root@dhrupad:~$ whoami
Security researcher working the full attack-to-defense loop.
root@dhrupad:~$ cat mission.txt
Break systems responsibly. Turn findings into detections. Build tools that help defenders win.
| 150+ vulnerabilities found | 4 published CVEs | 12× Hall of Fame | Top 3 MACCDC 2026 |
|---|---|---|---|
| Responsible disclosure | HAX CMS research | Industry recognition | Collegiate cyber defense |
I work across offensive security, vulnerability research, detection engineering, AppSec, cloud security, DFIR, and AI/LLM red teaming. I like the hard middle ground where a finding becomes a reproducible attack path, a useful detection, and eventually a better product.
|
Open-source Windows endpoint protection with transparent verdicts. Combines ClamAV, ~5,900 YARA rules, abuse.ch intelligence, behavioral heuristics, live C2/hash checks, and a kernel minifilter for pre-execution blocking.
|
Real Linux attack-and-defense labs running entirely in the browser. v86 + WebAssembly ranges with no backend grader or local VM. BlueWall teaches IDS/firewall response; ShadowShell teaches webshell incident response. Each run rewrites the evidence.
|
| ID | Severity | Research |
|---|---|---|
| CVE-2026-46396 | CRITICAL · 9.3 |
Stored XSS via iframe injection in HAX CMS |
| CVE-2026-46496 | CRITICAL · 9.3 |
Stored XSS via the HAX CMS video-player component |
| CVE-2026-46511 | HIGH · 8.7 |
Stored XSS + token exposure account-takeover path |
| CVE-2026-35185 | HIGH · 8.7 |
Public server-status sensitive information exposure |
All four issues were responsibly disclosed and patched upstream. Read the full research and impact notes →
OFFENSE DEFENSE ENGINEERING
├─ Red teaming ├─ Detection-as-code ├─ Python / TypeScript
├─ Web & API testing ├─ Threat hunting ├─ Security tooling
├─ Adversary emu ├─ DFIR ├─ v86 / WebAssembly
├─ AI / LLM security ├─ Incident response └─ Cloud & AppSec
└─ Vuln research └─ Purple teaming
- Penn State — M.S. Cybersecurity Analytics & Operations, 3.96 GPA
- Top 3 — Mid-Atlantic Collegiate Cyber Defense Competition 2026
- 16th of ~100 teams — DOE CyberForce Competition 2025
- Hall of Fame recognition from organizations including SAP and Mastercard
root@dhrupad:~$ make security useful █