Name: Tushar Rajendra Gurav
Role: Security Engineer @ Qualys
Location: India 🇮🇳
Specialization:
- Web Application Security
- VAPT & Bug Bounty Hunting
- Secure Development
- DevSecOps Automation
- AI Security & Offensive Security Research
Current Focus:
- AI-powered Penetration Testing
- Detection Engineering
- Security Automation
- Advanced Web Exploitation
- Cloud & Infrastructure Security🔭 Currently building AI-powered offensive security workflows & autonomous penetration testing frameworks 🛡️ Security Engineer at Qualys working on CVE validation, exploit analysis & detection engineering ⚡ Found & responsibly disclosed 58+ vulnerabilities across multiple organizations 🏆 Hall of Fame recognition from NASA, RedBull, Lenovo, EPAM, Bitdefender & many more 🧠 Passionate about AI Security, Automation, Web Exploitation & Offensive Research 📚 Currently learning Advanced Web Application Security & AI Red Teaming
📅 Jan 2025 – Present
- Tracked and analyzed 50+ public exploit disclosures weekly to improve detection coverage.
- Reproduced and validated PoCs/exploits for newly published CVEs.
- Converted exploit chains into reliable detection signatures and automation workflows.
- Built Python-based automation pipelines for exploit testing & scalable validation.
- Worked on reducing false positives and improving real-world exploit visibility.
📅 Jan 2024 – Present
-
Identified and responsibly disclosed 58+ vulnerabilities.
-
Specialized in:
- Broken Access Control
- Command Injection
- Cross-Site Scripting (XSS)
- CORS Misconfigurations
- CSRF
- Information Disclosure
-
Automated reconnaissance and vulnerability detection workflows reducing manual effort by 80%.
-
Collaborated with organizations to improve remediation and secure development.
-
Earned Hall of Fame recognitions from multiple global organizations.
AI-powered offensive security platform designed for intelligent context-aware penetration testing.
- 🛰️ 6-phase automated reconnaissance pipeline
- 🤖 LangGraph multi-agent architecture
- 🧠 RAG-powered intelligent tool selection
- 🔐 Human-in-the-Loop (HITL) safety validation
- 🐳 Docker-isolated offensive execution environment
- 🌐 Support for OpenAI, Anthropic, NVIDIA & Ollama models
- 📡 WebSocket real-time terminal streaming
- 📑 Multi-format report exporting
- 🔧 200+ integrated security tools
Python • LangGraph • ChromaDB • Docker • REST APIs • WebSockets
OpenAI • Anthropic • Ollama • Offensive Security ToolingReal-time AI collaboration platform with secure communication and integrated automation.
- Secure group communication
- AI agents integration
- Real-time media & chat system
- CI/CD security scanning
- Dockerized infrastructure
- Collaborative productivity workflows
React • Node.js • MongoDB • Socket.IO • Docker • JenkinsAutomated toolkit for reconnaissance, vulnerability discovery and workflow optimization.
- Automated recon
- Vulnerability scanning pipelines
- Subdomain enumeration
- Historical URL extraction
- Security automation scripts
- Faster triage workflows
🔗 Repository: https://github.com/tushargurav28/Bug-Bounty-Tool
Burp Suite Pro • Nmap • Wireshark • OWASP ZAP • SQLMap
Metasploit • Nessus • Qualys • Kali Linux • Nginx
Apache • IIS • Firewall Analysis • IDS/IPS
|
|
🥇 Hall of Fame recognition from:
- NASA
- Intel
- RedBull
- Lenovo
- EPAM
- Bitdefender
- Drexel University
- 10+ additional organizations
🔥 Found 5 Critical Remote Code Execution (RCE) vulnerabilities in RedBull systems 🛡️ Discovered CVEs:
- CVE-2023-41615
- CVE-2023-41614
- CVE-2023-41616
🎯 Solved:
- 50+ VulnHub machines
- 200+ PortSwigger labs
🏅 Ranked among top hackers on HackTheBox
- ✅ Certified Network Security Practitioner (CNSP)
- ✅ Ethical Hacking Essentials (EHE) — EC-Council
- ✅ Qualys Vulnerability Management Detection and Response
- 🚀 Build advanced AI-assisted offensive security systems
- 🔐 Contribute to AI Security & Detection Engineering research
- 🧠 Develop autonomous penetration testing workflows
- 🌍 Collaborate with the global cybersecurity community
- ⚡ Publish advanced security tooling & research
If you like my work, consider giving a ⭐ to my repositories and connecting with me.