I break things for a living — then I write the report that helps the blue team fix them. Red team, pentesting, and the occasional late-night CTF grind. Based out of Bangalore. Still mentoring juniors whenever I can.
Three years in, I've lost count of the apps, networks, and AD forests I've chewed through. My job is simple — find what the attacker would find, before they do. Then prove it with a repro.
I play the threat actor so your SOC doesn't have to meet a real one cold. Full-chain campaigns — black, grey, or white box. The goal isn't just a flag. It's figuring out exactly where the defence blinks.
HTB's CPTS (2026) and EC-Council's CEH (2023). I don't treat certs as trophies — they're just proof I've been tested on the same stuff I claim to know.
Zero access, zero hints. I started with a company name and an IP range. OSINT turned up a reused password, credential stuffing got me a shell, and from there it was a short walk to root. Honestly, the weakest link was never technical — it was reuse.
Grey box — the closest thing to modelling an insider threat. Vhost enum was the chef's kiss here; a hidden Jenkins instance was quietly screaming for attention. A sloppy sudo rule did the rest. Root in under a day.
Read Report arrow_forward
White box. I had the source, the network map, the works — and it still took real work. Two segmented environments, a careful pivot, SNMP leaking what it shouldn't, and eventually root on both. My favourite engagement so far.
What I'm reading, writing & pwning lately
Sumit Gupta's small Delhi office quietly phished politicians, journalists, NGOs and hedge funds for seven years. Citizen Lab finally caught them in 2020. The full case study.
A criminal SaaS startup that franchised ransomware. Travelex, JBS, Kaseya, Quanta, Acer. Then the FBI, Cyber Command and the FSB caught up. The full RaaS playbook.
A Geelong bartender found a 1am to 3am NAB ATM bug. 18 months and AU$1.6 million later, he walked into 60 Minutes and confessed. The bank denied it.
Sachin Dev Duggal conned Microsoft, SoftBank and Qatar with an AI named Natasha. Behind it sat 700 engineers in India writing code by hand. The full story.
A $100 login bought $10.7 million out of Citibank. The St. Petersburg group that found the door, and the X.25 network nobody was watching.
The Alvi brothers signed their names, phone number, and Lahore address inside the first IBM PC virus. Then they built Pakistan's biggest ISP. A case study.
OSINT recon → username-anarchy generation → Hydra FTP/SSH brute force → Sherlock Reddit OSINT → MySQL credential reuse → GTFObins sudo ftp → root.
Dual-machine white-box engagement. SNMP enumeration → IMAPS credential extraction → R-services lateral movement → SSH key exfiltration → root on both KGF1 & KGF2.
Virtual host enumeration → Jenkins default-cred RCE via Groovy console → XLSX hash cracking → rbash escape via vi → GTFObins scp to root.