Name: Harsh Gupta
Location: Mumbai, India
Education: B.E. Computer Science & Engineering (Cybersecurity), TCET β CGPA 8.8/10 after SEM-6
Focus: Application Security | VAPT | Red Teaming | Bug Bounty
Mindset: Break it, understand it, report it, fix it.
I'm a cybersecurity undergraduate and full-stack-curious tech enthusiast who spends most days somewhere between Burp Suite and a code editor. My core lane is application security β but I like understanding the entire stack I'm attacking, which is why I also build web applications and tinker with cloud infrastructure on the side.
On the offense side, I've run web, API, and network penetration tests end-to-end β recon, exploitation, post-exploitation, CVSS-based triage β across live consultancy engagements, mapping red-team exercises back to MITRE ATT&CK. I dig into OAuth 2.0 / SAML / OIDC token-handling weaknesses, container misconfigurations, and privacy/GDPR gaps that most scanners miss.
On the build side, I write web apps to understand how the things I'm testing are actually put together, and I'm increasingly comfortable across AWS and Azure β provisioning environments, hardening configs, and finding the misconfigurations before an attacker does. I compete in CTFs to keep my offense sharp, and build my own tooling β from a Docker/Linux misconfiguration scanner to an ML-based Network Intrusion Detection System β whenever I want to go deeper than a write-up.
Open To:
- Application Security / VAPT internships & full-time roles
- Web development & cloud-adjacent security projects
- Bug bounty collaboration & mentorship exchanges
- Open source contributions across security & dev tooling
| Domain | Proficiency | Details |
|---|---|---|
| Web & API Penetration Testing | Advanced | Injection, broken auth, IDOR, business-logic flaws β OWASP Top 10 mapped |
| Vulnerability Scoring & Triage | Advanced | CVSS-based severity scoring to prioritize remediation |
| Auth Protocol Security | Advanced | OAuth 2.0 / SAML / OIDC β token hijacking, open redirect, SSRF patterns |
| Red Teaming & MITRE ATT&CK | Intermediate | Recon β exploitation β post-exploitation mapped to attacker TTPs |
| Cloud & Container Security | Intermediate | AWS IAM/S3 misconfig, Docker/Kubernetes hardening, CIS Benchmark checks |
| Network Security & Traffic Analysis | Intermediate | TCP/IP, packet analysis, anomaly & intrusion detection |
| Security Automation | Intermediate | Bash/Python tooling for scanning, CI/CD-integrated security checks |
| AI/ML for Security Detection | Developing | ML-based traffic classification, adversarial robustness exploration |
π³ Docker Security Scanner
Automated Bash-based security scanner that audits Docker containers and Linux hosts for misconfigurations, privilege escalation paths, and exposed secrets β built to catch insecure defaults before they reach production in microservices environments.
| Category | Detail |
|---|---|
| Stack | Bash, Linux, Docker, Security Automation |
| Scale | Single-host & multi-container scan sessions |
| Performance | Lightweight shell-based checks, minimal runtime overhead |
| Security | Checks modeled on CIS Docker Benchmark controls |
| Impact | Surfaces insecure defaults pre-deployment, reducing container attack surface |
| Repository | GitHub β |
π‘οΈ AI-Based Network Intrusion Detection System
Python-based IDS that parses and classifies network traffic using ML models to flag anomalous behavior indicative of intrusions or lateral movement, with exploration into adversarial robustness for AI/ML-driven security detection.
| Category | Detail |
|---|---|
| Stack | Python, Random Forest, XGBoost, Decision Tree, Streamlit |
| Scale | Multi-class traffic classification (DDoS, Port Scan, Bot, Brute Force) |
| Performance | Evaluated across multiple ML models for detection accuracy |
| Security | Explores adversarial input handling and model robustness |
| Impact | Detects lateral movement & intrusion patterns from raw traffic |
| Repository | GitHub β |
πΈοΈ Live SSH/Telnet Honeypot β Azure Threat Intelligence
Deployed a live SSH/Telnet honeypot on Microsoft Azure using Cowrie and Fail2ban to capture real-world attacker behavior β credentials, commands, and geolocation data β for threat intelligence analysis.
| Category | Detail |
|---|---|
| Stack | Cowrie, Fail2ban, Microsoft Azure, Linux |
| Scale | Internet-facing honeypot, continuous live capture |
| Performance | Fail2ban IPS layered for automated blocking of repeat attackers |
| Security | Isolated honeypot environment to safely observe attacker TTPs |
| Impact | Real-world attack pattern & credential dataset for threat intel |
| Repository | GitHub β |
VAPT Intern CyberSRC Consultancy Β· Aug 2025 β Oct 2025
- Performed web, API, and network penetration testing using Burp Suite, OWASP ZAP, and Nmap
- Identified OWASP Top 10 issues (injection, broken auth, IDOR) and scored findings via CVSS to prioritize remediation
- Assessed OAuth 2.0 / token-handling weaknesses; collaborated with engineering teams to validate fixes
- Used SQLmap, Hydra, and Metasploit across exploitation scenarios
Burp Suite OWASP ZAP Nmap SQLmap Metasploit CVSS OAuth 2.0
Ethical Hacking & Cybersecurity Intern Netrinix Academy Β· Oct 2025 β Nov 2025
- Executed red-team engagements (recon, exploitation, post-exploitation) mapped to MITRE ATT&CK
- Audited network infrastructure and containerized environments for misconfigurations
- Findings used to inform incident response improvements
Red Teaming MITRE ATT&CK Network Security Container Security
| Recognition | Details |
|---|---|
| π₯ Global Rank #16 β Black Hat USA CTF 2025 (Bugcrowd) | International CTF competition |
| π₯ Global Rank #5 β REDFOX CTF 2026 | International CTF competition |
| ποΈ Rank #33 Nationwide β Pentathon 2025 CTF | Hosted by NCIIPC (Govt. of India) |
| π 1st Runner-Up β OWASP CTF 2025 | Thakur College of Engineering |
| π Rank #5 β CyberTEA-3.0 CTF | Hosted by IIIT Sri City |
| π Rank #6 β LNMHacks 8.0 CTF | National-level CTF |
| π° Bug Bounty β GDPR/Privacy Finding (Rewarded) | Pre-consent tracking cookie vuln, $20 bounty |
Learning:
- Advanced exploitation techniques for auth flows (OAuth/SAML/OIDC)
- Cloud security posture management on AWS & Azure
- Modern full-stack development (React, Node.js)
Building:
- CIS-benchmark-driven container security scanner (Bash)
- ML-based network intrusion detection pipelines
- Small full-stack web apps to sharpen dev fundamentals
Exploring:
- Bug bounty programs on HackerOne / Bugcrowd
- Mobile application penetration testing (Android)
- Cloud-native security (Docker, Kubernetes, IAM hardening)
Open To:
- AppSec / VAPT internships & placement opportunities
- Web development & cloud-security-adjacent projects
- CTF teams and security research exchanges--> -->