A walkthrough of how a low-severity IDOR escalated into ATO during a private engagement.
draft — coming soonSenior VAPT Consultant, bug bounty hunter and security speaker. I break web, mobile, API, network, IoT, wireless and AI systems — then help organisations build them back stronger.
Abhishek Bhaskar, known professionally as Abhi_Hackz, is a cybersecurity professional with over five years of experience in offensive security, vulnerability assessment, penetration testing and bug bounty hunting.
Over the course of his career he has assessed and helped secure more than 1000 applications and infrastructures — spanning enterprise web platforms, mobile apps, APIs, internal networks, wireless environments, IoT devices and, more recently, AI systems.
Alongside consulting work, he actively participates in bug bounty and responsible disclosure programs and has earned Hall of Fame recognitions from multiple organisations. He is passionate about offensive security research, automation, AI security, and giving back to the community through talks, workshops and open-source tooling.
Public recognitions earned through responsible vulnerability disclosure.

Recognition for responsible vulnerability disclosure.
⧉ proof link — add later

Recognition for responsible vulnerability disclosure.
⧉ view on RepAutomate
Responsible disclosure under the Vero VDP program.
⧉ view on Bugcrowd// update counts in index.html — search data-count
Open-source security tooling. Tap a card to open the repo on GitHub.
Assigned CVE identifiers and coordinated disclosures.
A walkthrough of how a low-severity IDOR escalated into ATO during a private engagement.
draft — coming soonHow tool-calling agents leak data and execute unintended actions, and how to test for it.
draft — coming soonFrom subdomain enumeration to live triage — the methodology behind my automation framework.
draft — coming soonTalks, workshops, conferences and campus sessions. Tap any album to view photos.
Methodology, recon and the mindset behind finding high-impact bugs.
Common classes, real-world chains and how to test them.
Android/iOS assessment fundamentals and tooling.
Prompt injection, LLM red teaming and agent threat models.
Building pipelines that do the boring work for you.
Every photo across talks, conferences and campus sessions. Tap to open.