// INFORMATION SECURITY PRACTITIONER — INDIA

VrunSec

$ whoami — Red Teamer

Security practitioner building deep offensive skills through adversary simulations, hands-on labs, and real-world attack research. Documenting everything — for the community.

Vrun@kali:~$
Vrun@kali:~$ cat whoami.txt [ OK ] Loading... Name : Varun Singh Chauhan Location : India Focus : Red Team · Web · Network Platform : Real World Vrun@kali:~$ ls certs/ THM_AdventOfCyber.pdf AICLSA_July2025.pdf AICWSE_June2025.pdf AICWSA_Dec2024.pdf AIWAPT_July2026.pdf Vrun@kali:~$ _
01 //

ABOUT

I'm an Information Security practitioner with a deep focus on offensive security — red team operations, web application testing, and network security assessments. I build skills through real-world simulations and continuous self-directed research.

This site is my public knowledge base: raw lab notes, vulnerability disclosures, cert docs, and blog posts — covering everything from Linux internals to real-world attack vectors. Built to help beginners and fellow practitioners alike.

Professionally trained in Offensive Security and VAPT at Armour Infosec. I am currently pursuing my MCA at Maharaja Ranjit Singh College while giving back to the community as an active Volunteer and CFP Review Board member for Security BSides Indore.

10+
CVES/BUGS
4+
CERTS
HTB
HACK THE BOX
BSIDES
VOLUNTEER
02 //

SKILLS

Web App Security
OWASP Top 10 Web/API, manual testing methodology, exploitation and report writing.
BURP SUITEOWASPSQLiXSS
Red Teaming
Adversary simulation, attack chain development, evasion, lateral movement.
MITRE ATT&CKC2EVASION
Network Pentesting
Recon, enumeration, protocol attacks, exploitation on internal/external networks.
NMAPWIRESHARKTCP/IP
Linux Systems
Deep internals, server admin, privilege escalation paths, hardening.
BASHPRIVESCSYSTEMD
Windows & Active Directory
AD architecture, domain attacks — Kerberoasting, pass-the-hash, misconfigs.
ADKERBEROSLDAP
OSINT & Recon
Passive/active recon, attack surface mapping, target profiling.
SHODANOSINTRECON-NG
03 //

VULNERABILITY DISCLOSURE

CERT.PL WITHDRAWN
Discovered a critical multi-vector attack chain in Devcomm BIP CMS encompassing unauthenticated Reflected XSS, database exposure, and BOLA flaws across 40+ government domains. While CVE-2026-8171 was initially reserved, the vulnerability identifier was ultimately withdrawn following procedural SaaS policy criteria. Critical production assets were successfully secured.
XSS / BOLA CVE-2026-8171 CERT.PL REMEDIATED
VIEW WRITTEUP ↗
NATIONAL AGENCIES APPRECIATED
Reported Boolean and Union-based SQL Injections to national agencies including NCSC-NL, NCSC.CH, and CERT.PL. Received appreciation.
SQLi NCSC-NL NCSC.CH CERT.PL
DIRECT CVD RESOLVED
Reported Authentication flaws, HTML Injection, and Cross-Site Scripting (XSS) directly to affected companies under strict Coordinated Vulnerability Disclosure (CVD) guidelines.
AUTH FLAW XSS HTMLi CVD
04 //

KNOWLEDGE REPOS

Webpentest PUBLIC
Detailed Vulnerabilities, exploitation techniques, and testing methodology for web application security assessments.
WEB OWASP EXPLOITATION
Network-Pentesting PUBLIC
Recon, Enumeration, Exploitation, Post Exploitation, Privilege escalation For Network Security Assessments.
NETWORK RECON ENUM
Linux-notes PUBLIC
Linux fundamentals to Administrative Roles — CLI, file systems, permissions, processes, system internals and Different Service Configurations for Enterprise Level Works.
LINUX CLI ROOT
Basic Networking & Windows ON REQUEST
Bios, Foundation of TCP/IP, DHCP & DNS, Windows Server Admin Roles.
TCP/IP WINDOWS AD ENTERPRISE
05 //

CERTIFICATIONS

TryHackMe — Advent of Cyber
TRYHACKME · WEB · CLOUD · MALWARE · DEFENSIVE SECURITY
VERIFY ↗
Eschathon-CTF Certificate
Capture the Flag · Active Participation In CTF's
VERIFY ↗
AIWAPT — Web Application Penetration Tester
ARMOUR INFOSEC · ISSUED JULY 10, 2026
VERIFY ↗
WiFi Pentesting
EXAM COMPLETED SUCCESSFULLY · CERTIFICATE PENDING
COMING SOON
AICLSA — Certified Linux Server Administrator
ARMOUR INFOSEC · ISSUED JULY 1, 2025
VERIFY ↗
AICWSE — Certified WordPress Security Expert
ARMOUR INFOSEC · ISSUED JUNE 25, 2025
VERIFY ↗
AICWSA — Certified Windows Server Administrator
ARMOUR INFOSEC · ISSUED DECEMBER 2, 2024
VERIFY ↗
06 //

LATEST POSTS

CTF
CTF WRITE-UP
PUBLISHED · 8 MIN READ
Pascal CTF 2026 — GeoGuesser OSINT Challenge
How I identified a street junction in Swieqi, Malta using direct image analysis and architectural triangulation. My first ever CTF solve.
READ POST → 8 MIN
VIEW ALL POSTS →
07 //

CONTACT

Open to collaborations, freelance security assessments, bug bounty partnerships, and connecting with fellow practitioners.

// RESPONSE TIME : 24-48 HOURS
// AVAILABLE FOR : FREELANCE · COLLAB · MENTORSHIP

vruncybersec@gmail.comEMAIL github.com/Varun-Singh1GITHUB linkedin.com/in/varun-singh-chauhanLINKEDIN