root@nikhil:~$
Software developer turned security practitioner with 2.5+ years of industry experience. Pursuing a Master's in Cyber Security at UNSW, specialising in offensive security, binary exploitation, and web application pentesting.
help · whoami · skills · projects · theme light
Case studies, concepts, and field notes from security research.
Hands-on walkthrough of setting up an Evil Twin attack lab using Raspberry Pi and Kali Linux — WPA2 handshake capture, deauth flooding, and full traffic interception.
A deep dive into heap UAF vulnerabilities — how allocators manage memory, how UAF arises, and how to chain it into reliable code execution.
Real-world lessons from embedding SAST and dependency scanning into GitLab CI/CD pipelines at scale — what worked, what didn't, and why.
EC2, ECS, ECR, ALB, IAM, VPC, CloudWatch — what each AWS service actually does and how they connect together when you deploy a real application.
From CAP theorem to consistent hashing — the 20 system design concepts that come up repeatedly in interviews and real-world architecture decisions, with practical explanations for each.
Not a list of 200 commands you'll forget. These are the commands I reach for every single day — for CTFs, pentesting, debugging, and general Linux work — with practical examples for each.
Stock GDB is painful for binary exploitation. pwndbg fixes that — here's how to set it up, what it shows you, and the commands I actually use during CTF and fuzzer debugging sessions.
CVEs show up everywhere in security — job descriptions, advisories, CVSSv3 scores on dashboards. Here's what they actually mean, how the system works, and how to use CVE data in real web security work.
Not because it makes you look cool. Because the tooling, the environment, and the mindset shift that comes with running Kali are genuinely useful — and most students wait way too long to switch.
From behavioural questions to live CTF-style challenges — a breakdown of every stage of the cybersecurity interview process and how to prepare for each round.
Zero Trust is everywhere in job descriptions. But what does it actually mean to implement it? A technical breakdown of identity-centric security models and what real Zero Trust looks like in practice.
I transitioned from building software systems at Dell Technologies to pursuing offensive security at UNSW Sydney. I bridge the developer mindset with the attacker's perspective — understanding how systems are built helps me find where they break.
My focus areas include binary exploitation, wireless attack simulation, web application pentesting, and embedding security into DevOps pipelines.
Learn MoreBinary exploitation, fuzzing, wireless attacks, and web pentesting.
DevSecOps pipelines, microservices security, and authentication systems.
Wireless lab builds, IoT security research, and embedded system attack surfaces.
Master's student specialising in offensive security and exploitation.
Security research projects from binary exploitation to wireless attack labs.
Sanitized, NDA-compliant adversarial testing framework for frontier LLMs — covering jailbreak taxonomy, prompt injection, automated adversarial suites, and multimodal attack surface analysis.
Interactive browser-based tool that demonstrates everything a website can legitimately collect from your browser — IP, hardware, GPU, fingerprint and more. No dependencies, no tracking.
Engineered a fuzzer to detect memory corruption vulnerabilities (Heap UAF, Invalid Writes) in 64-bit Linux ELF binaries applicable to embedded and firmware security testing.
See exactly what every website knows about you the moment you visit — using only standard browser APIs.
Click below to run a reconnaissance sweep on your own browser. No data leaves your device — your public IP is resolved client-side via a free HTTPS API.
This tool only collects data that any website can already access. Nothing is sent to a server or stored. Results are for educational purposes only.
I'm open to security consulting, research collaborations, CTF teams, and full-time roles in offensive security or DevSecOps.