“Nikhil is a very talented security researcher with a deep understanding of web, mobile and network penetration testing. It's always a pleasure working with Nikhil.”
Activity
-
Meet the next generation of cyber and risk professionals. Thank you Global Risk Management Institute India for this opportunity to interact with…
Meet the next generation of cyber and risk professionals. Thank you Global Risk Management Institute India for this opportunity to interact with…
Liked by Nikhil S.
-
There are three different clocks running right now. The first Clock is the Clock of Uncertainty, and it runs from now until the US presidential…
There are three different clocks running right now. The first Clock is the Clock of Uncertainty, and it runs from now until the US presidential…
Liked by Nikhil S.
-
If you are using Nuclei, make sure to update to the latest version. This new version includes a security fix for an issue reported by a community…
If you are using Nuclei, make sure to update to the latest version. This new version includes a security fix for an issue reported by a community…
Liked by Nikhil S.
Experience
Licenses & Certifications
Publications
-
Featured in Economic Times
Economic Times
Interview in economic times about bug bounties
-
Featured in The Times of India
Times of India
Interview with India’s most famous newspaper
-
SQL injection bypassing the WAF
hakin9
The articles includes all about SQL injection.
-
Session Hijacking
Pentest magazine
The article includes all about session hijacking attacks.
-
Metasploit
Linux For You
Honors & Awards
-
Speaker
GISEC Global
-
SRT Legend
Synack Red Team
Awarded for exceptional lifetime achievement, consistent professionalism and high-quality service in the Synack Red Team. https://www.synack.com/blog/our-cyber-heroes-announcing-the-2020-21-synack-recognition-winners-on-the-synack-acropolis/
-
Synack Leaderboard #1 in India (All-Time)
Synack Red Team
All time #1 on Synack in India and #6 in world
-
Synack Red Team TITAN Recognition Tier (Elite level)
Synack Red Team
Awarded each year to recognize SRT who perform at the most elite level, as determined by overall production and customer impact.
-
SRT Circle of Trust (2020)
Synack Red Team
Awarded each year to recognize SRT who invest time and effort to further the overall culture & researcher experience for the community.
https://acropolis.synack.com/inductees/niksthehacker/ -
SRT Olympian Recognition
Synack Red Team
Awarded each year to recognize SRT who generate impressive value, as determined by overall production and customer impact.
Link: https://acropolis.synack.com/inductees/niksthehacker/ -
Most Trusted Security Leader of 2019
Synack
press release:
https://www.prnewswire.com/news-releases/synack-announces-crowdstrike-dominos-general-dynamics-information-technology-just-eat-and-santander-uk-as-most-trusted-security-leaders-of-2019-300815347.html?tc=eml_cleartime
-
SRT Circle Of Trust (2020 and 2021)
Synack Red Team
https://acropolis.synack.com/inductees/niksthehacker/
-
PrizmDoc out-of-band XXE advisory (CVE-2018–15805)
-
https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
CVE-ID: CVE-2018–15805 -
PrizmDoc HTML5 viewer advisory
-
https://nvd.nist.gov/vuln/detail/CVE-2018-15546
-
SRT Champion
Synack Red Team
https://acropolis.synack.com/inductees/niksthehacker/
-
Synack Hack4levels Challenge
Synack
https://www.synack.com/hack4levels/
-
Hackerone hack the world 2017 top 100 Bug Hunter (#52)
hackerone
https://hackerone.com/hackathons/hacktheworld2017
-
Synack Defcon Hacking Challenge
Synack
https://www.synack.com/srt-leaderboard/
-
SRT Champion (2017)
Synack Red Team
https://acropolis.synack.com/inductees/niksthehacker/
-
Salesforce Security acknowledge
Salesforce
https://trust.salesforce.com/en/security/thank-you/
-
Magento E-COM Security Advisory
Magento
A Formula Injection fixed by Magento in their latest Community and Enterprise Edition
Issue Details:
https://magento.com/security/patches/supee-7405 -
Etsy security researcher acknowledgement
Etsy
https://www.etsy.com/bounty/hall_of_fame.php
-
Microsoft Honor Roll for Online Services
Microsoft
Microsoft rewarded and acknowledged for finding multiple vulnerabilities inside Microsoft Office 365 and Yammer.
