Hi, I am Ankit Pandey.

Just Another Security Guy.

Hey there! I'm a self-taught web application hacker who loves breaking things and automating solutions. I've been working as an independent security researcher and bug bounty hunter since 2016, finding vulnerabilities for a range of companies.

Resume

Certifications

eCPPTv2

The ecpptv2 certification evaluates the knowledge of penetration testing methodologies, techniques, and tools. It demonstrates proficiency in finding and exploiting vulnerabilities in web applications, networks, and operating systems

Pentesting
Network Security
Buffer Overflow

eWPTXv2

The eLearnSecurity eWPTXv2 certification is an advanced-level program that tests expert-level web application pentesting skills. The exam requires students to perform a complete penetration test, and submit a comprehensive report of their findings to pass.

Web Application Pentesting
Advance Exploitation
OWASP TOP 10

eCPTXv2

The eCPTX is eLearnSecurity's most advanced penetration testing certification that demonstrates expertise in network security. This certification validates expert-level knowledge and skills in penetration testing. This certification validates your expertise in conducting complex and sophisticated penetration tests.

Windows Exploitation
Active Directory

C|EH Practical

The C|EH Practical certification from EC-Council validates your knowledge and skills in identifying and exploiting vulnerabilities in computer systems and networks using the same tools and techniques as malicious hackers. It is highly regarded in the cybersecurity industry and is often a requirement for security-related jobs.

Network Security
Linux Security

Blogpost

Exploiting SSTI to Execute Arbitrary Code On Server

Server-Side Template Injection (SSTI) is a type of vulnerability that occurs when untrusted user input is processed by a web application's template engine. This can allow attackers to execute arbitrary code or gain access to sensitive information. The vulnerability occurs in template engines that allow arbitrary code execution within templates. Popular template engines like Jinja2, Twig, and Freemarker have been found to be vulnerable to SSTI. In the blog post, we will explore the concept of SSTI, how it works, and which templates are vulnerable. We will also discuss the impact of SSTI vulnerabilities and provide recommendations for preventing and mitigating them.

Projects

TamperScripts

A collection of custom SQLmap tamper scripts, designed to evade simple signature-based and pattern-based detection mechanisms.

python
sqlmap

Sharewifi

Generates a QR code containing the WiFi network name and password for the currently connected network on Windows and Unix-based operating systems.

python

Newman Redact

This script prevents the exposure of pre-production and production credentials and other PII (personally identifiable information) to unauthorized personnel.

python

Skills

Vulnerability Assessment
Penetration Testing
Android Applications
Web Application Security
Secure Code Review
Python
Bash
Linux Security
Cloud Security
Endpoint Security
Data Loss Prevention

Contact

Email me