Workfolio
About Me
M.Sc. Cybersecurity student and Research Assistant at CISPA with technical & practical foundation in Web Security, AI Agent Vulnerabilities, and Machine Learning. Currently leading novel research on Service Worker-mediated Web Cache Deception (SW-WCD) and the first systematic security evaluation of Autonomous Coding Agents (Intent-Driven Autonomous Development). Proficient in building complex simulation infrastructures (Docker/Nginx/Playwright), statistical analysis (R), and auditing AI-generated software using eBPF and stateful fuzzing.
"The best defense is a good offense."
— Security Proverb
Work Experience
CISPA -- Helmholtz Center for Information Security
Hackers4u
CybersecuredIndia
Virtual Testing Foundation
Cybersocial
Skills
Web & Offensive Security
Skills : VAPT, System exploitation, Privilege escalation, Proof of concept development, Client-side vulnerability assessment, Browser and extension testing, CDN Architecture (Nginx/Varnish/Cloudflare), OWASP Top 10.
Security Operations
Skills : Splunk, Wireshark, Autopsy, MITRE ATT&CK, ITIL Framework, ISO 27001, Security Audits, Risk Assessment.
Cloud & DevSecOps
Skills : AWS Security fundamentals, Azure SIEM/SOAR, Infrastructure as Code (Terraform), Container security (Docker, Kubernetes), CI/CD Security concepts, Misconfiguration analysis.
Programming
Skills : Python (automation, security tooling, agent workflows), Bash/Shell Scripting, JavaScript/Node.js, C++
ML & Tools
Skills : PyTorch, TensorFlow, Autoencoders, RL, LLMs (Claude Code), HuggingFace, RunPod, Langchain, VectorDatabases, Docker, Kubernetes.
AI Security
Attacks : Prompt Injection, Jailbreaking, Data Poisoning, Membership Inference attack.
Defense : Input Sanitization (Guardrails), Adversarial Training, Robustness Verification.
AI & Security Automation
Skills : AI-assisted security workflows, Integration with LLMs (Claude, GPT, Llama), agent-based automation.
Database & Data Handling
Skills : SQLite3, PostgreSQL, JSON-based data modeling, dataset preprocessing for security and ML pipelines.
Productivity Ecosystem
Skills : Workspace (Script automation, Data Studio reporting), Jira (Agile workflow management), Documentation (GitHub, Markdown), Communication (Slack, Teams, LaTeX).
Work Examples
SW-WCD-RESEARCH: Web Cache Deception Prototype
• Engineered a complete research testbed to evaluate how Service Workers influence WCD behaviors in CDN-backed architectures. • Implemented Node.js anomaly detectors to log rewritten URLs and cache indicators. • Developed attack payloads (e.g., t1-path-sculpting.js) to bypass standard CDN cache armor. • Designed PostgreSQL schema for trial data storage and statistical power analysis.
The Vibecoding Security Gap (IDAD Evaluation)
• Building `XYZ Bench` to compare Agent-Native IDEs vs. CLI agents across 275 software tasks. • Measuring hallucinated dependencies and context poisoning rates in autonomous coding. • Using eBPF to monitor insecure execution patterns in agent-generated code.
Protocol Fuzzing
• Designed a stateful Fandango IO grammar for a Redis-like key-value store, enabling valid command sequences (SET/GET/UPDATE) with response validation. • Simulated an SMTP man-in-the-middle attack by hijacking authenticated sessions to send spoofed emails without hardcoded credentials. • Used derivation tree constraints and prefix-aware tracking to enforce protocol correctness during fuzzing.
HACKBOT: AI-Powered Automated Exploit Engine
• Local LLM interface with RAG to query CVE databases without hallucinations. • Deployed on RunPod with latency/resource optimization. • Integrated static analysis for auto-generated vulnerability reports.
API-Based NMAP Dashboard
• Full-stack dashboard for managing and visualizing Nmap scans. • Enabled real-time asset visibility and centralized reporting.