Capture The Flag (CTF) Challenge Development & Competition Support
Designed and developed hands-on Capture The Flag (CTF) challenges for cybersecurity competitions, covering multiple domains such as web exploitation, cryptography, reverse engineering, OSINT, forensics, and binary exploitation. Assisted in planning, testing, and hosting the competition to ensure a smooth participant experience.
Responsibilities:
Created original CTF challenges with varying difficulty levels
Developed flags, hints, and challenge validation
Tested challenges for stability and fairness
Assisted with competition infrastructure and event support
Prepared write-ups and solutions for post-event learning
Outcome: Successfully contributed to a well-organized CTF event that provided participants with practical, real-world cybersecurity challenges and an engaging learning experience.
0
8
Mobile Application Penetration Testing (VAPT)
Conducted a comprehensive Mobile Application Penetration Test to assess the security of Android/iOS applications and their backend APIs. Identified and validated multiple Critical and High-risk vulnerabilities through manual and automated testing.
Scope of Work:
OWASP Mobile Top 10 testing
Authentication & authorization testing
API security assessment
Insecure data storage analysis
SSL/TLS & certificate pinning validation
Session management and business logic testing
Professional VAPT reporting with PoC and remediation guidance
Outcome: Delivered a detailed VAPT report with verified findings, business impact analysis, proof of concept (PoC), and prioritized remediation recommendations to help improve the application's security and resilience against real-world attacks.
0
12
Web Application Vulnerability Assessment & Penetration Testing (VAPT)
Performed a comprehensive Web Application VAPT to identify and validate security vulnerabilities through manual and automated testing. The assessment uncovered multiple Critical and High-risk vulnerabilities that could lead to unauthorized access, data exposure, and business impact.
Scope of Work:
OWASP Top 10 security testing
Authentication & authorization testing
API security assessment
Session management analysis
Business logic testing
Manual exploitation and validation
Professional VAPT reporting with risk ratings, PoC, and remediation guidance
Outcome: Delivered an executive-level security report containing verified findings, proof of concept (PoC), business impact analysis, and actionable remediation recommendations, enabling the client to strengthen their overall security posture.
1
50
Account Takeover (ATO) via Token Vulnerability
Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials.
Key Findings:
Weak token validation
Missing session/device binding
No token expiration or rotation
Impact: Unauthorized account access, financial data exposure, and fraud risk.
Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.