Shashank Barthwal

AI Researcher

Bengaluru, Karnataka, India5 yrs 8 mos experience

Highly Stable

Key Highlights

5+ years of experience in offensive security.
Proven track record of discovering and disclosing multiple CVEs.
Experienced speaker at leading security conferences.

Stackforce AI infers this person is a Cybersecurity expert with a focus on vulnerability research and offensive security.

Contact

Skills

Core Skills

Vulnerability ResearchSecurity EngineeringPenetration TestingSecurity ResearchCybersecurity

Other Skills

API vulnerability scannerWildcard Filtervulnerability reportingAPI vulnerability scanningsecurity vulnerability reportingresource optimizationdomain asset managementWeb Application Scanner0-day vulnerabilitiesopen source project developmentweb application securityvulnerability scanningopen source developmentcommand line interfacedomain suggestor

About

Security researcher who loves hacking things and building tools to do it better. With 5+ years of hands-on experience in offensive security & vulnerability research. Proven track record of discovering and disclosing multiple CVEs, and authoring advanced Attack Surface Management (ASM) modules. Experienced speaker with presentations delivered at leading security conferences, including BSides Ahmedabad, BSides Singapore, and c0c0n Kerala. Passionate about deep technical research and building solutions that push the boundaries of modern security.

Experience

5 yrs 8 mos

Total Experience

5 yrs 8 mos

Average Tenure

5 yrs 8 mos

Current Experience

Cloudsek

5 roles

Senior Security Researcher

Promoted

Apr 2023 – Present · 3 yrs 2 mos

Developed and maintained the API vulnerability scanner project of CloudSEK ASM.
Created state of the art Wildcard Filter project to eliminate non-legitimate assets associated with a domain (which reduced the ASM resource consumption and scan duration per asset by 50%).
Identified and reported critical security vulnerabilities associated with infrastrucutre and supply chain such as RCEs, account takeovers, PII exposures, etc

API vulnerability scannerWildcard Filtervulnerability reportingVulnerability ResearchSecurity Engineering

Security Engineer

Apr 2022 – Apr 2023 · 1 yr

Co-developed the first ASM Web Application Scanner project of CloudSEK along with a teammate.
Found critical 0-day vulnerabilities on Appsmith Business Intelligence platform (CVE-2022-38298, CVE-2022-38299)
Created bevigil-cli - The first open source project of CloudSEK
Worked on multiple modules such as:
Vulnerability scanning/detection modules (XSS, Exposed secrets, API endpoints, etc)
Webapp classifier project to identify if a customer web application is internal(business critical) or external
Revamped the subdomain discovery project
Passive URL discovery & technology stack detection module

Web Application Scanner0-day vulnerabilitiesopen source project developmentPenetration TestingVulnerability Research

Senior Security Researcher

Promoted

Oct 2021 – Apr 2022 · 6 mos

Created domain suggestor project to identify domains associated with an organization through passive intelligence
Identified and reported critical infrastructure security as well as brand security issues to our customers and prospects.
Created the first google docs based reporting engine for mobile application security reports.

domain suggestorinfrastructure securityreporting engineVulnerability ResearchSecurity Research

Cyber Security Analyst

Promoted

Oct 2020 – Nov 2021 · 1 yr 1 mo

Identified and reported breached credentials, exposed source code, fake websites, fake social media pages, dark web and telegram discussions associated with customers.
Created and organized CTF challenges and events.

credential reportingCTF challengesCybersecurity