Subhankar Paul

Security Analyst | Penetration Tester | Bug Hunter | Content Creator

B.Sc Graduate in Advanced Networking and Cyber Security with hands-on experience in Cybersecurity, VAPT, Web and API Security, and AWS. Skilled in identifying and reporting real-world vulnerabilities through Bug Bounty programs and VDPs, with a track record of helping secure multiple companies. Seeking a role to enhance organizational security through advanced assessment and defense strategies.

Get In Touch View Projects

About Me

I am a passionate Cybersecurity practitioner with a strong focus on Vulnerability Assessment and Penetration Testing. My expertise extends to Web Application and API Pentesting, Lab Design, and AWS security.

Currently pursuing my BTech in Computer Science Engineering, I am constantly expanding my knowledge and skills in the rapidly evolving field of information security.

subhankar.paul0009@gmail.com
+91 9123847745
Kolkata, India

My Skills

Security

Bug Hunting
VAPT
Ethical Hacking
Web Secuirty
API Security

Programming & Scripting

Bash
Python

Tools & Technologies

AWS
Linux
Windows
Nessus, BurpSuite
Metasploit
Other Security Tools

Projects

MailSnipe

An all-in-one tool to detect phishing emails by automatically analyzing email headers, embedded URLs, and attachments.

Python Flask HTML CSS JavaScript

CVE-2024-24919 POC

CVE-2024–24919 is a critical vulnerability identified in Check Point’s CloudGuard Network Security appliance. Basically it is a LFI (Path Traversal) Vulnerability. This tool helps to identify this Velnerability and Exploit the Security Flaw. It is written in Bash-Scripting. Made it for Automating the Vulnerability.

Bash Security

Reverse Shell Generator

A Python-based CLI tool for Pentesters and CTF players to quickly generate reverse shell commands in multiple languages for various use cases.

Python CTF

Race Condition Lab

Developed a lab environment to demonstrate a race condition vulnerability, showcasing how concurrent access to shared resources can lead to security issues such: Business Logic Bypass, Inconsistent Application Behavior.

Python HTML CSS

Experience

Security Analyst Intern

Zettawise Consulting Pvt. Ltd – Kolkata

Apr 2025 – Present
  • Conducted Vulnerability Assessment.
  • Created internal documentation and SOPs to standardize and improve security processes.
  • Worked with Cypherpath SDI platform to create Cybersecurity training labs and environments for hands-on skill development and simulation.

Cybersecurity Intern

Rootnik Labs – Kolkata

Jan 2025 – Mar 2025
  • Conducted Vulnerability Assessment and Penetration Testing.
  • Performed Web Application Penetration Testing to identify security flaws.
  • Prepared detailed Vulnerability reports with remediation recommendations.
  • Actively solving CTF challenges to sharpen offensive security skills.

Education

B.Sc in Advance Networking & Cyber Security

Swami Vivekananda University (Barrackpore, Kolkata)

2022 – 2025

Class XII

Halisahar Ramprasad Vidyapith

2022

Subjects: Physics, Chemistry, Math, Biology, Bengali, English

Percentage: 90.5%

Class X

Halisahar Ramprasad Vidyapith

2020

Percentage: 91%

Certifications

Cyber Security and Ethical Hacking

Ardent Computech Pvt. Ltd

Bash Scripting Mastery

Udemy

OWASP API Security Top 10

APISec University

Advent of Cyber 2021

TryHackMe

Advent of Cyber 2023

TryHackMe

Advent of Cyber 2024

TryHackMe

Hackfinity CTF

TryHackMe

Industrial-Intrusion CTF

TryHackMe

Achievements

Secured Companies via Bug Bounty and VDP

Companies: Jio, Sony, NASA, GEA Group, BBC, Honda, Estonia Government, Sprinklr, HackerRank, Independer.

Acknowledgement letters received from NASA and Drexel University and U.S Department of Education (DoED)

Received official acknowledgment letters from NASA, Drexel University and DoED for responsibly disclosing security vulnerabilities through their Vulnerability Disclosure Programs (VDPs).

Publications in OSINT Team

Published multiple cybersecurity and scripting-related articles on Medium, featured in renowned publications like OSINT Team.

Pro Hacker Rank in HackTheBox

Achieved Pro Hacker rank on Hack The Box, with multiple CTFs and Fortress machines solved, showcasing advanced skills in penetration testing, real-world exploitation, and complex challenge environments.

Global Top 1% on TryHackMe

Ranked in the Global Top 1% on TryHackMe, showcasing expertise in cybersecurity, ethical hacking, and VAPT through solving advanced, real-world challenges

Trainings & Courses

TryHackMe Security Paths

  • Jr Penetration Tester
  • Web Fundamentals
  • Web Application Pentesting

HackTheBox Academy

  • SQL injection Fundamentals
  • Linux command line and Shell
  • Windows Fundamentals
  • Active Directory
  • File Inclusion Attack
  • Network Traffic Analysis

Udemy Security Courses

  • Intro to Bug Bounty Hunting and Web Application Hacking (NahamSec)
  • Bash Mastery

PwnedLabs

  • Intro to AWS Hacking
  • Different AWS Exploitation Scenarios
  • Attack on AWS Services: S3, IAM, DynamoDB, EC2, Lambda

PortSwigger

  • Server Side Attacks (SQLi, XXE, SSRF, Race Condition, Command Injection, Access Control etc.)
  • Client Side Attacks (XSS, CSRF, CORS etc.)
  • Advance Web Attacks (WCD, HRS, Web Cache Poisoining, JWT Attacks etc.)

Article

How One Header Broke Next.js Auth — CVE-2025–29927

How One Header Broke Next.js Auth — CVE-2025–29927

This vulnerability lets attackers bypass middleware-based authorization by injecting the x-middleware-subrequest header, allowing them to skip authentication checks and access restricted areas of the application.

Read on Medium
Hacking the Cloud

Hacking the Cloud 🌩 : Unveiling Secrets in AWS CTF Challenges

A hands-on walkthrough of cloud penetration testing scenarios based on TryHackMe’s Hackfinity Battle Encore CTF. Learn how to uncover misconfigurations and exploit vulnerabilities in real AWS environments.

Read on Medium
SQL Injection

When One Isn’t Enough: Multiple SQL Injections Found in 1 VDP

Discovered multiple SQL Injection vulnerabilities in a single VDP program using targeted Google Dorks. This write-up showcases how search engine reconnaissance can uncover vulnerable endpoints and lead to impactful findings.

Read on Medium
View All Posts on Medium

Get In Touch

Email

subhankar.paul0009@gmail.com

Phone

+91 9123847745

LinkedIn

Connect with me