Vishal Vishwakarma

01

About

I spend my days pretending to be the adversary. As an offensive security consultant at NetSentries, my job is simple to say and hard to do: get in the way a real attacker would, prove what it costs, and explain it clearly enough that it actually gets fixed. Most of that work lives in finance — banks, fintechs and the systems behind people's money — where one broken access check is the difference between a headline and a non-event.

I work black-box and zero-knowledge on purpose; I'd rather earn every piece of access the way an outsider would than be handed a map. When the manual testing gets repetitive I write Python to do it for me — the same instinct that's led to eight published CVEs and thank-yous from 300+ organisations, Google, Sony and the BBC among them. Off the clock I hunt private programs on Bugcrowd and Yogosha, and I run The Cyber Explorers to pull more people into this field.

I'm equally at home as a security analyst — turning the noise from a dozen tools and a sprawling attack surface into a clear, prioritised picture of what's actually exploitable and what it would cost. A growing share of that is now AI / LLM penetration testing and cloud security, pressure-testing the models, features and infrastructure teams stand up faster than they can secure.

Role Offensive Security Consultant · Security Analyst
Focus AI / LLM · Cloud · Web · API · Red Team
Languages English · Hindi

{
  "handle": "rootxvishal",
  "role": "Offensive Security Consultant",
  "specialties": [
    "AI / LLM Security",
    "Cloud Security",
    "Web & API PenTest",
    "Adversary Emulation"
  ],
  "stack": ["Python", "Bash", "PowerShell"],
  "mindset": "assume breach, prove impact"
}

02

Areas of Expertise

AI / LLM Security

The newest attack surface, shipped weekly. I test LLM features for prompt injection, data leakage, insecure tool-use and model abuse — and weaponise GPTs to accelerate the hunt itself.

Cloud Security

Cloud is the new perimeter. I hunt exposed buckets, over-permissive IAM, leaked keys and metadata SSRF across AWS, GCP and Azure — turning misconfigurations into demonstrable impact.

Web Application Pentesting

Where the real money still hides. I go deep on auth, access control and business logic — the flaws a scanner can't reason about — not just the easy reflected XSS.

API Penetration Testing

Modern apps are just APIs wearing a UI. I pull apart REST and GraphQL for the broken-object-level-auth and mass-assignment bugs that quietly hand over other people's data.

Infrastructure Pentesting

Once I have a foothold I look for the way up and the way across — the misconfig, the forgotten host, the reused credential that turns one box into the whole network.

Attack Surface Recon (OSINT)

Half of every engagement is finding what the target forgot it owns. I map the full external footprint and mine open and dark-web sources for the exposure nobody's watching.

Security Automation

I'd rather build the tool once than run the same check a hundred times. Python pipelines turn my recon and exploitation into something that scales across an entire program.

Adversary Emulation

Not a checklist — a story. I replay real threat-actor TTPs end to end against the MITRE ATT&CK matrix so a client sees exactly how a breach against them would unfold.

Phishing Simulation

People are the perimeter. I run convincing phishing and post-exploitation campaigns with Evilginx and Gophish, then turn the fallout into training that actually sticks.

Tooling & frameworks

Burp Suite ProNessus ProAcunetix NucleiMetasploitEvilginxGophish AWSGCPAzureDocker LLM / GPT APIsMITRE ATT&CKOWASPNISTCVSS PythonBashPowerShell

03

Experience

Feb 2025 — Present Remote

Associate Consultant — Offensive Security

NetSentries Technologies

Run intelligence-led penetration tests for banks, fintechs and e-commerce clients — the kind where the brief is "here's our domain, good luck."
Map each client's true external attack surface through deep recon and OSINT, then prioritise what an attacker would actually reach for first.
Pair a broad tool stack with manual testing to separate genuinely exploitable issues from scanner noise.

