$ initializing operator profile...

Abhi_Hackz

Abhishek Bhaskar · Cybersecurity Researcher
>  

Senior VAPT Consultant, bug bounty hunter and security speaker. I break web, mobile, API, network, IoT, wireless and AI systems — then help organisations build them back stronger.

Offensive Security Bug Bounty AI Red Teaming Security Automation 5+ yrs
abhi@hackz: ~/profile
~/stats $ cat metrics.log_
0
Years Experience
0
Applications Secured
0
Hall of Fame Recognitions
0
Custom Security Tools
0
Bug Bounty Platforms
0
Security Talks Delivered
0
Community Events
0
Security Domains Covered
~/about $ cat profile.md_

Who is Abhi_Hackz?

Abhishek Bhaskar, known professionally as Abhi_Hackz, is a cybersecurity professional with over five years of experience in offensive security, vulnerability assessment, penetration testing and bug bounty hunting.

Over the course of his career he has assessed and helped secure more than 1000 applications and infrastructures — spanning enterprise web platforms, mobile apps, APIs, internal networks, wireless environments, IoT devices and, more recently, AI systems.

Alongside consulting work, he actively participates in bug bounty and responsible disclosure programs and has earned Hall of Fame recognitions from multiple organisations. He is passionate about offensive security research, automation, AI security, and giving back to the community through talks, workshops and open-source tooling.

Web App VAPTMobile VAPT API SecurityInfrastructure Network PentestWireless IoTAI Security AutomationBug Bounty
// aliasAbhi_Hackz
// roleSr. VAPT Consultant
// focusOffensive Security
// experience5+ years
// secured1000+ assets
// certsCEH · CPTE
// locationIndia
// status● available
~/experience $ git log --oneline_

Experience

Security Analyst
Offensive Security · VAPT · Bug Bounty
  • Web Application VAPT
  • Mobile Application VAPT
  • API Security Testing
  • Network Security Assessment
  • Report Writing & Validation
  • Bug Bounty Report Review
  • Client Security Consulting
  • Security Automation Development
~/skills $ ls -la ./arsenal_

Skill Arsenal

offensive-security

Web App SecurityMobile App Security API SecurityThick Client Network VAPTInfrastructure VAPT Wireless SecurityIoT Security

bug-bounty

Recon AutomationAsset Discovery Subdomain EnumerationVulnerability Chaining Advanced MethodologiesReport Writing

ai-security

Prompt InjectionLLM Security Testing AI Red TeamingAgent Security AI Threat Modeling

frameworks

OWASP Top 10MITRE ATT&CK CVSSThreat Modeling Secure SDLC
~/hall-of-fame $ ls -la_

Hall of Fame

Public recognitions earned through responsible vulnerability disclosure.

// public recognitions
PUBLICNASA Hall of Fame recognition

NASA

Hall of Fame · 2026

Recognition for responsible vulnerability disclosure.

⧉ proof link — add later
PUBLICNojoto Hall of Fame recognition

Nojoto

Hall of Fame

Recognition for responsible vulnerability disclosure.

⧉ view proof on LinkedIn
PUBLICRepAutomate Hall of Fame recognition

RepAutomate

Hall of Fame

Recognition for responsible vulnerability disclosure.

⧉ view on RepAutomate
// responsible disclosure · private programs
PRIVATEVero VDP responsible disclosure recognition

Vero VDP

Bugcrowd · Private Recognition

Responsible disclosure under the Vero VDP program.

⧉ view on Bugcrowd
~/bug-bounty $ ./stats.sh_

Bug Bounty

0
Valid Reports
0
Bounties Earned
0
Hall of Fame
0
Critical
0
High Severity

// update counts in index.html — search data-count

// private programs · responsible disclosure
~/projects $ ls ./security-tools_

Projects & Security Tools

Open-source security tooling. Tap a card to open the repo on GitHub.

~/cves $ cat ./disclosed.json_

CVEs & Disclosures

Assigned CVE identifiers and coordinated disclosures.

~/research $ cat ./blog/*.md_

Security Research & Writeups

Bug Bounty WriteupsWeb Security Mobile SecurityAPI Security AI SecurityAutomation ReconCVE Analysis
// bug-bounty
Chaining an IDOR into Full Account Takeover

A walkthrough of how a low-severity IDOR escalated into ATO during a private engagement.

— · 6 min read
draft — coming soon
// ai-security
Prompt Injection in Agentic Workflows

How tool-calling agents leak data and execute unintended actions, and how to test for it.

— · 8 min read
draft — coming soon
// recon
Building a Recon Pipeline That Scales

From subdomain enumeration to live triage — the methodology behind my automation framework.

— · 7 min read
draft — coming soon
~/community $ ls ./events_

Events & Community

Talks, workshops, conferences and campus sessions. Tap any album to view photos.

~/talks $ cat ./sessions.md_

Security Talks

Bug Bounty Hunting

Methodology, recon and the mindset behind finding high-impact bugs.

coming soon

Web & API Security

Common classes, real-world chains and how to test them.

coming soon

Mobile Security

Android/iOS assessment fundamentals and tooling.

coming soon

AI Security

Prompt injection, LLM red teaming and agent threat models.

coming soon

Security Automation

Building pipelines that do the boring work for you.

coming soonß
~/certs $ ls ./credentials_

Certifications

CEH
CEH
Certified Ethical Hacker
CPTE
CPTE
Certified Penetration Testing Engineer
~/contact $ ./connect.sh_

Let's Work Together

// set your Formspree ID or email in the form action