A Security Researcher focused on offensive security and vulnerability research. Recognized by multiple organizations in the public and private sectors for responsible security disclosures and contributions to improving digital infrastructure security.
Hi, I am Rokkam Vamshi (iamaangx028), Security Researcher with expertise in offensive security focusing on vulnerability discovery and exploitation. Completed my graduation in Computer Science and Cybersecurity.
1 yr 2 mos
At FireCompass, I contribute to continuous attack surface discovery and CVE research, focusing on real-world exploitation paths. My work involves analyzing vulnerabilities, building automation scripts, and simulating adversarial behaviors to support proactive red teaming. I help strengthen defenses by mapping and monitoring exposed assets across enterprise environments.
At FireCompass, I contribute to continuous attack surface discovery and CVE research, focusing on real-world exploitation paths. My work involves analyzing vulnerabilities, building automation scripts, and simulating adversarial behaviors to support proactive red teaming. I help strengthen defenses by mapping and monitoring exposed assets across enterprise environments.
7 mos
At CybersmithSECURE, I have worked on numerous projects, utilizing my expertise in penetration testing and vulnerability assessment. Conducted more than 30+ Web, Network, and API Pentest in a limited time frame with custom code alongside my team. During my testing, I have discovered over 50+ Critical and high-severity vulnerabilities, including SQL injections, IDORs, ATOs, unauthorized admin panel access, PII leaks, information disclosure, business logic vulnerabilities, and cross-site scripting...etc
Sree Vidyanikethan Engineering College - Notable coursework in Computer Science & Cybersecurity
Access my Resume here
Domain-based recon engine with subdomain enumeration, deduplication, Nuclei scanning, and results in user friendly dashboard.
A powerful JavaScript enumeration and analysis tool for security researchers and penetration testers. Will make it Public once I complete working on it!
Lightweight terminal-based password manager with encryption for personal use.
A Burpsuite extension that is used to automatically highlight Burp HTTP history with different colors.
Practical certification demonstrating hands-on penetration testing skills and methodology. Covers network attacks, web application testing, and system exploitation.
Specialized training in API security testing, vulnerability assessment, and remediation strategies. Focuses on OWASP API Top 10 security risks.
A deep dive into WebApp, Network and AD security testing and remediation. It was a 100% hands-on practical exam based certification with custom report template. It covers various penetration testing methodologies and real-world scenarios.
Thank you for responsibly disclosing the information leakage finding on one of our Jenkins servers. We appreciate the professional manner in which the issue was reported.
❞
We extend our gratitude for your responsible disclosure of critical security vulnerabilities in our web portal. Your expertise helped protect sensitive educational data.
❞
Thank you for identifying and reporting the authentication bypass vulnerability in our research portal. Your contribution has significantly improved our security posture.
❞
We appreciate your responsible disclosure of the SSRF vulnerability in our internal API. Your detailed report allowed us to quickly remediate the issue.
❞
Thank you for your diligent effort in identifying and responsibly reporting the Blind XSS vulnerability in our Support Portal.
❞
You helped us in improving IT security at our University
❞
A detailed writeup on how Django's debug mode can be exploited to gain unrestricted access to internal dashboards and sensitive information.
Guide to utilizing Shodan for identifying exposed Jenkins instances and the security implications of these findings.
Beyond these featured reports, explore my comprehensive weekly cybersecurity learning journey. Each blog post is presented in an interactive, node-based format for enhanced engagement and deeper understanding.
Got a chance to meet the great minds of Cybersecurity. Thanks to Yassine Aboukir 🐐 for the entry Pass.
NCIIPC AICTE Pentathon 2024 Finalist. Attended my first ever offline CTF challenge. It was a fun and great learning experience.
@iamaangx028
@rokkam-vamshi
@iamaangx028
@iamaangx028