┌──(4bh1㉿kali)-[~]
└─$ whoami🛡️ Cybersecurity professional specializing in penetration testing and web application security. Ranked Top 6% globally on TryHackMe with hands-on experience in VAPT, red team labs, Python-based security automation, and real-world bug bounty findings — including a Critical RCE (CVSS 9.1) across multiple programs.
Name : Abhay Kumar
Role : Penetration Tester | Bug Bounty Hunter | Security Researcher
Education : BCA (AI & ML) — Maharishi Markandeshwar University (2024–2027)
Currently : Preparing for CPENT Certification
Open To : Bug Bounty Collaboration | Open Source Security Projects🔒 Program names are kept confidential per responsible disclosure policy.
| # | Vulnerability Type | Severity | Impact | Reward |
|---|---|---|---|---|
| 01 | Command Injection → Remote Code Execution (CVSS 9.1) | 🔴 Critical | Arbitrary shell command execution via unsanitized CLI params | $100 |
| 02 | Privilege Escalation via SECURITY DEFINER | 🔴 Critical | Billing manipulation, RLS bypass for arbitrary credit access | $100 |
| 03 | SSRF + Privilege Escalation via Path Traversal | 🟠 High | Server-Side Request Forgery in builder upload proxy | $50 |
| 04 | Path Traversal → Arbitrary File Write → Web Shell Upload | 🟠 High | RCE via unsanitized PHP API field enabling web shell | $30 |
| 05 | API Endpoint Injection + Unauthenticated MCP Access | 🟡 Medium | Unauthorized tool execution via exposed MCP endpoint | $20 + HoF |
| 06 | Path Traversal in SDK | 🟡 Medium | Management SDK path injection vulnerability | HoF |
| 07 | Data Sanitization Vulnerability | 🟡 Medium | Source code review — geocoding plugin data exposure | $50 |
| 08 | HTTP Parameter Pollution | 🟡 Medium | Geosearch service parameter manipulation | $50 |
| 09 | SSRF via Upload Proxy | 🟠 High | Internal network access through file upload endpoint | — |
| 10 | Privilege Escalation via Path Traversal | 🟠 High | Unauthorized access to restricted resources | — |
💰 Total Disclosed Earnings: $500+ | Hall of Fame: 2 Programs
Python · Flask · REST API · Multithreading
Automated web vulnerability scanner with a multithreaded scanning engine that detects SQL Injection, XSS, and Command Injection — complete with a structured REST-based HTML reporting dashboard.
✅ SQL Injection Detection
✅ XSS (Cross-Site Scripting) Detection
✅ Command Injection Detection
✅ Multithreaded Scanning Engine
✅ Automated HTML Reporting Dashboard
| Certification | Issuer |
|---|---|
| 🏅 Certified Social Engineering Defense Practitioner (CSEDP) | The SecOps Group |
| 🏅 Certified Red Team Operations Management (CRTOM) | — |
| 🏅 Certified Cybersecurity Educator Professional (CCEP) | — |
| 🏅 Certified Phishing Prevention Specialist (CPPS) | — |
| 🏅 Network Security Associate | OPSWAT Academy |
| 🏅 Web Traffic Protection Associate | OPSWAT Academy |
| 🏅 Cybersecurity Fundamentals Associate | OPSWAT Academy |
| 🏅 Career Essentials in Cybersecurity | Microsoft & LinkedIn |
| 🏅 Hands-On Penetration Testing | Infosys Springboard |
| 🌐 Hall of Fame (x2) | Multiple Bug Bounty Programs |
| 🔴 Top 6% Global Ranking | TryHackMe |
┌──(4bh1㉿kali)-[~/learning]
└─$ cat roadmap.txt- 🎯 CPENT (Certified Penetration Testing Professional) — Active exam prep
- 🔬 Advanced Exploit Development & Post-Exploitation Techniques
- ☁️ Cloud Security & AWS Penetration Testing
opportunities = [
"🐛 Bug Bounty Hunting (Web App, API, Source Code Review)",
"🔓 Open Source Security Tools & Automation",
"🏴 CTF Teams & Red Team Exercises",
"🛡️ Responsible Disclosure & Security Research",
]