Skip to content
View cazy8's full-sized avatar
🎯
Focusing
🎯
Focusing
  • Thakur College of Engineering & Technology
  • Mumbai
  • LinkedIn in/h4rshg

Highlights

  • Pro

Block or report cazy8

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
cazy8/README.md

Header

Typing SVG

TCET Mumbai Location

Portfolio LinkedIn Email GitHub

Profile Views Followers Stars


πŸ” About Me

Name:       Harsh Gupta
Location:   Mumbai, India
Education:  B.E. Computer Science & Engineering (Cybersecurity), TCET β€” CGPA 8.8/10 after SEM-6
Focus:      Application Security | VAPT | Red Teaming | Bug Bounty
Mindset:    Break it, understand it, report it, fix it.

I'm a cybersecurity undergraduate and full-stack-curious tech enthusiast who spends most days somewhere between Burp Suite and a code editor. My core lane is application security β€” but I like understanding the entire stack I'm attacking, which is why I also build web applications and tinker with cloud infrastructure on the side.

On the offense side, I've run web, API, and network penetration tests end-to-end β€” recon, exploitation, post-exploitation, CVSS-based triage β€” across live consultancy engagements, mapping red-team exercises back to MITRE ATT&CK. I dig into OAuth 2.0 / SAML / OIDC token-handling weaknesses, container misconfigurations, and privacy/GDPR gaps that most scanners miss.

On the build side, I write web apps to understand how the things I'm testing are actually put together, and I'm increasingly comfortable across AWS and Azure β€” provisioning environments, hardening configs, and finding the misconfigurations before an attacker does. I compete in CTFs to keep my offense sharp, and build my own tooling β€” from a Docker/Linux misconfiguration scanner to an ML-based Network Intrusion Detection System β€” whenever I want to go deeper than a write-up.

Open To:
  - Application Security / VAPT internships & full-time roles
  - Web development & cloud-adjacent security projects
  - Bug bounty collaboration & mentorship exchanges
  - Open source contributions across security & dev tooling

πŸ› οΈ Tech Stack

Languages Python JavaScript Bash SQL

Frontend HTML5 CSS3 React Tailwind CSS

Backend & Databases Node.js Flask MongoDB MySQL

Cloud, DevOps & Containers AWS Azure Docker Kubernetes Linux Git

Offensive Security & Auth OWASP OAuth2 MITRE ATT&CK

Security Tools Burp Suite Nmap Metasploit Wireshark

Skill Icons


🧠 AppSec / Offensive Security Expertise

Domain Proficiency Details
Web & API Penetration Testing Advanced Injection, broken auth, IDOR, business-logic flaws β€” OWASP Top 10 mapped
Vulnerability Scoring & Triage Advanced CVSS-based severity scoring to prioritize remediation
Auth Protocol Security Advanced OAuth 2.0 / SAML / OIDC β€” token hijacking, open redirect, SSRF patterns
Red Teaming & MITRE ATT&CK Intermediate Recon β†’ exploitation β†’ post-exploitation mapped to attacker TTPs
Cloud & Container Security Intermediate AWS IAM/S3 misconfig, Docker/Kubernetes hardening, CIS Benchmark checks
Network Security & Traffic Analysis Intermediate TCP/IP, packet analysis, anomaly & intrusion detection
Security Automation Intermediate Bash/Python tooling for scanning, CI/CD-integrated security checks
AI/ML for Security Detection Developing ML-based traffic classification, adversarial robustness exploration

πŸš€ Featured Projects

🐳 Docker Security Scanner

Automated Bash-based security scanner that audits Docker containers and Linux hosts for misconfigurations, privilege escalation paths, and exposed secrets β€” built to catch insecure defaults before they reach production in microservices environments.

Category Detail
Stack Bash, Linux, Docker, Security Automation
Scale Single-host & multi-container scan sessions
Performance Lightweight shell-based checks, minimal runtime overhead
Security Checks modeled on CIS Docker Benchmark controls
Impact Surfaces insecure defaults pre-deployment, reducing container attack surface
Repository GitHub β†’
πŸ›‘οΈ AI-Based Network Intrusion Detection System

Python-based IDS that parses and classifies network traffic using ML models to flag anomalous behavior indicative of intrusions or lateral movement, with exploration into adversarial robustness for AI/ML-driven security detection.

Category Detail
Stack Python, Random Forest, XGBoost, Decision Tree, Streamlit
Scale Multi-class traffic classification (DDoS, Port Scan, Bot, Brute Force)
Performance Evaluated across multiple ML models for detection accuracy
Security Explores adversarial input handling and model robustness
Impact Detects lateral movement & intrusion patterns from raw traffic
Repository GitHub β†’
πŸ•ΈοΈ Live SSH/Telnet Honeypot β€” Azure Threat Intelligence

Deployed a live SSH/Telnet honeypot on Microsoft Azure using Cowrie and Fail2ban to capture real-world attacker behavior β€” credentials, commands, and geolocation data β€” for threat intelligence analysis.

