-
Iโm Prakhar Porwal, an Offensive Security Researcher with 2+ years of hands-on experience identifying and exploiting security vulnerabilities in web applications and API platforms.
-
Recognized through coordinated disclosures and Hall of Fame acknowledgements. Holder of multiple CVE credits (2025 series).
-
Ranked in the Top 5% on TryHackMe.
-
Experienced in manual testing and building custom recon & automation tools using Python and Bash. Proficient with Burp Suite, Caido, Nuclei, FFUF, Metasploit, and OWASP Top 10 exploitation.
-
Participated in national-level VAPT exercises led by the Government of India, working on realistic Web, API, and OT security scenarios.
-
Reported and responsibly disclosed 100+ valid security vulnerabilities across large-scale production systems, resulting in security fixes across Fortune 500 and government organizations (confidential).
- HackerOne, Bugcrowd, & Private Programs: Reported 100+ Valid vulnerabilities, including zero-day exploits.
- Hall of Fame Recognition: Acknowledged for securing high-profile organizations, including Google, NASA, Sony, UN, Starbucks, Leetcode, DoD, Groww, Stanford University, Netherlands Government, and more.
- Advanced Exploitation Techniques: Developing custom attack methodologies to bypass security defenses (Bypassing ratelimits, Web Cache Deceptions).
- Onion Sites Deanonymizations: Research-focused deanonymization tool for investigating illegal dark web operations.
- Automation: Developing custom automation tools for vulnerability scanning and exploitation (Python, Bash).
- Security Contributions: Holder of multiple CVE credits - CVE-2025-64489 | CVE-2025-64490 | CVE-2025-59541 | CVE-2025-59542 | CVE-2025-59543.
- Deceptor: Automated detection and exploitation of web cache deception vulnerabilities.
- Approach: An automated security reconnaissance tool.
- Tornet Granted: Research-focused tool for enumerating onion urls over the TOR Network. operations.
- Xpose: Research-focused deanonymization tool for investigating illegal dark web operations.
- CVE-2025-64489 : Access Control Bypass Vulnerability in SuiteCRM-7.14.7
- CVE-2025-64490 : Privilege Escalation Vulnerability in SuiteCRM-7.14.7
| Certification | Issued | Issuing Organisation |
|---|---|---|
| Penetration Testing | Sep 2022 | Charles Struts University |
| Certified In CyberSecurity | Oct 2022 | ISC2 |
| Certified AppSec Practitioner | Jan 2023 | The SecOps Group |
| Smart India Hackathon | Dec 2023 | Government Of India |
| Pentathon 2024 | Mar 2024 | Government Of India |
| Pentathon 2025 | Apr 2025 | Government Of India |
- Penetration Testing: Web & API Security, VAPT, OWASP Top 10, Business logic Vulnerabilities.
- Bug Bounty Platforms: HackerOne, BugCrowd, and Open Source Softwares
- Exploitation Tools: Burp Suite, Caido, Nuclei, Fuff, Amass, SQLMap, Metasploit, Wireshark, Nmap
- Programming & Scripting: Python, Bash, C, SQL
- ๐ Website: Portfolio
- ๐ฉ Email: [email protected]
- ๐ LinkedIn: Prakhar Porwal
- ๐ GitHub: prakhar0x01
- ๐ฆ Twitter: @prakhar0x01
- ๐ Youtube: @prakhar0x01