Jun 2026
CodeAlpha Cybersecurity Internship โ Active
Selected for CodeAlpha Cyber Security Internship (July 2026). Completed Task 1: Network Packet Analyzer (Python + Scapy โ live traffic capture, protocol detection, HTTP analysis). Completed Task 3: Secure Code Review โ audited a vulnerable Flask app, identified 10 vulnerabilities with working PoC exploits (SQLi, Command Injection, Path Traversal, Insecure Deserialization, Broken Access Control, and more), built fully fixed secure version.
VULN-01 โ SQL Injection โ admin' -- login bypass
VULN-02 โ Command Injection โ uid=0(root) via ping endpoint
VULN-05 โ Insecure Deserialization โ pickle RCE as root
STATUS โ 10/10 vulns fixed. Pushed to GitHub.
Internship
Python
Secure Code Review
Jun 2026
DIVYASTRA โ AI Red-Teaming Framework
Built DIVYASTRA, an automated LLM prompt injection and jailbreak testing framework. Modular adapter architecture (Ollama, OpenAI-compatible APIs, Custom HTTP). 18 payloads across 6 attack categories mapped to OWASP LLM Top 10. Heuristic detection engine with confidence scoring. First real scan: 9/18 payloads flagged VULNERABLE โ DAN roleplay jailbreak leaked simulated system prompt. Published Medium article and open-sourced on GitHub.
AI Security
Tool Development
OWASP LLM Top 10
Jun 2026
TryHackMe โ [0xB] MASTER ยท Diamond League ยท Top 3% Global
Reached [0xB] MASTER rank on TryHackMe. Promoted to Diamond League. Top 3% worldwide. 54,000+ points, 88+ rooms completed, 14 badges including 4 Epic badges (Platinum League 1st 0.9%, Sapphire League 1st 0.8%, Defrosted Five 0.3%, Return of the Yeti 0.6%). 365+ day streak.
TryHackMe
Diamond League
Jun 2026
Garak (NVIDIA) โ LLM Security Scanner Analysis
Installed and ran NVIDIA's Garak LLM security scanner against llama3 via Ollama. Found 50+ vulnerabilities โ 100% success rate on ANSI escape probes. Identified key attack vectors: ANSI escape injection, hyperlink generation, green text rendering. Compared Garak (research-grade) vs DIVYASTRA (practical) โ distinct use cases confirmed.
AI Security
LLM Research
Jun 2026
Web Reconnaissance & Exposure Scanner v1.1
Designed and developed a modular Python-based reconnaissance platform capable of recursive website crawling, robots.txt discovery, security header assessment, sensitive endpoint detection, risk scoring, and automated JSON/CSV reporting. Multi-module architecture: crawler, analyzer, reporter, utils. Scanned python.org โ 50 pages, timestamped reports.
Python
Security Tool Development
May 2026
Inter-College CTF Techtrix '26 โ Top 10 Solo Finish
Competed alone as team Hack4Fun in a 24-hour inter-college CTF. Finished Top 10 with 1521 points against multi-member teams. Solved challenges across Web Exploitation, Cryptography, Steganography, Reverse Engineering and Forensics. 2nd place in prelims out of 54 teams.
CTF
Solo Competitor
May 2026
OverTheWire โ Bandit All 33 Levels + Natas 0โ25
Completed all 33 Bandit levels (Linux privilege escalation, SSH, SSL/TLS, cryptography). Progressed through Natas levels 0โ25 covering LFI, XOR cookie forgery, file upload RCE, SQLi automation, time-based blind SQLi, session ID brute forcing, and encoding reversal.
Linux Security
Web Exploitation
May 2026
PortSwigger Web LLM Attacks โ All 8/8 Complete (Apprentice to Expert)
Completed the full Web LLM Attacks curriculum. Exploited LLM APIs for excessive agency, OS command injection through LLM, indirect prompt injection + RAG poisoning, XSS + indirect prompt injection chained (iframe payload), SSRF + AI agent + indirect prompt injection, fake vuln report triggering CSRF on /my-account/delete, jailbreak leaking API key, and bypassing AI scanner defenses via "redaction test" reframing.
Web LLM Security
Expert Level
May 2026
PortSwigger Business Logic โ Complete (Apprentice to Expert)
Completed all Business Logic labs. Expert lab: UTF-7 encoded email parser differential attack โ validator sees @ginandjuice.shop, mail server decodes to attacker address. 5 hours of independent research. Carlos deleted.
VECTOR โ UTF-7 encoded email address parsing discrepancy
METHOD โ Validator sees @ginandjuice.shop, mail server decodes to attacker
SOLVED โ Admin access achieved. Carlos deleted.
Web Security
Expert Level
May 2026
PortSwigger XXE โ Complete + Expert Lab
Completed full XXE curriculum including Expert blind XXE โ local DTD repurposing to exfiltrate /etc/passwd via error messages without Burp Collaborator. Also solved XInclude bypass and SVG file upload XXE.
VECTOR โ Local DTD repurposing via parameter entities
TARGET โ /etc/passwd via /usr/share/yelp/dtd/docbookx.dtd
SOLVED โ No Burp Collaborator required
Web Security
Expert Level
May 2026
Gandalf AI Prompt Injection โ All 8 Levels Complete
Completed all 8 levels of Lakera's Gandalf challenge including Gandalf the White. Used acrostic poetry technique to extract the final password, then reconstructed remaining characters through permutation and combination. Top 8% worldwide.
AI Red Teaming
Apr 2026
Real-World Network Vulnerability Assessment
Identified critical security exposures on a live production network. Produced a professional-grade security report and formally disclosed to administrators โ not exploited.
CRIT โ Database services exposed to public internet
HIGH โ Credentials transmitted in plaintext (FTP/POP3/IMAP)
DISCLOSED โ Reported responsibly. Not exploited.
Vulnerability Research
2026
Deloitte Forage โ Commendation for Outstanding Work
Received commendation for outstanding performance on Deloitte Australia Cybersecurity Job Simulation. Also completed EY Technology Risk and TATA Cybersecurity Analyst Forage simulations with commendations. IBM SkillsBuild certificate. HackerDNA Rank #475.
Certification