Category Detail
Stack Cowrie, Fail2ban, Microsoft Azure, Linux
Scale Internet-facing honeypot, continuous live capture
Performance Fail2ban IPS layered for automated blocking of repeat attackers
Security Isolated honeypot environment to safely observe attacker TTPs
Impact Real-world attack pattern & credential dataset for threat intel
Repository GitHub β†’

πŸ’Ό Experience

VAPT Intern CyberSRC Consultancy Β· Aug 2025 – Oct 2025

  • Performed web, API, and network penetration testing using Burp Suite, OWASP ZAP, and Nmap
  • Identified OWASP Top 10 issues (injection, broken auth, IDOR) and scored findings via CVSS to prioritize remediation
  • Assessed OAuth 2.0 / token-handling weaknesses; collaborated with engineering teams to validate fixes
  • Used SQLmap, Hydra, and Metasploit across exploitation scenarios

Burp Suite OWASP ZAP Nmap SQLmap Metasploit CVSS OAuth 2.0

Ethical Hacking & Cybersecurity Intern Netrinix Academy Β· Oct 2025 – Nov 2025

  • Executed red-team engagements (recon, exploitation, post-exploitation) mapped to MITRE ATT&CK
  • Audited network infrastructure and containerized environments for misconfigurations
  • Findings used to inform incident response improvements

Red Teaming MITRE ATT&CK Network Security Container Security


πŸ† Achievements

Recognition Details
πŸ₯‡ Global Rank #16 β€” Black Hat USA CTF 2025 (Bugcrowd) International CTF competition
πŸ₯ˆ Global Rank #5 β€” REDFOX CTF 2026 International CTF competition
πŸŽ–οΈ Rank #33 Nationwide β€” Pentathon 2025 CTF Hosted by NCIIPC (Govt. of India)
πŸ… 1st Runner-Up β€” OWASP CTF 2025 Thakur College of Engineering
πŸ… Rank #5 β€” CyberTEA-3.0 CTF Hosted by IIIT Sri City
πŸ… Rank #6 β€” LNMHacks 8.0 CTF National-level CTF
πŸ’° Bug Bounty β€” GDPR/Privacy Finding (Rewarded) Pre-consent tracking cookie vuln, $20 bounty

πŸ“œ Certifications

Offensive Security CNSP Redfox

TryHackMe Jr Pentester SEC1

Cloud & Networking Aviatrix


πŸ“Š GitHub Analytics


πŸ… GitHub Trophies


πŸ“ˆ Contribution Activity


🐍 Contribution Snake


🎯 Current Focus

Learning:
  - Advanced exploitation techniques for auth flows (OAuth/SAML/OIDC)
  - Cloud security posture management on AWS & Azure
  - Modern full-stack development (React, Node.js)

Building:
  - CIS-benchmark-driven container security scanner (Bash)
  - ML-based network intrusion detection pipelines
  - Small full-stack web apps to sharpen dev fundamentals

Exploring:
  - Bug bounty programs on HackerOne / Bugcrowd
  - Mobile application penetration testing (Android)
  - Cloud-native security (Docker, Kubernetes, IAM hardening)

Open To:
  - AppSec / VAPT internships & placement opportunities
  - Web development & cloud-security-adjacent projects
  - CTF teams and security research exchanges

πŸ“« Connect

Gmail LinkedIn GitHub Portfolio


"Every endpoint has a story β€” my job is to find it before someone with worse intentions does."

Footer

--> -->

Popular repositories Loading

  1. KHARCHA--expense-tracker KHARCHA--expense-tracker Public

    Voice-powered expense tracker built with React, Material-UI, Chart.js and Speechly AI. Track income, expenses and budgets with real-time charts and voice commands. Privacy-first, zero backend.

    1

  2. honey-pot-server honey-pot-server Public

    Live SSH/Telnet honeypot deployed on Microsoft Azure with Cowrie and Fail2ban IPS. Captures real-world attack patterns, credentials, and attacker geolocations for threat intelligence analysis.

    1

  3. Hotel-Management-System-Mern-Stack Hotel-Management-System-Mern-Stack Public

    Full-stack Hotel Management System with 6 integrated modules -- rooms, bookings, employees, payroll, inventory & suppliers. MERN Stack with JWT auth, PDF exports, and Selenium E2E tests.

    JavaScript 1

  4. AI-Based-Network-Intrusion-Detection-System AI-Based-Network-Intrusion-Detection-System Public

    πŸ›‘οΈ AI-powered Network Intrusion Detection System β€” Detects cyberattacks (DDoS, PortScan, Bot, Brute Force) in network traffic using Random Forest, XGBoost & Decision Tree. Built with Python, Stream…

    Python 1

  5. cazy8 cazy8 Public

    1

  6. CollabIT CollabIT Public

    HTML 1