Spidey @ NOVA
Work
  • Jun 2025 - Jun 2025
    Sakthi Finance Limited
    Freelance Pentester (Web, API, Mobile)

    Conducted a comprehensive freelance security assessment of Sakthi Finance Limited’s digital assets, including web applications, APIs, and mobile apps. Delivered actionable findings that helped the organization mitigate high-risk vulnerabilities.

    • Web: Discovered a Local File Inclusion (LFI) vulnerability in the “Show PDF” functionality, potentially exposing internal server files.
    • API: Identified critical flaws such as Personally Identifiable Information (PII) leakage, missing authentication/authorization controls, AES-GCM nonce reuse, and a business logic flaw allowing unlimited balance top-ups.
    • Mobile: Reported insecure storage of sensitive data in plaintext, successfully bypassed root detection, emulator detection, and SSL pinning mechanisms.
  • Aug 2023 - Now
    iQube Innovations
    Pentester

    As part of iQube Innovations, I gained live pentesting experience, handled internal network security projects, and contributed to securing server infrastructure. This role enabled me to translate theoretical knowledge into real-world applications.

    • Conducted vulnerability assessments and infrastructure hardening.
    • Collaborated on internal red-teaming efforts and firewall configurations.
    • Supported secure deployment of student-run services and forums.
  • Jun 2023 - Now
    NOVA
    CTF Team Member

    Active member of student-led CTF team NOVA. Regularly participated in national and international cybersecurity competitions, contributing to team-based strategy and technical depth.

    • Participated in 100+ CTFs including IRIS, Nullcon, and HackIM.
    • Specialized in Web, Crypto, and Forensics categories.
    • Winner of the Great AppSec Hackathon 2024.
    • Finalist at Pentathon 2024.
    • Secured AIR 5 in the Territorial Army CTF.
    • Collaborated on writeups, internal training, and knowledge sharing.
  • Jan 2023 - Now
    Hack The Box
    Pro Hacker

    Hack The Box provided hands-on experience across domains like penetration testing, networking, cryptography, web exploitation, and digital forensics. This platform significantly contributed to my practical skill development and sharpened my problem-solving abilities.

    • Solved advanced real-world hacking labs and CTFs.
    • Improved methodology for OSINT, privilege escalation, and red teaming.
    • Ranked globally among thousands of cybersecurity enthusiasts.