┌──(kiran㉿iisc-bangalore)-[~]
└─$ cat whoami.txt
Name : Kiran Kumar K
Role : Junior Security Analyst — IISc DIGITS/ISO
Location : Bangalore, Karnataka 🇮🇳
Email : kirankumark.sec@gmail.com
Focus : VAPT · SOC · Digital Forensics · IoT Security
Mindset : Offensive thinking. Defensive discipline.
┌──(kiran㉿iisc-bangalore)-[~]
└─$ cat impact.log
🔴 563 CCTV cameras secured (default creds + full PoC)
🌐 30+ web apps tested — 100% remediation compliance
⚡ 40% incident response time reduction via automation
🛰️ NASA · Stanford · Govt portals — responsible disclosures
🐍 Python automation — NCCC threat intel processing- 🔭 Currently working as Junior Security Analyst at IISc Bangalore (DIGITS/ISO)
- 🌱 Specializing in VAPT, SOC Operations, Digital Forensics & IoT Security
- 🐛 Active Bug Bounty Hunter — public disclosures to NASA, Stanford & Govt portals
- 🛡️ Expert in Microsoft Sentinel, Intune, Qualys, Rapid7, Wazuh & CrowdStrike
- ⚡ Built Python automation processing NCCC threat intel — reduced IR time by 40%
- 📷 Discovered 563 CCTV cameras with default credentials at IISc — full PoC delivered
- 📝 Writing about cybersecurity at kirankumark3.blogspot.com
- 📬 Reach me at kirankumark.sec@gmail.com
| 🚨 Severity | 🏛️ Organization | 🔍 Vulnerability | 📅 Date |
|---|---|---|---|
| NASA (4 websites) | Bulk Directory Listing — internal dirs & sensitive files exposed | Aug 2024 | |
| IISc Campus (Internal) | 563 CCTV cameras — default credentials, full admin takeover via PoC | 2025 | |
| Stanford University | AWS S3 Misconfiguration — sensitive institutional data exposed | Jul 2024 | |
| Hrylabour.gov.in | Reflected XSS — Govt of Haryana Labour Portal | Jun 2024 | |
| Patanjaliayurved.net | High-severity XSS — acknowledged & resolved | Jul 2024 |
🔴 Junior Security Analyst — IISc DIGITS/ISO, Bangalore | Jul 2025 – Present
VAPT & IoT Security
- 🎯 Executed VAPT on 30+ IISc websites (SQLi, XSS, IDOR) using OpenVAS & Burp Suite Pro — 100% remediation compliance
- 📷 Discovered 563 CCTV cameras across 4 NVR systems with default credentials — demonstrated full admin takeover via PoC
- 🔍 Performed CVSS-based vulnerability prioritization and collaborated with dev teams to integrate fixes into SDLC
SOC Operations & Digital Forensics
- 🛡️ Managed 50+ Microsoft Defender alerts and 35+ Azure agentless alerts — threat hunting, endpoint isolation, incident response
- 🔬 Led forensic investigations of live cyberattacks using MITRE ATT&CK — traced attack vectors, delivered hardening roadmaps
- 🐍 Built Python automation processing NCCC threat intel (IOCs, IOAs, honeypot logs) — reduced IR time by 40%
Infrastructure Hardening
- ☁️ Guided teams to disable
xp_cmdshellon MSSQL servers — eliminating RCE vectors from Azure environment - 🖥️ Deployed Microsoft Intune + Azure AD Join for 170+ systems with LAPS, USB restrictions & ASR rules
- 📊 Deployed Wazuh SIEM with agent-based setup across 170+ endpoints for centralized log monitoring
🟡 Information Security Intern — IISc, Bangalore | Mar 2025 – Jun 2025
- Performed black-box VAPT on IISc subdomains using OpenVAS and Burp Suite Pro
- Delivered CVSS-prioritized PoC reports covering the full OWASP Top 10 vulnerability list
- Analyzed Apache/Nginx web server logs to detect anomalies, brute-force attempts & unauthorized access
🟠 Cloud Application Developer — NCVET (Remote) | Aug 2024 – May 2025
- Developed cloud-native applications following Secure SDLC principles
- Hardened AWS deployments, IAM policies and prevented access misconfigurations
- Applied container security best practices using Docker Compose and network isolation
🟢 Independent Bug Bounty Researcher | Mar 2023 – Dec 2024
- 🛰️ NASA — Bulk Directory Listing across 4 subdomains · Publicly acknowledged on Bugcrowd ·
CRITICAL - 🎓 Stanford University — AWS S3 Misconfiguration exposing institutional data ·
HIGH - 🏛️ Hrylabour.gov.in — Reflected XSS on Govt of Haryana Labour Portal ·
HIGH - 🌿 Patanjaliayurved.net — High-severity XSS vulnerability, acknowledged & resolved ·
HIGH
| 🔢 | 📦 Project | 🛠️ Stack | 📝 Description |
|---|---|---|---|
01 |
Ethical-Hacking-MasterGuide | HTML CSS JS |
Interactive beginner-to-advanced cybersecurity notes — 19 chapters, 60+ tools, 150+ commands. Fully offline. |
02 |
LogAnalyzer-Pro | Python Regex DataViz |
Real-time server log parser — visualizes security alerts & detects anomalies. Used for Apache/Nginx forensics at IISc. |
03 |
Network Forensics Correlator | Bash Sophos RADIUS |
Correlates Sophos Firewall + RADIUS logs for user attribution during incidents. Cuts investigation time by 40%. |
04 |
Brouteforce Engine | Python Sockets |
Custom brute-force simulation engine to test authentication robustness & verify security logging. |
05 |
Docker WP Hardening | Docker Compose |
Containerized WordPress with network isolation, least-privilege principles & hardened security config. |
|
Ethical Hacking Essentials EC-Council · EHE |
Network Defense Essentials EC-Council · NDE |
CompTIA Security+ Coursera / Infosys SpringBoard |
|
AWS Developer — Associate Amazon Web Services |
Bug Bounty & Web App Hacking Udemy |
API Fundamentals Student Expert Postman · Nov 2023 |
🏅 Postman API Fundamentals Student Expert
Verified Badge · Awarded Nov 15, 2023
╔══════════════════════════════════════════════════════════════════════════╗
║ ║
║ "Security is not a product, but a process." — Bruce Schneier ║
║ ║
║ Every vulnerability found. Every system hardened. ║
║ Every incident investigated — it's an ongoing mission. ║
║ Not a task. Not a job. A responsibility. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════╝