Hello! I'm pevinkumar A, pursuing the final-year Cybersecurity undergraduate degree with a passion for offensive security, tool development, and real-world attack simulation. I specialize in penetration testing, recon automation, and building custom tools to simplify repetitive tasks.
Currently focusing on improving red team tradecraft, building custom recon frameworks, and contributing to ethical hacking communities. Open to junior pentesting or security research roles where I can continue learning, building, and breaking.
2024 – Present
Built tools like PhonyARP, RootESC , HTTP-Prober, and RaaSMonarch for recon automation.
2024 – Present
Solved 90+ TryHackMe labs (Top 1% globally) with 200+ room completion. Found security issues on HackerOne's public platforms & public VDPs.
View Profile
Prompt InfoTech | May–June 2025
Assisted in real-world pentesting and built a custom IP Logger tool.
InLighn Tech | May–June 2025
Practical learning with real-world attacks and custom tool building. Built hash-brute for cracking hashes.
2025 – Present
Contributor at RevoltSecurities supporting the development of SubProber through pre-release testing.
Conducted a comprehensive black-box penetration test on Metasploitable2, successfully exploiting over 25 vulnerabilities (excluding DVWA), and documented all findings in detail.
Developing RaaSMonarch(Recon-as-a-Service) Framework v1.0.0 to automate the recon process through a user-friendly web interface, eliminating the complexity and frustration of managing multiple tools manually.
A vulnerability affecting Sudo versions <1.9.17p2. I developed a Python-based PoC demonstrating how attackers can escalate privileges by abusing chroot call from sudo utility.
A multi-page vulnerable coffee shop web app built for security testing and learning purposes. It is purposely vulnerable to common web security issues, making it suitable for penetration testing, security training, and CTF challenges.
Designed and simulated a keylogger attack to demonstrate the keystrocks capture, secure encryption, and network-based exfiltration of keystrokes to a remote server.
Designed and implemented a privilege escalation analysis tool to gain a deeper understanding of enumeration utilities such as LinPEAS and WinPEAS. It automate the analysis process with the help of bash.
Developed and simulated an ARP spoofing tool to simulate MITM attacks, aimed at gaining a comprehensive understanding of ARP spoofing mechanisms, MITM attack vectors, and effective defense strategies against such threats.
A vulnerability affecting WingFTP versions <=7.4.3. I developed a Python-based extended exploit to demonstrate and enhance the exploit with custom temporary shell ,also has reverse shell feature.
Built custom CTF challenge to learn and practice chaining of three critical vulnerability like File upload to RCE to privilege escalation in a secured controlled environment (container).
Developed an asynchronous HTTP probing tool to retrieve status codes for given URLs, and packaged it for distribution on PyPI with a user-friendly interface to streamline status code analysis.
Developed a E2E encrypted chat room app with GUI clients also Conducted traffic analysis to explore potential eavesdropping vectors under simulated adversarial conditions.
A beginner-friendly LAMP stack running inside Docker for learning and testing purposes like it uses raw SQL queries making it vulnerable to SQL Injection, the DB uses a default root password (example) ,it also configured directory listing in Apache.
