About

About

Introduction

I’m Neh Patel, a passionate security engineer hailing from India. With a year of professional experience in vulnerability assessment and penetration testing, I bring a diverse skill set and a solid background in securing web applications, mobile platforms, APIs, and conducting red teaming exercises.

Skills

  • Vulnerability Assessment and Penetration Testing (VAPT)
  • Web Application/Mobile Penetration Testing
  • Red Teaming
  • API Penetration Testing
  • Docker
  • Network Penetration Testing and Security
  • Frameworks: MITRE, NESSUS, Metasploit
  • Operating System: Linux, OSI, TCP IP

Professional Experience

  • Deloitte (Attack Surface Management and VAPT Engineer)
    • Gathered valuable insights during my internship at Deloitte, enhancing my skills in vulnerability assessment and penetration testing.
  • Securr Tech (Internal Audit/Vulnerability Manager & Automation Engineer)
    • Occupied a role similar to the position I’m applying for, where I actively managed internal audits, vulnerabilities, and spearheaded automation initiatives.

Achievements

  1. Recognized in the leaderboard of Microsoft’s Most Valuable Security Researcher of the Year.
  2. Ranked 22 globally in Microsoft’s Top Security Researcher leaderboard for the third quarter.
  3. Hall of Fame in Google, Apple, and Microsoft for reporting quality bugs.
  4. Top 30 Bug Hunters on the Bugbounter platform.
  5. Acknowledged by Lenovo Security Team.
  6. Champion with the highest points at the Null Ahmedabad Penetration Testing/Bug Bounty competition.

Professional Certificates

  • eJPTv2 - eLearnSecurity Junior Penetration Tester (February 2024)
  • ICCA - INE Certified Cloud Associate (February 2024) - Specialized in Cloud Security and Vulnerabilities for AWS, Azure, and GCP.
  • IBM Cybersecurity Analyst Professional Certificate (September 2022) - Equivalent to CEH and eJPT, covering Network Security, Database Vulnerabilities, Cyber Threat Intelligence, Penetration Testing, Incident Response, and Forensics.

Open Source Contributions

SCRIPTKIDDI3

Introducing SCRIPTKIDDI3, a powerful recon and initial vulnerability detection tool crafted specifically for Bug Bounty Hunters. This tool, built using a variety of open-source technologies and a shell script, empowers users to swiftly execute scans on target domains and identify potential vulnerabilities.

Key Features:

  • Reconnaissance: Gathers crucial information like subdomains and running services using nuclei.
  • Vulnerability Scanning: Utilizes collected data to scan for known vulnerabilities and potential attack vectors, highlighting high-risk issues.
  • Misconfiguration Detection: Identifies misconfigurations and insecure default settings using nuclei templates, ensuring proper system configurations.

Why SCRIPTKIDDI3:

  • Efficiency: Conduct thorough and efficient recon and vulnerability assessments.
  • User-Friendly: Streamlined processes for quick and effective scans.

Let’s Find Bugs with SCRIPTKIDDI3!

Explore SCRIPTKIDDI3 on GitHub.