Mar 2021 – Sep 2022 · 1 yr 6 mos

• Demonstrated offensive penetration testing competence and ownership in diverse areas for year long, large scale projects: Manufacturing Audit (2019-2020), Energy Audit (2020-2021), and Vehicle system Audit (2021-2022). Findings were presented to the VP and Board of Directors.
• Ensured that Tesla's mission critical releases were as secure as possible by performing end-to-end security reviews on over 150+ features. Notable work on securing: BTC+DOGE payment release, SentryCam, Non-Tesla Supercharging, Tesla Auth, etc.
• Discovered and reported 0days in multiple third party vendors such as Akamai Zero Trust, ObserveIT, Avaya, etc.
• Performed successful Red Team engagements to challenge the security posture of numerous crown jewels and provided guidance for the remediation by going above and beyond for my role.
• Helped strengthen Tesla's defenses by collaborating with blue team to build robust signals during purple team activities.
• Proactively reconstructed 1-days/n-days through patch-diffing and led offensive testing efforts to perform company-wide scanning for critical emerging vulnerabilities such as log4j, spring4shell, etc. Always stayed on top of emerging threat landscape, this resulted into Tesla being unaffected during such major incidents.
• Created documentation for onboarding, workflow for incident handling, testing methodologies/ checklist and third party audit flows that are regularly used by 4 security engineering teams.
• Developed multiple tooling for security teams and developers which saved over 2000+ human hours every year.
• Managed many reports submitted to Tesla’s Bug Bounty Program. As a follow up to a report, I led entire end-to-end remediations and conducted internal pentest to identify the breadth of impact and to fix similar issues throughout Tesla before anyone else would find.
• Designed training programs targeted at developers and led training and awareness initiatives that were attended by over 1,000 employees in 3 years.

Oct 2019 – Mar 2021 · 1 yr 5 mos

• Red Team - Offensive Security, AppSec, Vulnerability Research (VR), and Incident Handling - Hacking all the things and keeping Tesla and its customers secure!

Aug 2019 – Present · 6 yrs 7 mos

• Perfect Blue is a Capture The Flag (CTF) Team comprising of students and professionals mainly from US and other parts of the world. It is ranked on CTFTime as world’s best hacking team for the year 2020, 2021, and 2023.
• perfect blue has won the most challenging and prestigious hacking competitions (CTF) events across the world consistently such as GoogleCTF, PlaidCTF, HITCON CTF, DEFCON Quals.
• As of 2023, perfect blue is playing under “Blue Water”.
• https://blog.perfect.blue/perfect-blue-finishes-top-1-on-CTFtime-2020

May 2018 – Aug 2018 · 3 mos · Santa Clara, California

• Worked alongside with App-ID team to develop manual signatures for Web/Mobile/Thick Client applications by fully understanding the network flow, identifying patterns, testing and deploying on a Palo Alto Networks Firewall.
• Developed 20+ signatures with applications using HTTP/2, a latest web protocol at that time and built an analyzer
• Instrumented malware analysis with full reverse engineering of most complex samples and emulated threat in an air-gapped environment to write signatures for detecting and blocking them. Collaborated with Unit42 regularly.
• Worked on an Internal project (also my Intern project) along with my mentor to automate and enhance signature generation productivity by 100% with minimal false-positives using Machine Learning algorithms.

May 2017 – Jul 2017 · 2 mos · Phoenix, Arizona Area

• Aaditya Purani was a Security Analyst at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. Aaditya's primary area of expertise are web application penetration testing, mobile application penetration testing, product security reviews, and source code review.

Jan 2013 – Present · 13 yrs 2 mos

• Self-motivated security professional since 2013
• Diverse skillset: Expertise ranging from Web to Reverse Engineering, capable of tackling any challenge.
• Awarded bug bounties from over 100 companies worldwide.
• Active in CTFs as a member of world ranked #1 teams since 2016 (previously with dcua, currently with perfect blue/Blue Water).
• Researching niche AppSec topics and advancing the field through innovative research.
• Developing tools for auditing blockchain security.
• Conducting vulnerability research by reproducing n-days and hunting 0-days in well-known products.
• Presented at Black Hat USA 2022 and DEFCON 30 on “ElectroVolt: Pwning popular desktop applications while uncovering new attack surface on Electron,” a collaborative research effort.