Iโm VETTRIVEL U, a passionate Offensive Security Expert hailing from Cuddalore, Tamil Nadu, India ๐ฎ๐ณ.
I'm specialized in Vulnerability Assessment & Penetration Testing (VAPT), Red Teaming, and Offensive Security Operations โ with a proven track record of breaching systems to secure them.
Iโve earned multiple Hall of Fame recognitions from MNCs for responsibly disclosing critical vulnerabilities. From gaining root access to high-level systems to pwning servers, Iโve had the thrill of ethically exploiting and helping secure both Indian and US government infrastructures.
Along the way, Iโve bagged exclusive swags and rewards, and Iโm proudly listed as a Top Voice in Information Security on LinkedIn.
As a freelancer, I collaborate with companies to work on outsourced security projects โ and have been paid by top-tier organizations for my findings.
I also love giving back to the community: conducting classes, webinars, and mentorship sessions for juniors and aspiring bug bounty hunters.
I recently qualified for the finals of a national-level Hackathon x CTF, proving my ability to think under pressure and hack smart.
Youโll often find me sharing deep dives and writeups on Medium, covering everything from 0-day findings to beginner tips.
- Flipkart โ Positioned First Place in Hall of Fame
- Swags from BugCrowd โ Earned StormTech Backpack & Beanie
- Mina Protocol โ Identified vulnerabilities in Blockchain-Based Web Application
- HACKEN โ Discovered Critical vulnerabilities in Web & Apps
- Swaggle โ Reported 3+ vulnerabilities (2 High, 1 Low)
- U.S. Small Business Administration โ Reported 2 vulnerabilities (1 Medium, 1 Low)
- Westpac Banking Corporation โ Identified High & Medium severity vulnerabilities in Banking Infrastructure
- Zoopla โ Discovered vulnerabilities in Web Application
- Roobet โ Reported 1 High severity vulnerability
- Vulnerability Assessment & Penetration Testing (VAPT)
- Expertise in Web, Network, API, and LLM AI security, addressing OWASP Top 10 vulnerabilities
- Red Team Engagements & Threat Emulation
- Bug Bounty Hunting - Web, API, Network
- Post-Exploitation & Privilege Escalation (Linux/Windows)
- Network Exploitation & Lateral Movement
- Offensive Security Operations
- Static/Dynamic Application Security Testing (SAST/DAST)
- CTF Strategy & Real-World Simulations
- Web & Network Pentesting: Burp Suite Pro, Nmap, Metasploit, Postman, OWASP ZAP, Hydra, Nessus, OpenVAS, BeEF
- Exploitation & Recon: SQLmap, XSS Hunter, XSStrike, Commix, FUFF
- Enumeration & OSINT: Amass, theHarvester, Subfinder, Assetfinder
- Directory & Service Enumeration: Dirb, Gobuster, Nikto, WhatWeb, Wappalyzer CLI, Aircrack-ng
- Threat Intelligence: Shodan, Censys, Google Dorking, Maltego
- Active Directory & Post-Exploitation: BloodHound, Empire, CrackMapExec, Responder, Impacket
- Cloud Security: Steampipe (Cloud IAM Audit), CloudSploit, ScoutSuite
- Bash Scripting (Pentest automation, enumeration scripts, payloads)
- Python (Custom tools, exploit development, automation)
- Tool Wrapping & Chaining
- Developed internal scripts to speed up assessments & scanning
- OWASP Top 10 (Web & API)
- MITRE ATT&CK Framework
- NIST Methodologies
- Secure Code Review
- Common CVEs and Exploitation Tactics
- Deep understanding of Linux & Windows Internals (for post-exploitation)
- โ eJPT - Jr. Penetration Tester (INE)
- โ CEH Essentials (EC-Council)
- โ API Security Fundamentals (APISec University)
- โ CC (ISC2)
- โ EHPT+ (Udemy)
- ๐ [LinkedIn - Top Information Security Voice]
- ๐ง Email: uvettrivel007@gmail.com
๐ Always learning & pushing boundaries in cybersecurity! ๐ก