Hello World, I'm

Akash Chatoth

>>>

|

Offensive security specialist with 9+ years of expertise in penetration testing, DevSecOps, threat modeling, and source code review. From publishing CVEs to earning 30+ bug bounties and ranking #1 in Yelp's 2022 program — I turn vulnerabilities into victories.

⚡ View Arsenal 📡 Get In Touch

0 + Bug Bounties

0 CVE Published

0 + Certifications

0 Security Tools

scroll down

<about>

Who Am I?

akash@kali:~$ whoami

→ Offensive security professional with 9+ years of expertise in web, API, mobile, and infrastructure penetration testing, along with DevSecOps. Currently leading security testing initiatives at Allegion.

→ Certified in OSCP, OSWE, OSWA, CRTP, CTMP, and CDP. From discovering CVE-2021-27330 to building Interceptix — I live at the intersection of hacking and engineering.

→ Achieved #1 position in Yelp's 2022 bug bounty program. 30+ bug bounty rewards from Intel, Yelp, Paytm, Deliveroo, Redbus, and ESET. Also experienced in defensive security, including secure coding practices and environment hardening.

// skill_matrix

Offensive Security

Penetration Testing Web App Security Network Security Active Directory Red Teaming IoT Security Mobile Security Threat Modeling Secure SDLC DevSecOps

Tools & Techniques

Burp Suite Metasploit Nmap Wireshark Kali Linux Frida Objection Magisk Wiz MQTT Analysis SSL/TLS Testing

Development

Python Bash C/C++ JavaScript Flask Arduino Linux

</about>

Mission Log

May 2023 - Present ● Active

Team Lead - Security Testing

Allegion

Leading security testing initiatives for IoT, web, mobile, watchOS apps, and APIs. Acting as security point of contact for cross-functional teams, validating Bug Bounty submissions via HackerOne, executing cloud security reviews on AWS and Azure, and implementing threat modeling. Mentoring junior team members and integrating security tools into Azure CI/CD pipelines.

Threat Modeling Penetration Testing DevSecOps Cloud Security

Jul 2021 - May 2023 ● Completed

Senior Cyber Security Professional

Siemens India

Performed penetration testing on Siemens products including web/mobile apps and APIs. Created custom bash and Python scripts for authenticated web application scanning using OWASP ZAP Docker. Integrated OWASP ZAP into GitLab CI/CD pipeline. Performed CIS benchmarks on AWS accounts using Nessus Pro and Prowler.

OWASP ZAP CI/CD Security CIS Benchmarks AWS Security

Jan 2019 - Jul 2021 ● Completed

Senior Security Analyst (Team Lead)

Value Mentor

Performed internal network security assessments, wireless penetration tests, and payment gateway security assessments. Conducted SAST & DAST on mobile applications (iOS & Android). Passed CERT-In VAPT practical certification. Mentored and trained a team of freshers in application security and designed Security CTF competitions.

Network Security Mobile Security CERT-In Team Leadership

Aug 2016 - Present ● Ongoing

Bug Bounty Hunter

HackerOne / Bugcrowd / Independent

First position in Yelp's 2022 bug bounty program on HackerOne. Discovered and responsibly disclosed 30+ vulnerabilities across Intel, Yelp, Paytm, Deliveroo, Redbus, ESET, and more. Published CVE-2021-27330.

Bug Bounty CVE Yelp #1 2022

</experience>

The Arsenal

🛡️

Interceptix

Featured

A comprehensive IoT security testing platform that creates a rogue WiFi access point to intercept, analyze, and test IoT device communications. Detects HTTP, HTTPS, MQTT, MQTTS traffic and identifies vulnerabilities in real-time.

Python Flask ESP32 MQTT SSL/TLS Raspberry Pi

◆ WiFi AP + Man-in-the-Middle

◆ Real-time Traffic Analysis

◆ Certificate Validation Testing

◆ Automated Report Generation

Source

🔓

CVE-2021-27330

CVE

Discovered and responsibly disclosed a security vulnerability assigned CVE-2021-27330. Published in the National Vulnerability Database (NVD), contributing to the global cybersecurity knowledge base.

Vulnerability Research CVE NVD Responsible Disclosure

◆ Published in NVD

◆ Responsible Disclosure

View on NVD

🔧

JSON Escaper

Extension

A Burp Suite extension for escaping and unescaping JSON strings. Useful for testing APIs and handling special characters in JSON payloads during penetration testing engagements.

Burp Suite Java JSON API Testing

◆ JSON String Escaping

◆ Burp Suite Integration

Source

</arsenal>

Bug Bounty Hall of Fame

Vulnerabilities discovered and responsibly disclosed across major platforms and organizations. Each entry represents a confirmed security finding.

Intel Multiple

Paytm Rewarded

Yelp Rewarded

Deliveroo Rewarded

Instacart Multiple

ESET Multiple

HackerOne Rewarded

Goibibo Multiple

Redbus Multiple

Airtable Rewarded

Udemy Rewarded

Open-Xchange Rewarded

Greenhouse Rewarded

PythonAnywhere Multiple

Zenmate VPN Rewarded

Visma Rewarded

Starleaf Multiple

Appcelerator Acknowledged

🥇

First Position Yelp's 2022 Bug Bounty Program on HackerOne

🏛️

NCIIPC Acknowledgment National Critical Information Infrastructure Protection Centre, India

🛡️

Intel & ESET Recognition Security Researcher Acknowledgments

🔐

All findings were responsibly disclosed through official channels including HackerOne, Bugcrowd, and direct coordination with security teams.

</bounties>

Conference Trail

2025

BlackHat Asia

Singapore

2024

BlackHat Asia

Singapore

2024

BSides

Bangalore

</conferences>

Credentials & Badges

OSWE

OffSec Web Expert

Offensive Security

July 2025

OSCP

OffSec Certified Professional

Offensive Security

Dec 2020

OSWA

OffSec Web Assessor

Offensive Security

Nov 2025

CRTP

Certified Red Team Professional

Altered Security

Jan 2021

CDP

Certified DevSecOps Professional

Practical DevSecOps

June 2024

CTMP

Certified Threat Modeling Professional

Practical DevSecOps

Feb 2024

HTB

HackTheBox Rastalabs

HackTheBox

Oct 2021

</certifications>

Establish Connection

akash@kali:~$ ./connect.sh

$ echo "Ready for new challenges"

Ready for new challenges

$ cat opportunities.txt

Whether it's offensive security consulting, vulnerability research, penetration testing, or building security tools — I'm always up for interesting challenges.

$ echo $CONTACT_INFO

LinkedIn HackerOne GitHub Medium

$ █

</contact>