May 2023 — Jan 2025 Remote

Junior Security Analyst

FireCompass ★ Star Performer

Ran red-team and adversary-emulation engagements end to end against financial and e-commerce targets.
Built the automation behind the work — programs that scaled recon and exploitation and fed straight into the FireCompass CART platform.
Designed and ran advanced phishing and post-phishing campaigns, then wrote the reports leadership actually read.

May 2022 — Present Freelance

CrowdSource Researcher

Bugcrowd · Yogosha Strike Force

Hunt private programs by hand, reporting findings in language both engineers and the business can act on.
Work alongside dev teams to validate, root-cause and close the bugs I find — not just throw them over the wall.
Selected member of the Yogosha Strike Force.

Jun 2022 — May 2023 Remote

Security Analyst (Intern)

Codewits Solutions Pvt. Ltd.

Helped research and build a SaaS Security Posture Management product — wrangling messy SaaS data into something the core engine could actually use.
Mapped findings to the frameworks clients care about: NIST RMF (800-53), PCI-DSS, SOC 2, CIS Controls v8, HIPAA and NIST CSF.

04

Credentials & Recognition

Disclosed CVEs

Eight published vulnerabilities — each a real flaw in real software, found, reported and credited to me.

CVE-2022-1728 CVE-2022-1754 CVE-2022-1775 CVE-2022-1803 CVE-2022-1812 CVE-2022-1848 CVE-2023-0299 CVE-2023-0569

Achievements

Global Hall of Fame 300+ organisations have publicly thanked me for reporting bugs in their products — Google, Sony and the BBC among them.
Private Engagements & Contracts Invited into private contracts and programs to secure assets that never make a public list.
The Cyber Explorers Founded a YouTube channel of cybersecurity podcasts to bring newcomers into the field.
Offensive Security Writeups Publish bug-bounty & CTF write-ups on Medium (@rootxvishal) so the next hunter doesn't start from zero.

Certifications

Certified Red Team Professional (CRTP)Altered Security
Certified AI/ML Pentester (C-AI/MLPen)The SecOps Group
AWS Certified Solutions Architect – AssociateAmazon Web Services
Certified Red Team Infra Dev (CRT-ID)CyberWarFare Labs
Certified Red Team Analyst (CRTA)CyberWarFare Labs
Multi-Cloud Red Team Analyst (MCRTA)CyberWarFare Labs
eLearnSecurity Junior Penetration Tester (eJPT)INE · eLearnSecurity
Practical Ethical Hacking (PEH)TCM Security

Education

BCA Bachelor of Computer Applications — Rabindranath Tagore University, MP (2020–2023)

05

Recommendations

Vishal is an exceptionally talented offensive security professional with a strong command over penetration testing and practical exploitation. His approach is structured, his findings are always high-quality, and he consistently delivers more than expected. What stands out most is his curiosity and willingness to explore deeper, ensuring nothing is left unchecked. I highly recommend Vishal for any role involving penetration testing, red teaming, application security, or broader cybersecurity initiatives. He will undoubtedly add value wherever he works.

YT Yash Vardhan Tripathi AI & Offensive Security · Product Security

Vishal remains curious and inclined towards the latest trends in cyberspace, and always up for the challenge of breaking apart new processes and techniques, to identify and alert about weaknesses or opportunities for making them more secure. He particularly stood out from his peers by demonstrating some key benefits of GPTs for security researchers, and already, back in 2022, powering our cloud security product using cutting-edge AI APIs, which helped us leapfrog most of the competition in a matter of days, not even weeks.

DB Debjyoti Bose R&D & DevOps Leadership · Cybersecurity

Vishal was with us at FC and I've found him to be a very straightforward and technically aware individual. He is a great team player with attention to detail. He also has a great sense of timing and can be relied upon for immediate and long-term commitments alike. I wish him all the very best and a successful career ahead!

