Hi, I'm Nakul Singh

Cybersecurity & Penetration Testing Specialist

Freelance cybersecurity professional with 3 years of hands-on experience in application, information, and cloud security. I perform end-to-end security assessments and penetration tests to find vulnerabilities before hackers do.

View My Services Get In Touch

About Me

I'm a Cybersecurity Professional with 3 years of hands-on experience in application, information, and cloud security. I perform end-to-end security assessments and penetration tests for websites, web applications, APIs, mobile apps, SDKs, desktop/thick clients, and related backend systems.

So far I've completed 15+ projects across startups and enterprises, including: 10+ web apps, 5+ mobile apps, 50+ APIs, 3 SDKs, 5+ desktop/thick clients, and 8+ secure code reviews. I've discovered and helped remediate 20+ Critical and 30+ High vulnerabilities.

Account Takeover OTP Bypass Open Redirection Broken Access Control Price Tampering Remote Code Execution OS Command Injection CSRF
CVE
CVE-2025-12249
Coordinated Disclosure
CVE
CVE-2025-11279
Coordinated Disclosure

Services

🔍

Penetration Testing & VA

  • Web applications & APIs (REST/GraphQL/SOAP)
  • Mobile apps (Android/iOS) and SDK security
  • Desktop / thick client assessments
  • End-to-end exploit verification and PoC
🛡️

Security Audits & Architecture

  • Cloud configuration and IAM audits (AWS/Azure/GCP)
  • Infrastructure security analysis
  • OWASP Top 10, SANS 25 alignment
  • Attack surface analysis
📝

Secure Code Review

  • Manual and automated reviews
  • Business-logic flaw detection
  • Authorization vulnerability testing
  • Actionable remediation guidance
🎯

Threat Research & Intelligence

  • CVE triage and disclosure support
  • Attack surface monitoring
  • Vulnerability trend analysis
  • MITRE ATT&CK mapping
⚙️

DevSecOps & Cloud Security

  • CI/CD pipeline hardening
  • Secrets detection and remediation
  • Infrastructure-as-Code (IaC) reviews
  • WAF tuning and custom rule creation
🔧

Tools & Technical Stack

  • Burp Suite Pro, OWASP ZAP, SQLMap
  • MobSF, Frida, JADX, APKTool
  • AWS tools, Nessus, Nmap
  • Python scripting & automation

Public Projects

Zombie APIs Finder

Python

Python tool for discovering shadow/unused APIs and endpoints. Automated reconnaissance and mapping for API security assessments.

Burp Suite Extension

Java

Custom extension to automate specific security testing workflows and checks. Streamlines repetitive pentesting tasks.

Custom WAF Rules

ModSecurity

Custom rulesets for ModSecurity/Apache to protect from OWASP top 10 vulnerabilities. Production-ready defensive measures.

Dorker

JavaScript

Google dorking GUI utility for targeted discovery and reconnaissance. Simplifies OSINT and information gathering.

Publications & Certifications

Publications

📚

Advanced Techniques and Applications of Cybersecurity and Forensics

Chapter 12 Contributor - Published

Certifications

ISO 27001:2022 Lead Auditor
CAP - Certified AppSec Practitioner
AWS Cloud Foundation
CCNA - Cisco Certified Network Associate

Ready to Secure Your Product?

Let's discuss how I can help protect your systems

✉️
Email
snakul429@gmail.com
💻
GitHub
github.com/sn4ku1
🔗
LinkedIn
linkedin.com/in/sn4ku1