whoami

I’m Godsec — an Offensive Security Consultant with 3+ years of experience in penetration testing, vulnerability exploitation, and red team operations across enterprise environments.

My day job is hands-on security testing of web applications, APIs, network infrastructure, and mobile platforms — using Burp Suite, Metasploit, Nessus, Nmap, OWASP ZAP, and Frida to find, exploit, and validate real weaknesses across thousands of servers and network devices. I came up through the SOC side first (triaging 100+ daily alerts across five SIEM platforms and mapping adversary behavior with MITRE ATT&CK), which shapes how I think about offense: I know what the defenders are watching, so I know where the blind spots are.

I’m CEH Practical and Microsoft SC-200 certified, with OSCP in progress. This site is where I document what I learn — practical, reproducible research with working commands and clear explanations of why an attack works, not just that it does.

what I write about

Web app pentesting, Active Directory security, red teaming, bug bounty, threat intelligence, OSINT, malware analysis, network & API security, cloud security, and CTF / Hack The Box writeups.

get in touch

experience

  • Senior Security Consultant · Professional Services Firm
    Sep 2024 — Present
    • Perform technical security testing of web apps, APIs, network infrastructure, and mobile platforms with Burp Suite, Nessus, Nmap, OWASP ZAP, and Frida across 4,000+ servers and 2,500+ network devices.
    • Support red team and phishing-simulation exercises assessing organizational resilience, detection coverage, and user-awareness readiness.
    • Conduct assessments and configuration reviews across enterprise banking environments, triaging vulnerabilities by exploitability, severity, and business impact.
    • Build custom Nessus audit policies to automate configuration-compliance checks against hardening standards.
    • Produce risk-rated reports translating exploitation findings into prioritized remediation guidance for technical and executive stakeholders.
  • SOC Analyst (L1) · Telecom MSSP
    May 2023 — Jul 2024
    • Triaged 100+ daily alerts across five SIEM platforms (Splunk, Azure Sentinel, Elastic, Seceon aiSIEM, RSA NetWitness), mapping adversary TTPs with MITRE ATT&CK.
    • Investigated malware, phishing, and unauthorized-access attempts, developing deep insight into detection blind spots and evasion patterns.
    • Tuned detection rules based on observed attacker techniques, cutting false positives by 20% and contributing to a 15% reduction in MTTD.
    • Documented incidents end-to-end — attack timelines, IOCs, affected systems, and containment recommendations.

achievements

  • 🥇 1st Place — StealthMole OSINT Capture The Flag (CTF) Competition, 2025
  • 🏆 Employee of the Quarter — 3 consecutive quarters (Q3–Q4 2024, Q1 2025)
  • 📈 Top 2% globally on TryHackMe (profile: NithisX)

education

B.Tech, Computer Science and Engineering — Parul University, Vadodara · Aug 2019 – Apr 2023

Relevant coursework: Cryptography & Network Security, Network Security Protocols, Information Security, Operating Systems, Distributed Systems, and Web Application Programming.