Offensive Security Researcher

SHIVANG
MAURYA

Specializing in Red Teaming, Adversary Simulation, and Vulnerability Assessments.
Protecting the unseen.

View Projects Contact Me

ACKNOWLEDGED BY SECURITY TEAMS AT

NASA
DELL
ASUS
GOV.SG
HACKERONE
BUGCROWD

$0k+

Bounties Earned

500+

Vulnerabilities Reported

50+

Critical CVEs/P1s

20+

Custom Tools Built

01. About Me

I am an Offensive Security Researcher and Red Team Lead specialized in uncovering critical vulnerabilities across web applications, APIs, and enterprise infrastructure. With a manual-first approach, I focus on realistic adversary simulation, advanced attack chaining, and business-impact-driven exploitation—prioritizing signal over surface-level noise.

Beyond bug bounty hunting on HackerOne and Bugcrowd, I build custom Python-based offensive frameworks to scale reconnaissance while maintaining precision. My experience extends to assisting law enforcement with digital investigations, bridging the gap between offensive techniques and forensic analysis.

Currently, I lead red team operations and mentor junior researchers, driven by a goal to defend organizations by thinking like the most advanced attackers in the world.

./Current_Focus

  • Web & API Exploitation
  • Red Teaming Operations
  • Source Code Review
  • Security Automation

02. Experience

Feb 2026 – Present | Remote

Red Team Lead

CyberAries Pvt. Ltd.
  • Leading real-world adversary simulations across web, network, cloud, and infrastructure.
  • Executing end-to-end red team operations with focus on critical, business-impact vulnerabilities.
  • Mentoring team members and translating offensive findings into actionable defensive improvements.
Ongoing

Bug Bounty Hunter

HackerOne & Bugcrowd
  • Actively hunting on public/private programs; Earnings ~$**,000+ in 12 months.
  • Reported Critical/High vulnerabilities: Broken Access Control, XSS, SQLi, Auth Bypass.
  • Demonstrated real-world impact via manual exploitation chains.
6 Months

Cybersecurity Investigation Support

Mumbai Police
  • Assisted law enforcement in cybercrime investigations and digital evidence analysis.
  • Performed log analysis, web attack vector reconstruction, and malicious activity tracking.
  • Maintained strict confidentiality and legal compliance.
6 Months

Security Researcher Intern

Tabnet
  • Conducted VAPT on production Web & API applications.
  • Identified flaws in authentication, authorization, and input validation.
  • Authored professional-grade reports with remediation guidance.
Ongoing

Security Tool Developer

Open Source & Private
  • Developed custom Python-based tools for recon, exploitation, and offensive automation.
  • Built private frameworks for XSS detection, API security, and access control testing.
  • Automated large-scale workflows to assess distributed attack surfaces.

03. Projects & Tools

FileFetcher

**Wayback Secret Finder**. Extracts URLs from Wayback Machine and scans for exposed secrets (API keys, tokens, credentials). Multi-threaded for speed.

Python Multi-threading OSINT

PythaJS

**JavaScript Extractor**. Extracts JS files from target domains to help identify exposed API endpoints and client-side vulnerabilities.

Automation Recon JavaScript

Pytha403

**403 Bypass Toolkit**. Automates bypass techniques using header manipulation, path normalization, and encoding tricks to access restricted endpoints.

Bypass Fuzzing Python
Private

Proprietary Arsenal

Custom XSS scanners, focused subdomain recon pipelines, and API fuzzing frameworks used internally for bug bounty hunting and red teaming.

XSS API Fuzzing Red Team
Pending

Hackathon Project 01

Upcoming hackathon project details will be updated here. Innovative security solution in progress.

Coming Soon ...
Pending

Hackathon Project 02

Space reserved for future hackathon achievement. Solution architecture and stack to be announced.

Coming Soon ...

04. Certifications

eWPTX Badge

eWPTX

Web App PenTester eXtreme
eCPPT Badge

eCPPT

Certified Professional PenTester
eJPT Badge

eJPT

Junior Penetration Tester
CEH Badge

CEH

Certified Ethical Hacker
CPTA Badge

CPTA v2

Purple Team Analyst

Future Cert

Target: OSCP/OSEP

[IN PROGRESS]

Future Cert

Target: CRTO/CRTP

[PLANNED]

Future Cert

Target: BSCP/CPTS/CBBH

[GOAL]

05. Technical Arsenal

root@shivang:~/skills# cat detailed_arsenal.txt

Offensive Security

  • Web, API & Network Pentesting
  • Manual Exploitation & Attack Chaining
  • Source Code Review (Logic-driven)

Vulnerabilities

  • Broken Access Control (IDOR)
  • XSS (Reflected, Stored, DOM, RXSS)
  • SQL Injection
  • Auth Bypass & Request Smuggling
  • Business Logic Abuse

Tools

  • Burp Suite, Postman, SQLmap
  • FFUF, Dirsearch, XSStrike
  • Nmap, Wireshark, Metasploit
  • Amass, Subfinder, Waybackurls
  • ReconFTW, JWT Tools

Code & Tech

  • Python (Automation/Tools), Bash
  • JavaScript (Client-side), SQL
  • REST/GraphQL APIs, OAuth2, JWT
  • JSON, XML, multipart/form-data

07. Initialize Handshake

Get In Touch

I am open to new opportunities in Red Teaming, Bug Bounty Collaborations, and Advanced VAPT roles.

Send Encrypted Email
GitHub LinkedIn HackerOne Bugcrowd Twitter TryHackMe

Phone: +91 87880 83267