of a real LLM pentest — methodology, vulnerabilities found and key takeaways from a live client engagement.
read article →Crafting effective YARA rules — syntax deep dive and applying rule-based detection in real SOC environments.
read article →Foundational frameworks powering modern threat intel — MITRE ATT&CK, Diamond Model and more.
read article →How a SOC analyst systematically dissects and triages phishing email alerts — because APTs exploit humans first.
read article →Reconnaissance, understanding API contracts, and identifying common vulnerabilities from the ground up.
read article →Things that say "this isn't just a lab hobby".
Delivered a talk on Cloud Pentesting: Recon to Exploitation at InfraSec Village, India's largest security conference.
Co-founded and led BNMIT's cybersecurity club — organising CTFs, workshops and technical events to build campus security culture.
Shared knowledge on application security and offensive techniques at Null and OWASP Bangalore chapter meetups.
Published 10+ technical articles covering web security, API hacking, SOC analysis, YARA, threat intel and AI/LLM security.
Earned the Practical SOC Analyst Associate certification, validating hands-on SOC operations and incident handling skills.
Early practitioner in LLM/AI security — real-world client engagements.
Want me to break something (safely)?
I'm open to VAPT / red team roles, focused app, network assessments, mobile application and LLM/AI security. Happy to collaborate with in-house security teams or external consultancies.
Send me a target scope, constraints and timelines — we can talk about turning that into a realistic engagement.