http://technet.microsoft.com/en-us/security/dn469163.aspx -
Umbraco CMS Remote Code Execution
Umbraco
A remote code execution vulnerability discovered in Umbraco CMS (http://umbraco.com/)
reference:
https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39
CVE-Details:
CVE-2014-10074 -
Vertical Privilege Escalation in Umbraco CMS
Umbraco
Vertical Privilege Escalation vulnerability has been discovered in umbraco CMS
Issue Details:
http://issues.umbraco.org/issue/U4-5891
CVE-ID
yet to assign -
PHPMyFAQ Direct request to the URL of an attachment
PHPMyFAQ Team
phpMyFAQ contains a flaw that is due to the program failing to restrict users from downloading arbitrary attachments. With a direct request, a remote attacker can download attachments.
CVE-ID: CVE-2014-6048
-
PHPMyFAQ Incorrect enforcement of privilege restrictions
PHPMyFAQ Team
PHPMyFAQ contains a flaw that is triggered as the program fails to properly enforce the 'download an attachment' permission. This may allow a remote attacker to download arbitrary attachments that would otherwise be restricted.
CVE-ID: CVE-2014-6047
-
PHPMyFAQ Insecure captcha implementation
PHPMyFAQ Team
PHPMyFAQ contains a flaw that is triggered as CAPTCHA values are not reset or invalidated allowing a remote attacker to re-use the same code over and over to bypass subsequent CAPTCHA challenges.
CVE-ID: CVE-2014-6050
-
PHPMyFAQ Insecure direct object reference vulnerability
PHPMyFAQ Team
PHPmyfaq version 2.8.12 and earlier contains an Insecure direct object reference vulnerability. An admin having privilege to delete any FAQ multi-site master instance.
CVE-ID: CVE-2014-6049
-
PHPMyFAQ SQL Injection vulnerability
PHPMyFaq Team
PHPmyfaq version 2.8.12 and earlier contains a SQL Injection vulnerability through the restore function. This functionality is only executable by admin or other users with special permissions.
CVE-ID: CVE-2014-6045
-
PHPMyFAQ multiple CSRF vulnerability
PHPMyFAQ Team
PHPmyfaq version 2.8.12 and earlier contains CSRF vulnerabilities.
CVE-ID: CVE-2014-6046
-
Discovered 0day Vulnerability in WordPress Plugin WordFence Security
wordfence security
WordPress Plugin Wordfence security version 5.1.4 and possibly earlier versions contain cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter val of whois.php file.
CVE details:
CVE-2014-4932
-
Discovered 0day Vulnerability in Cs-Cart
CERT
CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting (XSS) vulnerabilities (CWE-79)
Vulnerability Notes:
http://www.kb.cert.org/vuls/id/405942
CVE details:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7317
-
Tesla Security Researcher Acknowledgement
Tesla
https://www.teslamotors.com/about/security
-
Discovered 0day in Tiki Wiki CMS Groupware version 11.0
CERT
Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability. The vulnerability is well coordinated and published by cert here
Vulnerability Notes:
http://www.kb.cert.org/vuls/id/450646
CVE Details:
CVE-2013-6022 -
Mozilla Security Bug Bounty Award
Mozilla Foundation
https://www.mozilla.org/en-US/security/bug-bounty/web-hall-of-fame/
-
Telekom Security Acknowledgement
Telekom
A program by Deutsche CERT, Reported multiple high and medium severity vulnerabilities. For more info http://www.telekom.com/security/acknowledgements
-
Barracuda Networks Bug Bounty Program
Barracuda Networks
Found some Serious Multiple Vulnerabilities in Barracuda Services, As a token, they rewarded me with huge bounty.
-
Discovered Cubecart Online Shopping-Cart 0-day Vulnerability
CubeCart.com
CubeCart 5.2.3 stable release was having Critical security vulnerability, which has been reported and hence coordinated a fix by me, Please visit the following link for more info
http://forums.cubecart.com/topic/47719-cubecart-524-released/
They had acknowledge my contribution Publically.
CVE-ID details:
CVE-2011-4550
More Information:
http://osvdb.org/show/osvdb/109045
http://techdefencelabs.com/security-advisories.html -
Yahoo Security Wall of Fame
Yahoo!
Responsibly disclosed vulnerabilities including high and critical severity across yahoo domains, hence rewarded by Yahoo.
