Home Experience Projects Write-ups Blog Download Resume
Available for opportunities

Security Researcher & Penetration Tester

Rishabh Yadav

// _

Breaking systems to make them stronger. I find vulnerabilities before the bad actors do — turning weaknesses into hardened defences through ethical hacking and rigorous testing.

View My Work ↗ Download Resume ↓ Contact Me →
GitHub LinkedIn Email
0
Internships
0
Projects
0
CTF Solves
0
Tools

"I don't just test systems —
I think like the attacker."

Cybersecurity professional with a relentless curiosity for breaking things and a disciplined methodology for fixing them. From corporate internships at Fortune 500 companies to late-night CTF sessions, every experience sharpens the blade.

whoami
$ whoami
role: VAPT Analyst & SOC Specialist
location: India 🇮🇳
status: ● Open to Work
focus: Offensive Security & Defensive Security
motto: "Break it. Report it. Fix it."
Skills & Expertise

Technical Arsenal

⚔️
Offensive Security
VAPT Web Pentesting Network Pentesting OWASP Top 10 Privilege Escalation Red Teaming Social Engineering
🛡️
Defensive & Monitoring
SIEM Fundamentals Log Analysis IDS/IPS Incident Response Threat Intelligence
🛠️
Security Tools
Burp Suite Metasploit Wireshark Nessus Nmap Gobuster SQLMap Nikto Snort
💻
Programming & Scripting
Python Bash PowerShell Rust JavaScript SQL
📋
Standards & Methodology
PTES OWASP CVSS CVE Analysis Risk Assessment Report Writing
🖥️
Platforms
Kali Linux Parrot OS Ubuntu Windows Active Directory
Professional Experience

Where I've Worked

2024
JPMorgan Chase & Co.
Cybersecurity Analyst Intern
  • Identified vulnerabilities in financial web applications
  • Wrote remediation reports with CVSS scoring
  • Developed Python patches for identified issues
  • Gained exposure to enterprise-scale SDLC security
Web SecurityVAPTPythonReport Writing
2024
Deloitte
Cyber & Technology Analyst Intern
  • Investigated security incidents using SIEM tooling
  • Performed digital forensics on compromised endpoints
  • Analysed telemetry data and built IR documentation
  • Learned enterprise incident response playbooks
DFIRSIEMLog AnalysisIncident Response
2024
Mastercard
Security Awareness Analyst Intern
  • Designed targeted phishing simulation campaigns
  • Analysed campaign results and reported to stakeholders
  • Created improved security awareness training materials
  • Reduced simulated click rate by identifying high-risk teams
PhishingSecurity AwarenessData Analysis
2023
Infosys
Cybersecurity Fundamentals Intern
  • Worked on backend development and scripting.
  • Developed scripts for workflow automation
  • Worked in Agile development environments
  • Improved secure coding practices
AgileAutomationDatebaseCryptography
Featured Work

Projects

Featured
Security Tool

Poor Man's Pentest

A lightweight, modular penetration testing toolkit built in Python. Automates reconnaissance, vulnerability scanning, and report generation — all from a single command. Designed for pentesters who need quick results without heavy frameworks.

PythonNmapAutomationReporting
GitHub ↗ Details →
C2 Framework

Pawncat

A custom command-and-control framework for authorised red team operations. Features encrypted comms, modular payloads, and a clean CLI interface.

PythonSocketsEncryption
GitHub ↗ Details →
Repository

CTF Write-ups Repo

A structured collection of CTF walkthroughs from TryHackMe, HackTheBox, and PicoCTF. Documented with commands, screenshots, and methodology notes.

MarkdownCTFDocumentation
GitHub ↗ Details →
Workflow

Phishing Triage Workflow

A professional, end-to-end phishing incident triage workflow for security operations. Automates header analysis, IOC extraction, and initial risk assessment.

Security OpsTriagePythonAPI Integration
GitHub ↗ Details →
View All Projects →
Capture The Flag

Recent Write-ups

Medium TryHackMe

TryHackMe: Mr. Robot — Full Walkthrough

Complete walkthrough of the TryHackMe Mr. Robot machine — all 3 flags captured through web …

webwordpressprivilege-escalationsuid
Read Write-up →
Easy TryHackMe

TryHackMe: Blue — EternalBlue (MS17-010) Walkthrough

Exploiting the infamous EternalBlue vulnerability on the TryHackMe Blue machine using Metasploit.

eternalbluemetasploitwindowssmb
Read Write-up →
Easy HackTheBox

HackTheBox: Starting Point — Meow, Fawn, and Dancing

Walkthrough of the first three HackTheBox Starting Point machines covering Telnet, FTP, and SMB …

telnetftpsmbfundamentals
Read Write-up →
All Write-ups →
Credentials

Certifications

🏴‍☠️
Certified Ethical Hacker (CEH)
EC-Council
2024
Active
🛡️
CC – Certified in Cybersecurity
ISC2
2024
Active
🔐
Android Bug Bounty Hunting:
Hunt Like a Rat
EC-Council
2025
Active
💀
OSCP
OffSec
2026
In Progress
certification_roadmap.sh
# Completed
[✓] Certified Ethical Hacker (CEH)
[✓] CC – Certified in Cybersecurity
[✓] Android Bug Bounty Hunting: Hunt Like a Rat

# In Progress
[ ] OSCP

Latest Articles

From the Blog

Research
Apr 13, 2026

CISA KEV Remediation Analysis

Introduction to CISA KEV Remediation The Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog is a …

3 min read Read →
All Posts →

Ready to talk security?

Let's connect — whether it's about a role, a project, or breaking into systems (ethically, of course).

View Resume Send Message
// hack_the_system.exe