Offensive Security Consultant · NST Cyber

Akash A

A passionate cybersecurity enthusiast with strong knowledge of Ethical Hacking, Web/Mobile/API Pentesting, Source Code Review, and Secure Programming. Currently serving as Associate Consultant – Offensive Security at NST Cyber, with $10,000+ in bug bounty rewards, 500+ vulnerability reports, and Hall of Fame recognition from Bybit, Red Bull, and 50+ organizations.

Achievements Experience LinkedIn GitHub
Active on → HackerOne Intigriti YesWeHack Immunefi
$0
Bounty Rewards
all platforms combined
0
Reports Submitted
vulnerabilities found
0
Companies (HOF)
hall of fame mentions
0
Vulns Found (VAPT)
consulting projects
About Me

Security Researcher & Ethical Hacker

A passionate CyberSecurity Enthusiast with strong knowledge of Ethical Hacking, Web App Pentesting, Mobile App Pentesting, API Pentesting, Network Pentesting, Source Code Review and Secure Programming Principles and Practices.

A Certified AppSec Practitioner (CAP) with the ambition of Offensive Security Researcher. Good all-rounded knowledge of IT with the ability to work in team environments as well as individually.

Currently working as Associate Consultant – Offensive Security at NST Cyber, specializing in comprehensive VAPT across web, infrastructure, APIs, mobile applications, thick clients, and source code with real-world threat scenario reporting.

🎯
Specialization
VAPT · Web · Mobile · API · Network · Source Code Review · SAST/DAST
🏆
Bug Bounty
$10,000+ earned · 400+ reports · 50+ companies recognized
Interests
Offensive Security · Red Teaming · Exploit Development
Professional Skills
VAPTSource Code ReviewWeb App & API PenTesting Network & Infra PenTestingMobile App PenTesting(Android & iOS) SAST & DASTThick-Client PenTestingASM(Attack Surface Management) AI Agents for Pentest Automation
Tools
Burp SuiteMobSFNmapNessus MetasploitJADXPostman CheckmarXWiresharkRecon
Languages & Tech
PythonBashJavaScriptC LinuxGitHubAutomation Scripting
Hardware / IoT
Raspberry PiArduinoESP32 Routers & SwitchesFirewalls
Work Experience

Professional History

From internships to full-time offensive security consulting — a track record built on real-world impact.

Associate Consultant — Offensive Security
NST Cyber · Bangalore (Remote)
Jan 2025 — Present
🟢 Current Role
  • Comprehensive VAPT across web, infrastructure, APIs, mobile applications, thick clients, and source code.
  • Focus on identifying, exploiting, and demonstrating real-world security risks with actionable remediation guidance.
  • On-site client engagements delivering organization-wide Internal VAPT and CA configuration audits.
  • Comprehensive Attack Surface Management (ASM) using advanced automation and custom scripting.
  • Collaborate with development and security teams to validate fixes and improve overall security posture.
  • Produce detailed, high-quality reports aligned with industry standards and real-world threat scenarios.
Bug Hunter — Part-Time
HackerOne · YesWeHack · Intigriti · Immunefi
Jul 2023 — Present
  • Employed as a part-time bug hunter across HackerOne, YesWeHack, and Intigriti platforms.
  • Submitted 400+ reports identifying vulnerabilities in web applications.
  • Rewarded $10,000+ in total bounties.
  • Recognized by Microsoft, Red Bull, Boat, Bybit, and 50+ other companies.
VAPT Consultant — Freelancing
Independent · Indian & International Clients
May 2024 — Dec 2024
  • Comprehensive VAPT across WAPT, MAPT, API-Pentesting, Network PT, Thick-Client, and Source Code Review.
  • Worked on 15+ private projects for clients from Indian and international markets.
  • Discovered 200+ vulnerabilities, including critical RCE, SQLi to full database compromise, business logic flaws, and paid subscription bypasses.
Trainee Security Engineer Intern
Auriseg Consulting Pvt. Ltd. · Chennai
Aug 2023 — Jan 2024
  • VAPT specialist across Web, API, Mobile, and Network Penetration Testing.
  • Contributed to 30+ projects, identifying 300+ vulnerabilities in web, API, and network systems.
  • Conducted internal web application penetration testing (WAPT) on-site for clients.
Flutter Developer Intern
Ycode · Puducherry
Apr 2023 — Jun 2023
  • Android application development using the Flutter framework.
  • Created 5+ Flutter applications with API integration and Firebase as backend database.
Research & Development Intern
Appasamy Associates Pvt. Ltd. · Pondicherry
Oct 2022 — Mar 2023
  • Software and IoT Developer collaborating with teams to support and enhance desktop applications.
  • Developed an IoT solution using ESP32 with an Android application for device control.
  • Proficient in Python, C, C++, and Dart.
Bug Bounty Platforms

Active Profile Presence

Verified and active across four of the world's leading bug bounty and security research platforms.

HackerOne
@akashoffsec · since 2021
Profile
$2K
Earned
4+
Thanked
HOF
Status
Superhuman (Grammarly) Bybit Fintech OPPO Hilton
HackerOne profile
Intigriti
@0xfinder
Profile
€500
Earned
21
Total
52%
Valid Rate
#1920
Rank
🐂 Red Bull Rombit Engel & Völkers
Intigriti profile
YesWeHack
@akash_as · joined 2023
Profile
$10K
Earned
90
Reports
426
Points
#518
Rank
GovTech Programs Paddle.com DINUM Toto-Lotto
YesWeHack profile
Immunefi
@akashoffsec · since Oct 2024
Profile
$1K
Earned
#1490
All-Time
Junior
Level
Web3 Security DeFi Protocols Smart Contracts
Immunefi profile
Recognition

Hall of Fame & Achievements

Companies & Organizations (50+)
Red Bull
Intigriti
HOF + 3 RedBull Trays
boAt
Private
Acknowledged
Superhuman
HackerOne (Grammarly)
HOF
Bybit
HackerOne
HOF + $2,500
GovTech SG
YesWeHack
HOF + $8000+
OPPO
HackerOne
HOF
Hilton
HackerOne
HOF
Engel & Völkers
Intigriti
HOF + Acknowledged
DINUM
YesWeHack
HOF + $1000
Toto-Lotto
YesWeHack
HOF + €400
More Orgs
private & public
Ongoing
Platform Deep Dive

YesWeHack Spotlight

90 reports · $10,000 earned · Global rank #518 · Rewarded swags & appreciation from the platform.

90
Total Reports
426
Points Earned
#518
Global Rank
YesWeHack profile
GovTech badges
Notable Reports — Top rewards from 90 total
Program
Reward
Severity
Status
GovTech GBBP15
$1,000
M-6.4
Accepted
GovTech GBBP13
$1,000
M-5.4
Accepted
GovTech GBBP12 (×3)
$3,000
M-4.3/5.4/4.3
Accepted
DINUM — API Particulier
€800
H-7.5
Accepted
Toto-Lotto Niedersachsen
€400
M-4.3
Accepted
Paddle.com — Private BB
$500
M-5.3
Accepted
GovTech GBBP14
$400
L-2.6
Accepted
La Suite Territoriale (LST)
€350
L-3.1
Accepted
↳ 90 total reports · displaying top 8 by reward
Certifications

Courses & Certificates

🛡️
Certified AppSec Practitioner (CAP)
The SecOps Group
Industry Certification
⚔️
Ethical Hacking Essentials (EHE)
EC-Council Learning
EC-Council
🌐
Cyber Security Virtual Internship Program 2021
Cisco Networking Academy
Cisco
🎯
Bug Bounty Hunting & Web Security Testing
Z Security · Udemy
Udemy
🔐
Mastering Authentication and SSRF Vulnerabilities
Udemy
Udemy
Open Source

Security Tools & Projects

Open-source tools built to make recon, JS analysis, and dependency scanning faster and smarter.

DepFusion
GitHub
Detects dependency confusion vulnerabilities by scanning package.json and requirements.txt recursively in directories or repositories, highlighting unregistered dependencies.
PythonDependency ConfusionCLI ToolSupply Chain
Favicon_hash_calculator
GitHub
The easiest way to calculate and generate the favicon hash value with the help of the CLI — useful for fingerprinting servers and discovering assets during recon.
ReconFavicon HashCLIAsset Discovery
JSzzer
GitHub
An open-source CLI tool used to perform a deep-grep on JavaScript files to extract all sensitive information — API keys, tokens, endpoints, and hardcoded secrets.
JavaScriptSecrets ExtractionCLIRecon