JS Joy Sen Director, Cyber Security Analysis · FireCompass

I had the pleasure of working closely with Vishal, and he consistently impressed me with his exceptional technical skills and problem-solving abilities. He played a key role in red team assessments and Attack Surface Management (ASM), uncovering critical vulnerabilities for clients. Vishal's expertise in bug bounties and his ability to automate tasks significantly boosted team efficiency. His attention to detail, dedication, and ability to deliver high-quality results under tight deadlines make him a valuable asset. I highly recommend Vishal for any red team, penetration testing projects, or related roles.

SK Sanket K Security Architect · Red Teamer · Offensive Security Mentor

Vishal and I collaborated on multiple red teaming assessments, where he consistently demonstrated his expertise and solid methodology. His exceptional bug bounty skills greatly aided in conducting Attack Surface Management (ASM) for clients, uncovering critical vulnerabilities across various projects. Additionally, his proficiency in automating manual tasks significantly benefited the team. I highly recommend Vishal for red team and penetration testing projects.

PS Prashant Saini OSEP · OSCP · CRTE

Vishal is a very talented security researcher. His ability to think and see out of the box has been one of the key points to his contribution. Vishal is skilled with various technologies and methodologies.

SS Saransh Saraf Senior Security Engineer · WatchGuard

I recommend Mr. Vishal Vishwakarma for any role in Cyber Security. We were together on a Cloud Security product development project. Vishal is dedicated to his work, as seen in his bug bounty findings and YouTube channel. He makes sure that the assigned task gets completed in the assigned time frame.

AB Arif Baig Information Security Manager · Author

See more on LinkedIn →

06

Beginner's Guide to Bug Bounty

A practical, no-fluff roadmap I wish I had when I started. Bug bounty rewards consistency over talent — follow the path, build the fundamentals, and let the depth compound. Work only inside authorised scope and always read each program's policy first.

01

Build the fundamentals

Understand how the web actually works before you try to break it.

HTTP/S, requests & responses, status codes, headers, cookies
How browsers, DNS, TLS and proxies fit together
Basic Linux, the command line, and a scripting language (Python or Bash)

02

Learn the vulnerability classes

Study the OWASP Top 10, then go deep on a few beginner-friendly, high-yield bugs.

Start with IDOR/BOLA, reflected XSS, information disclosure & subdomain takeover
Then broaden: SSRF, SQLi, CSRF, auth/session flaws, business-logic abuse
Read disclosed HackerOne reports — pattern-match how real bugs are found

03

Get your hands dirty (legally)

Practice in safe, intentionally-vulnerable environments before going live.

PortSwigger Web Security Academy labs — free and the gold standard
TryHackMe Bug Bounty path, HackTheBox, PentesterLab, OWASP Juice Shop
Master Burp Suite — proxy, repeater, intruder, decoder — manually

04

Pick a platform & a target

As a beginner, lower the competition before you chase the payout.

HackerOne, Bugcrowd, Intigriti, YesWeHack, Yogosha
Start with VDPs & smaller programs — skip mega-programs (Google/Meta/Apple) at first
Read the scope & policy in full — out-of-scope = no reward, possible ban

05

Recon, then test methodically

Map the attack surface before firing payloads — depth beats breadth.

subfinder/amass → httpx → gau/waybackurls → ffuf, LinkFinder, Arjun, Nuclei
Commit to one target for ~7 days; pick one bug class per session
Take obsessive notes — every endpoint, parameter and observation

06

Report like a professional

A great report is half the value — make impact undeniable.

Descriptive title: [Stored XSS] on example.com via the profile name field
Severity (CVSS), affected asset, 5-minute repro steps, and a working PoC
Tie it to real business impact — ATO, PII exposure, financial abuse

!

The mindset that matters: you will get many duplicates, N/As and informationals before your first valid bounty. Treat every "failure" as recon for the next target. Stay in scope, stay ethical, and never stop reading other hunters' write-ups.

Let's work together

Got something you need broken?

I take on penetration-testing and red-team engagements, private bug-bounty invites, and security collaborations. If there's a target that's been keeping you up at night, let's talk.

rootxvishal@proton.me

LinkedIn GitHub Medium