LOADING SYSTEM — PLEASE WAIT
PROFILE_ID: RE-001  |  CLEARANCE: ETHICAL  |  MUMBAI, IN

RITESH EKBOTE

Offensive Security Researcher

Bug Hunter √  ·  CTF Competitor  ·  OSINT Specialist
Breaking systems ethically. Responsible disclosure advocate.
Making the web safer — one vulnerability at a time.

0
Bounties
0
CTFs
0
Best Rank
0
Followers
// Engage Now // CTF Log
ritesh@genzctf:~$ — bash — 120×40
ritesh@genzctf:~$ 
Responsible Disclosures

Bug Bounty Findings

VULN-001 · CRITICAL DISCLOSURE
Nykaa
Admin Exposure · API Key Leak
Discovered unrestricted access to admin login panel and exposed API keys in production. Responsibly disclosed — patch deployed, Certificate of Appreciation awarded.
✓ Certificate + HoF
VULN-002 · OSINT CHAIN
Zerodha
OSINT · Information Disclosure
Leveraged advanced OSINT chain to identify a security issue with significant disclosure potential. Zerodha security team acknowledged and rewarded via Com Olho platform.
✓ Bounty Rewarded
VULN-003 · FINANCIAL IMPACT
BrandMuscle
Bug Hunt Program · Com Olho
Identified a security vulnerability via the BrandMuscle bug hunt program on Com Olho. Earned a 3-digit bounty reward, demonstrating real-world business impact.
✓ $100+ Bounty
VULN-004 · BRAND THREAT
DTDC
Slug Sanitization · Impersonation
LinkedIn company page impersonation vector via slug sanitization flaw. Attackers could create lookalike pages to deceive users. Issue acknowledged, fixed, closed at P4.
P4 · Low · Fixed
VULN-005 · PLATFORM SERIES
Com Olho Platform
Multiple Programs · Multi-Vector
Active researcher on Com Olho — multiple bounties across various programs. From information disclosures to larger program rewards. Consistent top-leaderboard presence.
✓ Multiple Bounties
VULN-006 · COMMUNITY IMPACT
Hall of Fames
Multi-Program Recognition
HoF across multiple programs. Mentored Ankita Kumari from rank #1000 → #226 on Com Olho leaderboard with custom OSINT methodology. Impact extends beyond personal findings.
✓ HoF + Mentor
Capture The Flag Log

Competition Record

RankEventScoreScopeTeam
#5
OWASP Hacker's Gambit 2025
38/40 flags · JCOE Cyber Sentinels
NationalGenZCTF
#14
AI vs Human CTF · HackTheBox
2-member team · 2nd in India 🇮🇳
GlobalANONDGR
#18
Bugcrowd College Rules CTF
11/15 challenges solved
6,725 ptsGlobalANONDGR
#19
Hackorn CTF 2025 Qualifiers
BSides Noida & SecPen Labs
1,940 ptsGlobalSolo
#21
CyberStorm 2025
Mumbai's Largest CTF · GDG SIES
NationalANONDOR
#22
Black Hat USA CTF 2025
Bugcrowd hosted · Advanced RE
GlobalCyberXoX
#23
Hackfinity Battle CTF
44 challenges · Binary/Crypto/Web
1,665 ptsGlobalMixed
#41
07CTF · 0bscuri7y
Web/Crypto/Forensics/OSINT/RE
1,495 ptsGlobalN4Sync
#42
NahamCon 2025
Representing India 🇮🇳
8,127 ptsGlobalCyberXoX
#74
Univ. of New Haven CTF
International · Top 100
GlobalKERNELDOOM
#130
Snyk Fetch The Flag 2025
18/30 challenges · 1201 teams
2,660 ptsGlobalANONDGR
#140
HTB Cyber Apocalypse 2025
64/77 challenges · 8,130+ teams worldwide
46,775 ptsGlobalANONDGR
Offensive Security Services

What I Hack For You

🌐
Web App Penetration Testing
Full black/grey/white-box assessment. OWASP Top 10, business logic, auth bypasses, injection chains. Professional CVSS-scored report with retest.
OWASP Top 10Auth BypassSQLiXSSIDOR
🔌
API Security Testing
REST / GraphQL / SOAP API audit. JWT tampering, mass assignment, SSRF, BOLA/BFLA, broken function-level auth across your full API surface.
JWT AuditSSRFBOLAGraphQL
🔍
OSINT & Recon Services
Deep intelligence on your digital footprint. Brand impersonation detection, leaked credentials, dark web monitoring, subdomain & attack surface mapping.
Brand IntelDark WebSubdomain Enum
📋
VAPT & Vulnerability Assessment
Structured VAPT for SMEs and startups. Identify, classify, and prioritize vulnerabilities across web, mobile, and cloud. Executive-ready PDF reports.
CVSS ScoringRisk PriorityExec Report
🎓
Bug Bounty Mentorship
Guided 0 → first bounty journeys. Custom OSINT techniques, hunting methodologies, report writing. Build or improve a bug bounty program from scratch.
1:1 CoachingMethodologyProgram Setup
🔴
Red Team & CTF Design
Custom red team exercises and CTF challenge design. Real-world attack simulations, reverse engineering, exploit chaining, and blue team training scenarios.
Red TeamingCTF DesignBlue Team
Technical Arsenal

Skills & Proficiency

Offensive Techniques
OSINT & Recon95%
Web Exploitation92%
API Security Testing90%
Privilege Escalation85%
Reverse Engineering78%
Tools & Domains
Burp Suite / Postman93%
Python Scripting82%
Cryptography80%
Digital Forensics77%
YARA / Threat Hunting75%
Certifications & Training

Credentials & Badges

🛡️
CNSP — Network Security Pro
The SecOps Group
🔌
ACP — API Security Professional
APIsec University
⚔️
API Penetration Testing
APIsec University · 12hr Labs
🌐
Intro to Cybersecurity
Cisco Networking Academy
🎄
Advent of Cyber 2024
TryHackMe · 25-day challenge
🐧
Linux PrivEsc Badge
TryHackMe
🎯
YARA Threat Hunting Lab
TryHackMe
💳
Mastercard Cyber Program
Forage Virtual Experience
Open For Engagements

Hire Me / Engage

Looking to stress-test your digital assets before attackers do? Whether you're a startup, an enterprise, or an individual — I bring proven offensive security skills, elite CTF credentials, and ethical discipline to every engagement.

🏆
Proven Track Record
Responsible disclosures at Nykaa, Zerodha, DTDC, BrandMuscle. Multiple Hall of Fame recognitions.
🌍
Elite CTF Credentials
Top 22 globally at Black Hat USA, Top 14 in AI vs Human CTF. Skills tested against the world's best.
📋
Professional Deliverables
Every engagement: CVSS-scored report, PoC steps, remediation guidance, and a retest offer.
🔒
Ethics First, Always
Coordinated disclosure. No data exfiltration. Client confidentiality non-negotiable. NDA available.
// Contact Terminal
Available Now
// Services Available
Web Application Penetration Testing
API Security Assessment
OSINT & Digital Footprint Analysis
Vulnerability Assessment (VAPT)
Bug Bounty Mentorship & Consulting
Red Team & CTF Challenge Design
Security Awareness Training
// How to engage: Email your project, scope, and timeline to contact@genzctf.com. Response within 24 hours. NDA available on request.