whoami
I’m Godsec — an Offensive Security Consultant with 3+ years of experience in penetration testing, vulnerability exploitation, and red team operations across enterprise environments.
My day job is hands-on security testing of web applications, APIs, network infrastructure, and mobile platforms — using Burp Suite, Metasploit, Nessus, Nmap, OWASP ZAP, and Frida to find, exploit, and validate real weaknesses across thousands of servers and network devices. I came up through the SOC side first (triaging 100+ daily alerts across five SIEM platforms and mapping adversary behavior with MITRE ATT&CK), which shapes how I think about offense: I know what the defenders are watching, so I know where the blind spots are.
I’m CEH Practical and Microsoft SC-200 certified, with OSCP in progress. This site is where I document what I learn — practical, reproducible research with working commands and clear explanations of why an attack works, not just that it does.
what I write about
Web app pentesting, Active Directory security, red teaming, bug bounty, threat intelligence, OSINT, malware analysis, network & API security, cloud security, and CTF / Hack The Box writeups.
get in touch
- LinkedIn: /in/nithish-guru
- GitHub: @POXOZ
- TryHackMe: NithisX — Top 2% globally
- Credly: verified certifications
experience
-
Senior Security Consultant · Professional Services Firm
- Perform technical security testing of web apps, APIs, network infrastructure, and mobile platforms with Burp Suite, Nessus, Nmap, OWASP ZAP, and Frida across 4,000+ servers and 2,500+ network devices.
- Support red team and phishing-simulation exercises assessing organizational resilience, detection coverage, and user-awareness readiness.
- Conduct assessments and configuration reviews across enterprise banking environments, triaging vulnerabilities by exploitability, severity, and business impact.
- Build custom Nessus audit policies to automate configuration-compliance checks against hardening standards.
- Produce risk-rated reports translating exploitation findings into prioritized remediation guidance for technical and executive stakeholders.
-
SOC Analyst (L1) · Telecom MSSP
- Triaged 100+ daily alerts across five SIEM platforms (Splunk, Azure Sentinel, Elastic, Seceon aiSIEM, RSA NetWitness), mapping adversary TTPs with MITRE ATT&CK.
- Investigated malware, phishing, and unauthorized-access attempts, developing deep insight into detection blind spots and evasion patterns.
- Tuned detection rules based on observed attacker techniques, cutting false positives by 20% and contributing to a 15% reduction in MTTD.
- Documented incidents end-to-end — attack timelines, IOCs, affected systems, and containment recommendations.
achievements
- 🥇 1st Place — StealthMole OSINT Capture The Flag (CTF) Competition, 2025
- 🏆 Employee of the Quarter — 3 consecutive quarters (Q3–Q4 2024, Q1 2025)
- 📈 Top 2% globally on TryHackMe (profile: NithisX)
education
B.Tech, Computer Science and Engineering — Parul University, Vadodara · Aug 2019 – Apr 2023
Relevant coursework: Cryptography & Network Security, Network Security Protocols, Information Security, Operating Systems, Distributed Systems, and Web Application Programming.