-
Discovered 0day Vulnerability in WordPress 3.6
Secunia
Found and Reported WordPress 3.6 Security Vulnerability to wordpress via Secunia
The Advisory had been published
Secunia Link:
secunia.com/community/advisories/54803
CVE details:
CVE-2013-5738
More Information:
http://osvdb.org/show/osvdb/97214
http://techdefencelabs.com/security-advisories.html
-
Squidoo LLC Security Researcher Acknowledgement
Squidoo LLC
Found and Reported multiple vulnerabilities to Squidoo Security Team , as token they rewarded me with token amount and acknowledgement.
-
Google Security Researcher Acknowledgement
Google
https://bughunter.withgoogle.com/profile/d96dbeaa-3347-4ff8-978f-7bd2ecafcc75
-
Synack 15/15 June Top 3 SRT in level 5
Synack red team
Awarded to the top 3 researchers from each level every month in recognition of their exceptional contributions and engagement on platform.
-
Top 10 web hacking techniques nominee
portswigger
https://portswigger.net/polls/top-10-web-hacking-techniques-2018
Recommendations received
2 people have recommended Nikhil
Join now to viewMore activity by Nikhil
-
Security BSides Albuquerque is off to a great start! It has been great seeing friends and meeting new ones. Always great to see my friend Mohamed…
Security BSides Albuquerque is off to a great start! It has been great seeing friends and meeting new ones. Always great to see my friend Mohamed…
Liked by Nikhil S.
-
🇮🇳 Indian Embassy continues to repatriate people stuck in Cambodia, defrauded by fake jobs and forced to do Cybercrime Operations in Cambodia. 650…
🇮🇳 Indian Embassy continues to repatriate people stuck in Cambodia, defrauded by fake jobs and forced to do Cybercrime Operations in Cambodia. 650…
Liked by Nikhil S.
-
Every party during BSides Las Vegas will be a costume party this year. Pre-registration required: BSidesLV.org
Every party during BSides Las Vegas will be a costume party this year. Pre-registration required: BSidesLV.org
Liked by Nikhil S.
-
Today marks an incredible milestone, BSides events in Basingstoke (UK), Mexico City (Mexico), and Albuquerque (USA) bring the total number of events…
Today marks an incredible milestone, BSides events in Basingstoke (UK), Mexico City (Mexico), and Albuquerque (USA) bring the total number of events…
Liked by Nikhil S.
-
Updated my code for spinning up a customised Ubuntu desktop on AWS where you can access your terminal and code browser (VSCode) as…
Updated my code for spinning up a customised Ubuntu desktop on AWS where you can access your terminal and code browser (VSCode) as…
Liked by Nikhil S.
-
#BSidesCbr24 Speaker Announcement: "Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall" by Shubham Shah and Michael…
#BSidesCbr24 Speaker Announcement: "Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall" by Shubham Shah and Michael…
Liked by Nikhil S.
-
We are seeking a visionary Senior Security Manager to join our cutting-edge Tech Centre in Bengaluru. This is your chance to be at the forefront of…
We are seeking a visionary Senior Security Manager to join our cutting-edge Tech Centre in Bengaluru. This is your chance to be at the forefront of…
Liked by Nikhil S.
-
16 years ago, this was the place where I learned what "hacking" was. I was too stressed with the 'fast' network and learning chemical equations…
16 years ago, this was the place where I learned what "hacking" was. I was too stressed with the 'fast' network and learning chemical equations…
Liked by Nikhil S.
-
The US Govt is now offering "Entrepreneur Visas" for up to 5 years to Founders and their family members... 👉🏼 A number of Indian entrepreneurs…
The US Govt is now offering "Entrepreneur Visas" for up to 5 years to Founders and their family members... 👉🏼 A number of Indian entrepreneurs…
Liked by Nikhil S.
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Nikhil S. in India
-
Nikhil S.
HR Head | Job Search Strategist | Helping talent meet opportunities
-
Nikhil S
-
NIKHIL S
-
Nikhil S
Manager - Procurement & Quality Control | Vendor Management | Strategic Sourcing | Project Management | Project Documentation | Water Management | MEP Coordination | Facility management | Asset Management |
-
Nikhil S
US Finance Manager - VARITE | IIM Rohtak Alumni
1499 others named Nikhil S. in India are on LinkedIn
See others named Nikhil S.