Bug Bounty Hunter · Security Engineer

I break and help fix things on the web. 150+ validated reports on HackerOne/Bugcrowd, with acknowledgements from Shopify, Dell, BigCommerce, and US Government programs.

Hall of Fame · Bugcrowd IDOR · RCE · CSRF Burp · Nuclei
📍 Remote, India 📧 ravi@infosecpentest.com

Experience

Offensive security, vulnerability research, and secure SDLC collaboration.

Bug Bounty Hunter

HackerOne & Bugcrowd · Remote

Aug 2022 – Present
  • 150+ valid vulns across private/public programs; Bugcrowd Hall of Fame.
  • IDOR, RCE, CSRF, broken auth on production systems.
  • Acknowledged by Shopify, Dell, BigCommerce, US Government.
  • Burp Suite, Nuclei for recon/validation.

Data Security Intern

Eggoz Nutrition · Remote

Feb 2022 – May 2022
  • Resolved auth/data handling issues with eng/QA teams.
  • Found Auth Bypass & PII leaks; drove remediation.
  • Applied OWASP guidance in reviews and testing.

Penetration Testing Intern

Virtually Testing Foundation · Remote

Oct 2021 – Dec 2021
  • OWASP Top 10 fundamentals; lab-based web app testing.
  • Burp Suite scanning and workflow setup.
  • Structured reports aligned to pen-test methodologies.

Education

Information Security and Computer Science foundations.

M.Tech Information Technology (Information Security)

2024 – 2026

IET-DAVV, Indore · CGPA: 7.00

B.Tech Computer Science Engineering

2020 – 2024

BM College of Technology, Indore · CGPA: 7.3

Skills & Tooling

Focused on offensive security, recon, and automation.

Languages & Scripting

Bash Python

Offensive Toolkit

Burp Suite Nmap Kali Linux Nuclei

Recon & Discovery

Subfinder Shodan Passive DNS

Security Foundations

OWASP Top 10 Secure SDLC

Certifications

Oracle Cloud Infrastructure (OCI) tracks.

OCI AI Foundations OCI Data Science OCI Foundations OCI Networking OCI Data Platform

Tools

Security tooling and ongoing research.

hostname-extractor (Rust)

Open Source

github.com/MrMahile/hostname-extractor

  • Streams .xz JSONL (40GB+) in-memory; no disk writes for decompression.
  • Chunked, byte-level extraction with progress, low RAM (<1GB).
  • Optimized for high throughput and error-tolerant parsing.

rsort (Rust)

Open Source

github.com/MrMahile/rsort

  • Memory-efficient dedup for 19GB+ text files using hash-based streaming I/O.
  • Case-insensitive by default, buffered I/O, and real-time progress.
  • Designed to avoid OOM while sustaining ~1M lines/sec throughput.

Subdomain Enumeration using AI and ML

  • Detect patterns in DNS/passive data via ML models.
  • Integrate NLP with AI for intelligent reconnaissance.
  • Deploy AI-enhanced scanners on cloud with dynamic DNS.