Saurabh Tiwari | Junior Penetration Tester

[ INITIALIZING PROFILE... ACCESS GRANTED ]

SAURABH TIWARI

// JUNIOR PENETRATION TESTER · VAPT · CEH MASTER · SECURITY ANALYST

saurabh@kali:~$ whoami --verbose

name : Saurabh Sujeet Tiwari

role : Junior Penetration Tester | VAPT | Security Analyst

cert : CEH Master — EC-Council

location : Diva, Maharashtra, India

status : ACTIVELY HUNTING

[ INITIATE CONTACT ] [ VIEW OPERATIONS ] [ LINKEDIN ]

[ 01 ]

ABOUT

Cybersecurity fresher with CEH Master certification and 6 months of hands-on internship experience in web application VAPT and vulnerability management.

Proficient in Burp Suite, Nmap, Metasploit, and Kali Linux. Conducted manual testing and security assessments for SQLi, XSS, IDOR, and broken authentication across lab environments, documenting findings with CVSS severity ratings.

Hands-on experience with Splunk for log analysis and security event monitoring. Actively performing reconnaissance and vulnerability research via bug bounty on HackerOne.

Practising on TryHackMe, HackTheBox, and PortSwigger daily — because the grind never stops.

// NAME

Saurabh Sujeet Tiwari

// LOCATION

Diva, Maharashtra, India

// EMAIL

tsaurabh163@gmail.com

// PHONE

+91-7400269686

// GITHUB

github.com/saurabht004

// LINKEDIN

saurabhtiwari004

// HACKERONE

saurabht004

// DOMAIN

Cybersecurity / InfoSec

// STATUS

Open to Opportunities ✓

[ 03 ]

ARSENAL

// PENETRATION TESTING & VAPT

Web App VAPTNetwork PentestingOWASP Top 10Manual TestingAPI TestingAuth TestingSession ManagementCVSS ScoringPentest Reporting

// EXPLOITATION

SQL InjectionXSSIDORAuth BypassBroken Access ControlParameter Tampering

// TOOLS

Burp SuiteMetasploitNmapWiresharkSQLmapSubfinderKali LinuxSplunk

// RECON & OSINT

Subdomain EnumerationService DetectionDirectory Brute-ForceBasic OSINTReconnaissance

// SIEM & MONITORING

SplunkSPL QueriesLog IngestionDashboard CreationAlert TriageSOC Concepts

// NETWORKING & OS

TCP/IPDNSHTTP/HTTPSSSL/TLSKali LinuxUbuntu/DebianWindows

// PROGRAMMING

Python (Scripting)BashCC++

// PLATFORMS

TryHackMeHackTheBoxPortSwiggerVulnHubHackerOne

[ 04 ]

FIELD EXPERIENCE

CYBER SECURITY INTERN

Mastermind Security Pvt. Ltd.

May 2025 – Oct 2025
[6 MONTHS]

Executed full pentest lifecycle on lab targets — reconnaissance, scanning, exploitation, and reporting.
Found and documented 20+ vulnerabilities (SQLi, XSS, IDOR, broken auth) with CVSS severity ratings across 10+ lab environments.
Used Burp Suite to intercept and test HTTP requests — checked for parameter tampering, auth flaws, and session issues.
Did network recon using Nmap — mapped open ports, identified running services, noted potential attack paths.
Helped 15+ students reproduce vulnerabilities and understand exploitation impact through practical demonstrations.
Set up lab VMs with DVWA and WebGoat for practice sessions.
Conducted 5 security awareness sessions on phishing and social engineering.

[ 05 ]

OPERATIONS / PROJECTS

// OP-01 · WEB APP SECURITY

Web App VAPT Lab

Tested for SQLi, XSS, IDOR, and auth bypass using Burp Suite on PortSwigger labs (30+ completed) and local VMs. Intercepted and modified HTTP requests, analyzed cookies and session tokens.

Burp SuiteOWASP Top 10PortSwiggerDVWA

// OP-02 · NETWORK RECON

Network Scanning & Fingerprinting

Port scanning and service fingerprinting with Nmap across 50+ simulated targets — identified open ports, services, OS versions, and potential attack vectors for reporting.

NmapWiresharkTCP/IPService Detection

// OP-03 · PRIVILEGE ESCALATION

Linux PrivEsc Research

Practiced SUID abuse, cron job misconfigurations, and weak file permissions on TryHackMe and VulnHub. Documented escalation paths and built a personal cheatsheet for common vectors.

Kali LinuxTryHackMeVulnHubSUID

// OP-04 · SIEM

Splunk SIEM Lab

Ingested security logs into Splunk, wrote SPL queries to detect failed logins and unusual network traffic. Built basic security dashboards for event visualization and alert triage.

SplunkSPLLog AnalysisSOC

// OP-05 · BUG BOUNTY

HackerOne Bug Bounty

Active bug bounty hunter on HackerOne (saurabht004). Performing recon and vulnerability testing on in-scope web targets — subdomain enumeration, API endpoint discovery, and parameter fuzzing.

HackerOneSubfinderOSINTAPI Fuzzing

// OP-06 · HOME LAB

Self-Hosted Pentest Lab

Maintained a self-hosted penetration testing lab with DVWA, WebGoat, and custom VMs for hands-on vulnerability research and exploit practice — all on isolated, non-production systems.

DVWAWebGoatVirtualBoxKali Linux