β οΈ All research conducted ethically under Coordinated Vulnerability Disclosure (CVD) frameworks. Do not attempt to replicate on unauthorized systems.
| π΄ STATUS | CVE ID | TARGET | SEVERITY | CLASS |
|---|---|---|---|---|
β³ PENDING |
CVE-XXXX-XXXXX |
Kotori ICS/SCADA | π΄ CRITICAL | Unauthenticated Telemetry Data Poisoning |
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [ EXPLOIT CHAIN ANALYSIS β KOTORI ] β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β β
β TARGET : Kotori ICS/SCADA Framework β
β VECTOR : Unauthenticated HTTP Endpoint β
β TECHNIQUE : Telemetry Data Injection β Sensor Value Falsification β
β IMPACT : Critical Infrastructure Disruption / False Sensor Data β
β DISCLOSE : Coordinated Vulnerability Disclosure (CVD) β
β CREDIT : β
Official Contributor Credit Received β
β CVE ID : Pending Assignment by NVD β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
β RECON βββββΆβ WEAPON βββββΆβ DELIVER βββββΆβ EXPLOIT βββββΆβ PERSIST βββββΆβ EXFIL β
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
β OSINT β β Zero-Day β β Social β βAuth Byp. β β RADIUS β βData Drainβ
β Nmap β β HW Implntβ β Delivery β β SCADA/OT β β Backdoor β β C2 Comms β
β Shodan β β Exploits β β Phishing β β ICS/PLC β β Persist β β Loot Out β
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
| π WEB APPLICATION | π‘ HARDWARE & EMBEDDED | π ICS / SCADA | π NETWORK & AUTH |
|---|---|---|---|
| OWASP Top-10 | Flipper Zero | Modbus / DNP3 | RADIUS / AAA |
| SQL Injection | RF Replay Attacks | Telemetry Poisoning | Wi-Fi Deauth |
| Auth Bypass / IDOR | NFC Cloning | PLC Exploitation | MITM Attacks |
| XXE / SSRF / RCE | RFID Spoofing | Kotori Framework | Session Hijacking |
| LFI / RFI | BadUSB / JTAG | OT Network Recon | Cred Harvesting |
π± ROOT LOCK SCREEN BYPASS Β βΒ [Android Security]
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OPERATION : DROID BYPASS β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β TARGET : Rooted Android Devices β
β VECTOR : Privilege Escalation via Root Shell β
β METHOD : Scripted Lock Screen Bypass β
β IMPACT : Full Device Access β No Auth Required β
β LESSON : Root access = broken security model β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Script demonstrating privilege escalation on rooted Android devices, exposing fundamental weaknesses in Android's security model when root is present. Full PoC with documentation.
π CYRAD β ENTERPRISE RADIUS AUTH SYSTEM Β βΒ [Network Auth / AAA]
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OPERATION : CYRAD DEPLOYMENT β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β SYSTEM : CYRAD β Custom RADIUS Auth Platform β
β BUILD : Designed & built from scratch β
β FEAT 1 : Per-user data limits & quota enforce β
β FEAT 2 : Real-time session monitoring (AAA) β
β CLIENT : Cyndia Cyberspace LLP β
β RESULT : β
Letter of Recommendation Awarded β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Enterprise-grade Authentication, Authorization, and Accounting (AAA) system. Built for production deployment with real-time data cap enforcement and live session management.
π ORIGIN IP DISCOVERY TOOL Β βΒ [OSINT / Recon]
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OPERATION : UNMASK β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β TARGET : CDN-protected web applications β
β VECTOR : Origin IP unmasking (Cloudflare/CDN) β
β METHOD : Multi-vector recon + DNS enum β
β PURPOSE : Expose true origin β bypass WAF/CDN β
β USE CASE : Penetration testing recon phase β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Automates origin IP discovery behind Cloudflare and reverse proxies. Used in pen tests to identify and attack the true origin server, bypassing CDN/WAF protections entirely.
π‘ FLIPPER ZERO 5-IN-1 EXTENSION BOARD Β βΒ [Hardware Hacking]
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OPERATION : HARDWARE KRAKEN β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β HARDWARE : Custom Flipper Zero PCB Extension β
β CAP 1 : RF Replay + Sub-GHz attacks β
β CAP 2 : NFC cloning + RFID spoofing β
β CAP 3 : Physical bypass + BadUSB β
β PURPOSE : Red team physical security assessment β
β STATUS : Built, assembled & field-tested β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Custom 5-in-1 PCB extension board for Flipper Zero β dramatically expanding RF, NFC, RFID, and physical attack capability for real-world red team operations.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [OP-001] KUBOTOR β Bug Bounty Hunter (Intern) β
β TIMELINE : Sep 2025 β Jan 2026 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β [+] Executed structured penetration tests across multiple live targets β
β [+] Chained vulnerabilities for maximum-impact proof-of-concept β
β [+] Responsible disclosure pipeline β full exploit documentation β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [OP-002] CYNDIA CYBERSPACE LLP β Security Analyst (Intern) β
β TIMELINE : May 2025 β Jul 2025 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β [+] Architected CYRAD from zero β enterprise RADIUS authentication β
β [+] Per-user quota enforcement + real-time session monitoring β
β [+] Awarded Letter of Recommendation for exceptional delivery π
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| DOMAIN | SKILL | THREAT LEVEL |
|---|---|---|
| π Web App Pentesting | Burp Suite / OWASP | ββββββββββββ ADVANCED |
| π‘ Hardware Hacking | Flipper Zero / RF / RFID | ββββββββββββ PROFICIENT |
| π ICS / SCADA | Kotori / Modbus / OT | ββββββββββββ ADVANCED |
| π Network / Auth | RADIUS / AAA / MITM | ββββββββββββ ADVANCED |
| π Python Scripting | Exploit Dev / Automation | ββββββββββββ PROFICIENT |
| π OSINT / Recon | Shodan / DNS / Nmap | ββββββββββββ ADVANCED |
| πΎ Forensics | Digital Evidence / Analysis | ββββββββββββ INTERMEDIATE |
| π§© CTF | Capture The Flag | ββββββββββββ PROFICIENT |
| π CERTIFICATION | ποΈ ISSUER | π― DOMAIN |
|---|---|---|
| Cyber Security & Privacy | NPTEL | Defensive & Offensive SecOps |
| Computer Networks & Internet Protocol | NPTEL | Network Architecture |
| SQL Injection Attack | EC-COUNCIL | Web Application Exploitation |
| PHP & MySQL | IIT Bombay | Backend Development |
| H4CKP13T 0X01 | International CTF | Capture The Flag |
| PHANTOM FLAB | CTF Event | Capture The Flag |
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OPEN TO ENGAGEMENTS β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
Freelance Penetration Testing Assessments β
β β
Bug Bounty Collaborations & Joint Research β
β β
Security Research Internships β
β β
Full-Time Offensive Security Roles β
β β
CVE Coordination & Responsible Disclosure β
β β
Red Team Operations & Hardware Hacking β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ

