Namaste. I'm Bipul Jaiswal.

About

Know More About Me

Recognized and independent security researcher as well as an Experienced Security Consultant with a demonstrated history of working in the Information Security industry. Highly skilled in Secure Code Review, Cloud Security, Web/Mobile, APIs, Infrastructure & Network Vulnerability Assessment & Penetration Testing.

Enthusiastic about Security domain and is always ready to contribute to the team success through hard work and dedication. Motivated to learn, grow and excel in InfoSec Community. Extremely passionate about bug bounty and play CTF to relax and upskill. Currently working as a Security Consultant at SecureLayer7 in Pune, Maharastra, India.

ABOUT

My Education & Experience

Experience

Security Consultant

SecureLayer7 (2022 - Present)

Responsibilities

  • Performed Web Application, API (Rest & GraphQL), Infrastructure, Mobile Application (Android & iOS) Security Assessments.
  • Performed Red Team Operations for Enterprise clients using MITRE Attack Framework.
  • Performed cloud configuration (service accounts, infrastructure) assessments specifically for AWS environments with assistance from automated tools like Scout Suite and CloudSploit.
  • Performed manual and automated secure code review.
  • Proficiently worked with containerization technologies like Kubernetes and Docker to secure containerized applications
  • Possessed a strong understanding of infrastructure security, including secure configuration and hardening techniques.
  • Managing multiple projects, managing teams, and serving as Project Lead to ensure service delivery.
  • Participated in Kick Off Meetings to discuss assessment scope, requirements, deliverables, and client expectations.
  • Authoring and presenting assessment reports to clients to discuss security findings and recommendations.
  • Hunt for 0-days on popular software and follow a coordinated disclosure.
  • Mentoring new interns and associates
    •

    Security Researcher

    Hackerone | Synack Red Team

    Responsibilities

  • Discovered and responsibly disclosed 100+ high and medium severity vulnerabilities as a dedicated Bug Bounty Hunter, contributing to the security enhancement of diverse systems.
  • Recognized for exceptional bug submissions, earning multiple rewards and acknowledgments for identifying critical vulnerabilities, demonstrating strong problem-solving and analytical skills.
  • Collaborated effectively with security teams and developers to provide comprehensive reports, including clear steps to reproduce and mitigate identified vulnerabilities, facilitating efficient remediation processes.
  • Demonstrated expertise in web application security, mobile application security, and network security, with a deep understanding of common attack vectors and best practices to identify and exploit vulnerabilities.
  • Consistently maintained a high level of professionalism and integrity while adhering to responsible disclosure practices, ensuring the confidentiality and security of sensitive information throughout the bug hunting process.
    •

    Education

    Bachelor of Technology

    Lovely Professional University, Punjab, India (2019 - 2023)

    Bachelor of Technology in Computer Science & Engineering

    CGPA: 8.1 out of 10

    High School: Class 12th

    Sub Beam School (2017 - 2019)

    Class 12th from CBSE Board in Physics, Chemistry and Math.

    Percentage: 81 out of 100

    Skills

    MY SKILLS

    Professional Skills


    Penetration Testing (Web / Mobile / API / Network)
    Red Teaming
    Source Code Review (Java, JavaScript, Python, PHP, NodeJs)
    Cloud and Infrastructure Security
    Offensive Tool Development
    Programming (Bash, GoLang, Python, NodeJs)

    Personal Skills


    Leadership
    Team Work
    Communication
    WORK

    My Recent Projects

    Vajra — An Advanced Web Hacking Framework

    Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.



    Read More

    Infrastructure Security and Deployment of VULNCON 2020 & 2021 CTF

    Four-day virtual hacking conference with lots of exciting security talks, and a 24 hour live jeopardy-style CTF.

    Read More

    Sub404: A Fast Tool To Check Subdomain Takeover Vulnerability

    A fast and asynchronous automated tool to find subdomain takeover vulnerability


    Read More

    VA/PT Simulator

    50+ different labs to practice OWASP Top 10 vulnerabilities.

    Read More
    Achievements

    My Achievements

    CVE-2023-0253

    Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated Stored XSS.

    Read More
    CVE-2021-22970

    Concrete CMS versions 8.5.6 and below and version 9.0.0 vulnerable to a SSRF attacks.

    Read More
    Secured 3rd Rank in Novetta's CTF

    Achieved 3rd rank among 2000+ participants in Novetta's CTF organised by HackerEarth.

    Read More
    Secured 4th rank in CTF

    Secured 4th rank among 1500+ participants in CyberHack CTF organised by CyberHack in collaboration with Gujrat Forensic Sciences University.

    Read More
    Organised VULNCON 2020 & 2021 Conference

    Four-day virtual hacking conference with lots of exciting security talks, and a 24 hour live jeopardy-style CTF.

    Read More
    CTF Developer

    Developed CTF challenges for different Infosec Community such as Bsides, DEFCON Delhi, OWASP Chapters, etc.


    Read More
    Hall of Fames

    Received Hall of Fames and Honor from more than 100 companies by reporting security vulnerabilities on different platforms such as Synack Red Team, Hackerone, Bugcrowd, etc.

    Certificates

    MY CERTIFICATES & BADGES

    Extra

    Extra Activities

    Organised VULNCON 2020 & 2021 Cyber Security Conference

    VULNCON (2020 - 2021)

    Responsibilities

  • Hosted 24 hour long jeopardy style Capture The Flag Competition.
  • Hosted talk shows where we bring in various security experts from the world.
  • Provide Training to the novice trying to break into cybersecurity
    •

    Infrastructure Security & Deployment of VULNCON 2020 & 2021 CTF

    VULNCON (2020 - 2021)

    Responsibilities

  • Managed the infrastructure of the CTF competition with more than 2000 participants.
  • Properly deployed different security related challenges using different DevOps technologies.
  • Deployed machines using docker to permit each user to SSH to the challenge server in an isolated environment.
    •

    Delivered talk on Cyber Security Seminar as Guest Speaker

    Lovely Professional University (2022)

  • Shared my knowledge with the students on how to get into cybersecurity.
  • Talked about how we can be secure from cyber frauds.
  • Talked about carrier, pathway and resources on getting started with Cyber Security.
    •
    RECOMMENDATIONS

    RECOMMENDATIONS

    Lorem ipsum dolor sit amet consectetur, adipisicing elit. Vel quae facilis fugiat molestias ab illum excepturi, qui optio modi asperiores, delectus maiores!

    Praveen Dixit

    Head of Global Business, SecureLayer7

    I have worked with Bipul professionally and he is a good candidate in terms of his technical skills and professional work ethics. He has shown immense dedication on projects which I had worked with him with his inter and intrapersonal skillsets.


    Rohit Gautam

    Founder, Hacktify

    A definite computer whiz-kid and who has a very bright future in cyber security. I wish him all the best for his career. His devotion for getting our cyber world secure is unparalleled and feel that he should be entrusted with greater responsibility.

    Vansh Devgan

    Founder, CyberXplore

    BLOG

    My BLog Posts

    11 Mar, 2021

    Introducing Vajra — an advanced web hacking framework
    Read More

    26 Feb, 2021

    PDF Generator Writeup | DNS Rebinding Attack | TrollCat CTF Writeup
    Read More

    23 Dec, 2020

    How to host a CTF event | International CTF Infrastructure Management
    Read More
    CONTACT

    Interested in working together? Let's talk