anand | cybersecurity engineer

~/anand $ whoami

root@anandsreekumar.com

cybersecurity engineer bug bounty hunter hybrid athlete

linkedin ↗ twitter ↗ github ↗ instagram ↗ stackoverflow ↗

what_i_do

cybersecurity engineer

@ EY global delivery services

independent bug bounty hunter

write_ups

cloudflare workers & d1 as a stealthy c2 framework for data exfiltration
march 2025cloudflare · c2 · evasion
remote code execution via dependency confusion
march 2024rce · supply chain · h1
abusing graphql idor to delete another user's profile picture
july 2022graphql · idor
blind ssrf via dns rebinding
april 2022ssrf · dns rebinding

tools

knockknock [2019]

bash script for ip/host filtering via http status codes
[github] ↗
chromeshot [2019]

headless chrome tool for visual recon
[github] ↗

miscellaneous

✓ first prize, c0c0n 2024 ctf — news coverage
✓ talk at defcon dc0471 meetup 0x02 [september 2018] — event photos

contact

mail@anandsreekumar.com