┌──(kiran㉿iisc-bangalore)-[~]
└─$ cat whoami.txt
Name : Kiran Kumar K
Role : Junior Security Analyst — IISc DIGITS/ISO
Location : Bangalore, Karnataka 🇮🇳
Focus : VAPT · SOC · Digital Forensics · IoT Security
Mindset : Offensive thinking. Defensive discipline.
┌──(kiran㉿iisc-bangalore)-[~]
└─$ cat impact.log
🔴 563 CCTV cameras secured (default creds + full PoC)
🌐 30+ web apps tested — 100% remediation compliance
⚡ 40% incident response time reduction via automation
🏆 NASA · Stanford · Govt portals — responsible disclosures- 🔭 Currently working as Junior Security Analyst at IISc Bangalore (DIGITS/ISO)
- 🌱 Specializing in VAPT, SOC Operations, Digital Forensics & IoT Security
- 🐛 Active Bug Bounty Hunter with public disclosures to NASA, Stanford University & Govt portals
- 🛡️ Expert in Microsoft Sentinel, Intune, Qualys, Rapid7, Wazuh SIEM & CrowdStrike
- ⚡ Built Python automation to process NCCC threat intel — reduced IR time by 40%
- 📝 Writing about cybersecurity at kirankumark3.blogspot.com
| 🚨 Severity | 🏛️ Organization | 🔍 Vulnerability | 📅 Date |
|---|---|---|---|
 |
NASA (4 websites) | Bulk Directory Listing — internal dirs & sensitive files exposed | Aug 2024 |
|
IISc Campus (Internal) | 563 CCTV cameras — default credentials, full admin takeover via PoC | 2025 |
 |
Stanford University | AWS S3 Misconfiguration — sensitive institutional data exposed | Jul 2024 |
|
Hrylabour.gov.in | Reflected XSS — Govt of Haryana Labour Portal | Jun 2024 |
|
Patanjaliayurved.net | High-severity XSS — acknowledged & resolved | Jul 2024 |
🔴 Junior Security Analyst — IISc DIGITS, Bangalore | Jul 2025 – Present
VAPT & IoT Security
- 🎯 Executed VAPT on 30+ IISc websites (SQLi, XSS, IDOR) using OpenVAS & Burp Suite Pro — 100% remediation compliance
- 📷 Discovered 563 CCTV cameras across 4 NVR systems with default credentials — demonstrated full admin takeover via PoC
- 🔍 Performed CVSS-based vulnerability prioritization and collaborated with dev teams to integrate fixes into SDLC
SOC Operations & Digital Forensics
- 🛡️ Managed 50+ Microsoft Defender alerts and 35+ Azure agentless alerts — threat hunting, endpoint isolation, incident response
- 🔬 Led forensic investigations of live cyberattacks using MITRE ATT&CK — traced attack vectors, delivered hardening roadmaps
- 🐍 Built Python automation processing NCCC threat intel (IOCs, IOAs, honeypot logs) — reduced IR time by 40%
Infrastructure Hardening
- ☁️ Guided teams to disable
xp_cmdshellon MSSQL servers, eliminating RCE vectors from Azure environment - 🖥️ Deployed Microsoft Intune + Azure AD Join for 170+ systems with LAPS, USB restrictions & ASR rules
- 📊 Deployed Wazuh SIEM with agent-based setup across 170+ endpoints for centralized log monitoring
🟡 Information Security Intern — IISc, Bangalore | Mar 2025 – Jun 2025
- Performed black-box VAPT on IISc subdomains using OpenVAS and Burp Suite Pro
- Delivered CVSS-prioritized PoC reports covering the full OWASP Top 10 vulnerability list
- Analyzed Apache/Nginx web server logs to detect anomalies, brute-force attempts & unauthorized access
🟠 Cloud Application Developer — NCVET (Remote) | Aug 2024 – May 2025
- Developed cloud-native applications following Secure SDLC principles
- Hardened AWS deployments, IAM policies and prevented access misconfigurations
- Applied container security best practices using Docker Compose and network isolation
🟢 Independent Bug Bounty Researcher | Mar 2023 – Dec 2024
- 🛰️ NASA — Bulk Directory Listing across 4 subdomains · Publicly acknowledged on Bugcrowd ·
CRITICAL - 🎓 Stanford University — AWS S3 Misconfiguration exposing institutional data ·
HIGH - 🏛️ Hrylabour.gov.in — Reflected XSS on Govt of Haryana Labour Portal ·
HIGH - 🌿 Patanjaliayurved.net — High-severity XSS vulnerability, acknowledged & resolved ·
HIGH
| 🔢 | 📦 Project | 🛠️ Stack | 📝 Description |
|---|---|---|---|
01 |
LogAnalyzer-Pro | Python Regex DataViz |
Real-time server log parser — visualizes security alerts, detects anomalies. Used for Apache/Nginx forensics at IISc. |
02 |
Network Forensics Correlator | Bash Sophos RADIUS |
Correlates Sophos Firewall + RADIUS logs for user attribution during incidents. Cuts investigation time by 40%. |
03 |
Brouteforce Engine | Python Sockets |
Custom brute-force simulation engine to test authentication robustness & verify security logging across web apps. |
04 |
Docker WP Hardening | Docker Compose |
Containerized WordPress with network isolation, least-privilege principles & hardened security config. |
 Ethical Hacking Essentials EC-Council · EHE |
 Network Defense Essentials EC-Council · NDE |
 CompTIA Security+ Coursera / Infosys SpringBoard |
 AWS Developer — Associate Amazon Web Services |
 Bug Bounty & Web App Hacking Udemy |
 API Fundamentals Student Expert Postman · Nov 2023 |
🏅 Postman API Fundamentals Student Expert
Verified Badge · Awarded Nov 15, 2023
-@KIRAN__KUMAR__K3-000000?style=for-the-badge&logo=x&logoColor=white){kind=icon}
╔══════════════════════════════════════════════════════════════════════════╗
║ ║
║ "Security is not a product, but a process." — Bruce Schneier ║
║ ║
║ Every vulnerability found, every system hardened, every incident ║
║ investigated — it's an ongoing mission. Not a task. Not a job. ║
║ A responsibility. ║
║ ║
╚══════════════════════════════════════════════════════════════════════════╝