Home Experience Projects Write-ups Blog Download Resume
Available for opportunities

Security Researcher & Penetration Tester

Rishabh Yadav

// _

Breaking systems to make them stronger. I find vulnerabilities before the bad actors do — turning weaknesses into hardened defences through ethical hacking and rigorous testing.

View My Work ↗ Download Resume ↓ Contact Me →
GitHub LinkedIn Email
0
Internships
0
Projects
0
CTF Solves
0
Tools

"I don't just test systems —
I think like the attacker."

Cybersecurity professional with a relentless curiosity for breaking things and a disciplined methodology for fixing them. From corporate internships at Fortune 500 companies to late-night CTF sessions, every experience sharpens the blade.

whoami
$ whoami
role: VAPT Analyst & SOC Specialist
location: India 🇮🇳
status: ● Open to Work
focus: Offensive Security & Defensive Security
motto: "Break it. Report it. Fix it."
Skills & Expertise

Technical Arsenal

⚔️
Offensive Security
VAPT Web Pentesting Network Pentesting OWASP Top 10 Privilege Escalation Red Teaming Social Engineering
🛡️
Defensive & Monitoring
SIEM Fundamentals Log Analysis IDS/IPS Incident Response Threat Intelligence
🛠️
Security Tools
Burp Suite Metasploit Wireshark Nessus Nmap Gobuster SQLMap Nikto Snort
💻
Programming & Scripting
Python Bash PowerShell Rust JavaScript SQL
📋
Standards & Methodology
PTES OWASP CVSS CVE Analysis Risk Assessment Report Writing
🖥️
Platforms
Kali Linux Parrot OS Ubuntu Windows Active Directory
Professional Experience

Where I've Worked

2024
JPMorgan Chase & Co.
Cybersecurity Analyst Intern
  • Identified vulnerabilities in financial web applications
  • Wrote remediation reports with CVSS scoring
  • Developed Python patches for identified issues
  • Gained exposure to enterprise-scale SDLC security
Web SecurityVAPTPythonReport Writing
2024
Deloitte
Cyber & Technology Analyst Intern
  • Investigated security incidents using SIEM tooling
  • Performed digital forensics on compromised endpoints
  • Analysed telemetry data and built IR documentation
  • Learned enterprise incident response playbooks
DFIRSIEMLog AnalysisIncident Response
2024
Mastercard
Security Awareness Analyst Intern
  • Designed targeted phishing simulation campaigns
  • Analysed campaign results and reported to stakeholders
  • Created improved security awareness training materials
  • Reduced simulated click rate by identifying high-risk teams
PhishingSecurity AwarenessData Analysis
2023
Infosys
Cybersecurity Fundamentals Intern
  • Worked on backend development and scripting.
  • Developed scripts for workflow automation
  • Worked in Agile development environments
  • Improved secure coding practices
AgileAutomationDatebaseCryptography
Featured Work

Projects

Featured
Security Tool

Poor Man's Pentest

A lightweight, modular penetration testing toolkit built in Python. Automates reconnaissance, vulnerability scanning, and report generation — all from a single command. Designed for pentesters who need quick results without heavy frameworks.

PythonNmapAutomationReporting
GitHub ↗ Details →
C2 Framework

Pawncat

A custom command-and-control framework for authorised red team operations. Features encrypted comms, modular payloads, and a clean CLI interface.

PythonSocketsEncryption
GitHub ↗ Details →
Repository

CTF Write-ups Repo

A structured collection of CTF walkthroughs from TryHackMe, HackTheBox, and PicoCTF. Documented with commands, screenshots, and methodology notes.

MarkdownCTFDocumentation
GitHub ↗ Details →
Workflow

Phishing Triage Workflow

A professional, end-to-end phishing incident triage workflow for security operations. Automates header analysis, IOC extraction, and initial risk assessment.

Security OpsTriagePythonAPI Integration
GitHub ↗ Details →
View All Projects →
Capture The Flag

Recent Write-ups

Medium TryHackMe

TryHackMe: Mr. Robot — Full Walkthrough

Complete walkthrough of the TryHackMe Mr. Robot machine — all 3 flags captured through web …

webwordpressprivilege-escalationsuid
Read Write-up →
Easy TryHackMe

TryHackMe: Blue — EternalBlue (MS17-010) Walkthrough

Exploiting the infamous EternalBlue vulnerability on the TryHackMe Blue machine using Metasploit.

eternalbluemetasploitwindowssmb
Read Write-up →
Easy HackTheBox

HackTheBox: Starting Point — Meow, Fawn, and Dancing

Walkthrough of the first three HackTheBox Starting Point machines covering Telnet, FTP, and SMB …

telnetftpsmbfundamentals
Read Write-up →
All Write-ups →
Credentials

Certifications

🏴‍☠️
Certified Ethical Hacker (CEH)
EC-Council
2024
Active
🛡️
CC – Certified in Cybersecurity
ISC2
2024
Active
🔐
Android Bug Bounty Hunting:
Hunt Like a Rat
EC-Council
2025
Active
💀
OSCP
OffSec
2026
In Progress
certification_roadmap.sh
# Completed
[✓] Certified Ethical Hacker (CEH)
[✓] CC – Certified in Cybersecurity
[✓] Android Bug Bounty Hunting: Hunt Like a Rat

# In Progress
[ ] OSCP

Latest Articles

From the Blog

Research
May 24, 2026

npm Security: 2FA & Staged Publishing

Introduction to npm Security Enhancements As a security engineer, I appreciate the recent efforts by GitHub to enhance the security of the npm …

3 min read Read →
All Posts →

Ready to talk security?

Let's connect — whether it's about a role, a project, or breaking into systems (ethically, of course).

View Resume Send Message
// hack_the_system.exe