Darshan Jogi

Ethical Hacker & Cybersecurity Researcher

Specialized in Web App Pentesting, Cloud Security, Android Security, Firmware Security

Hall Of Fame's and Bounty View Projects

About Me

I'm a passionate cybersecurity professional with expertise in identifying and mitigating security vulnerabilities. My focus areas include Web Application Penetration Testing, Cloud Security, Smart Contract Auditing, and Vulnerability Assessment & Penetration Testing (VAPT).

M.Sc in Cyber Security at National Forensic Sciences University, I combine academic knowledge with practical experience to deliver comprehensive security solutions.

Technical Skills

Web Application Pentesting Android Application Pentesting IOS Application Pentesting Thick Client Network Security API Testing Python Linux Bash Scripting Cloud Security Smart Contract Auditing

Experience

Jan 2025 - Present

Product Security Intern

Carrier Global, Hyderabad

Carrier is the global leader in sustainable healthy buildings, HVAC, commercial and transport refrigeration solutions.

Performed Web, Android, IOS, Thick Client, Cloud and Hardware/firmware Pentest
Conducted security testing for live applications

May 2024 - Aug 2024

Cyber Security Intern

Nethermind.io

Web-application testing, Web3 application security testing
Solidity and smart contract auditing/testing

Mar 2024 - May 2024

Security Engineer Intern

SecureMyOrg, Remote

VAPT (SAST, DAST)
Cloud Penetration Testing

Mar 2021 - Present

Independent Security Researcher (Freelance)

Found 200+ Valid Vulnerabilities & Got Rewarded

Testing against technical vulnerabilities
Testing against business logic vulnerabilities
Responsible disclosure

Projects

S3 Bucket Testing Automation

Automated testing framework for AWS S3 buckets to validate configurations, data integrity, and access controls, enhancing reliability and security in cloud storage management.

AWS Python Cloud Security

View on GitHub

Subdomain Takeover Detection Automation

Developed an automated Subdomain Takeover Detection script using Bash, which integrates with the crt.sh API to extract and analyze domain certificates, identifies CNAME records, and outputs results to a file for further review.

Bash API Security

View on GitHub

Certifications & Achievements

Certifications

Web Application Penetration Tester eXtreme (eWPTX)

March 2024

View Certificate

Certified Ethical Hacker CEH V11 Practical

May 2022

Offensive Approach To Hunt Bugs & Offensive API Penetration Testing

August 2021 - HackerEra University

Smart Contract Security and Auditing

January 2024 - updraft.cyfrin.io

Master Blockchain Technology

January 2023 - March 2023

Blockchain Full-Stack Development Bootcamp by codeeater.in

Hall of Fame

Apple ×2

Synology

ProtonMail

Fastly

Groww

Range.co

Honeybook

Binomo

Ivanti

Zora.io

Codding Ninjas

Grailed

Urban.io

Motiv.nl

TechMint

Nestforms

Luminpdf

And More

Watch My PoCs on YouTube

Blogs

Password Spraying Attack

Learn about password spraying attacks, how they work, and ways to prevent them.

Account Takeover: Which Companies Don't Accept?

Exploring the security loopholes in account takeover scenarios and how companies handle them.

Simple Parameter Tampering Account Takeover

A deep dive into how parameter tampering can lead to account takeover vulnerabilities.

Email

darshanbughunter@gmail.com

Phone

+91 91454*****

Location

Hyderabad, India

Download Resume