VIKRAM SHARMA

Security Researcher | Offensive Security

Hi! I'm Vikram, a Security Researcher passionate about web, network, and offensive security.

I love understanding how systems work and, more interestingly, how they fail. I have hands-on experience in web and API penetration testing, and I genuinely enjoy learning new things and sharing what I know.

Outside of security, I find peace in the mountains, music, and volleyball.

github linkedin medium

Highlights & Achievements

Acknowledged by NASA and Speechify for responsible vulnerability disclosure
Winner — Bugcrowd × Black Hat MEA 2025 CTF
5th Place — Pentathon 2025 (NCCIPC & AICTE, Govt. of India)
Shortlisted by NCIIPC (NTRO) for a Controlled Penetration Testing on Critical Information Infrastructure (CII) as a member of Team 0bscuri7y

Work Experience

National Technical Research Organisation (NTRO), Govt. of India

Cybersecurity Intern — Offensive Security

Contributed to offensive security operations within a classified government intelligence environment.

ISEA Project Phase-III, IGDTUW (MeitY, Govt. of India)

Research Intern — Cybersecurity & Cyber Forensics

Conducted VoIP forensic analysis using Deep Packet Inspection (DPI) and metadata correlation techniques to surface evidence in investigative contexts.Analyzed encrypted communication traffic patterns (WhatsApp, Telegram, Discord). Collaborated with Delhi Police Cyber Experts.

Education

Bachelor of Computer Applications (BCA)

Institute of Innovation in Technology & Management – GGSIPU — Delhi, India

2023 – PresentCGPA: 8.66 (till 5th Semester)

Projects

StreamHawk

A Python-based RTSP enumeration tool for CCTV/IP infrastructure with automated vendor fingerprinting, exposed service detection, and country-level or targeted reconnaissance scanning modes.

InsecureHub

A vulnerable Flask-based lab simulating OWASP Top 10 vulnerabilities including SQLi, IDOR, SSRF, SSTI, and XSS, complete with Proof of Concept exploit scripts to simulate real-world attack chains.

VibeScan

Detects AI-generated web apps via passive fingerprints, then auto-scans for secrets, headers, CORS, IDOR, and exposed files with JSON output.

SubEnum

Fast subdomain enumeration utility with multi-source scraping, resolution, and deduplication for recon workflows.

Research & Writeups

Threat Modeling in Cloud-IoT Camera Systems

Attack surface analysis in modern Cloud-IoT integrated surveillance systems.

Security Writeups on Medium

Detailed CTF solutions and vulnerability research deep-dives.

Certifications

APIsec Certified Practitioner (ACP)

APIsec University

Google Cybersecurity Professional Certificate

Google / Coursera

Certified Network Security Practitioner (CNSP)

The SecOps Group

Technical Skills

specializations

VAPT, Web & API Security, Network Pentesting, Red Teaming, Cloud Security, Digital Forensics, OSINT

tools

Burp Suite, OWASP ZAP, Metasploit, Nmap, sqlmap, nuclei, ffuf, dirsearch, Wireshark, Magnet AXIOM, FTK Imager, Docker, Git

languages

Python, Bash, PHP, JavaScript, C/C++