// Chennai, Tamil Nadu, India
B.Sc. Computer Science student building offensive security tools from the ground up. I built a production C2 framework during internship, automated a full bug bounty recon pipeline, and solved 31 CTF challenges — all documented, all on GitHub.
I'm a second-year CS student at Prince Shri Venkateshwara Arts & Science College, Chennai, with a CGPA of 8.09/10. My focus is entirely on offensive security — penetration testing, red teaming, and building the tools attackers use.
During my internship at Femtosoft Technologies, I built NightShade — an encrypted C2 framework with AES-128, anti-sandbox evasion via RAM/CPU/process fingerprinting, Windows registry persistence, and self-sanitization. Not a tutorial project. A real one.
I learn by building. Every concept I understand, I implement. My GitHub is the proof.
Production-grade encrypted C2 framework built during internship at Femtosoft Technologies. AES-128 encrypted comms, anti-sandbox evasion via RAM/CPU/process fingerprinting, Windows registry persistence, stealth execution, and self-sanitization modules. Modular architecture separates server, agent, and encryption layer.
Private RepositoryAutomated kill-chain recon pipeline: subfinder + amass → httpx → katana → nuclei. Regex-based exploit hint classifier flags SQLi, IDOR, open redirect, path traversal, and exposed admin endpoints. Dual-format output (PDF + HackerOne-ready Markdown). Flask dashboard with SQLite history tracks attack surface changes over time.
View on GitHub →Random Forest classifier trained on 164,000+ emails achieving 97.97% accuracy — outperforming baseline Naive Bayes by 4.2 percentage points. Features: URL patterns, TF-IDF keyword frequency, sender domain reputation, header anomalies. 98.1% precision to minimise false positives in production.
View on GitHub →Production-grade authentication system: Argon2id password hashing, SQLAlchemy ORM eliminating SQL injection, CSRF tokens on all state-changing forms, per-IP rate limiting, temporary account lockout, and secure cookie flags (HttpOnly, Secure, SameSite). Zero known injection or session vulnerabilities.
View on GitHub →Port and vulnerability scanner integrating the NVD API to cross-reference detected software versions against live CVE feeds. Generates structured PDF assessment reports with CVSS severity tiers via FPDF2.
View on GitHub →Entropy scoring, complexity enforcement, and breach-database reuse prevention. Shannon entropy calculation, pattern detection, and credential database integration to reduce weak credential risk at account creation.
View on GitHub →Challenges solved on picoCTF picoGym across Web Exploitation and Forensics. All documented with full methodology in public writeup repository.
Automated multi-step attacks using Python (requests, socket, hashlib) — scripted recon and exploitation across challenge categories.
I'm a second-year student open to internships, research collaborations, bug bounty team-ups, and security conversations. If you're building something in offensive security or need someone who actually reads CVEs for fun — let's talk.
Send Email →