anand | cybersecurity engineer

root@anandsreekumar.com

=======================

cybersecurity engineer · bug bounty hunter · hybrid athlete

socials

-------

linkedinlinkedin.com/in/anandsreekumaras

twittertwitter.com/anandsreekumar_

githubgithub.com/anandsreekumaras

instagraminstagram.com/anandsreekumaras

stackoverflowstackoverflow.com/users/5317663/anand-a-s

what i do

=========

cybersecurity engineer

@ ey global delivery services

independent bug bounty hunter

write-ups

=========

cloudflare workers and d1 as a stealthy c2 framework for data exfiltration

march 2025 | cloudflare · c2 · evasion

dependency confusion on microsoft teams infrastructure

may 2024 | dependency confusion · supply chain · msrc

remote code execution via dependency confusion

march 2024 | rce · supply chain · h1

abusing graphql idor to delete another user's profile picture

july 2022 | graphql · idor

blind ssrf via dns rebinding

april 2022 | ssrf · dns rebinding

talks

=====

ghost math: syscall-only injection, deterministic shellcode & quic c2 — a modern edr bypass monograph

avar 2025 (28th edition) · december 2025

ghost math: syscall-only injection, deterministic shellcode & quic c2 — a full kill-chain that slipped past crowdstrike falcon

hacktivity 2025 · budapest · october 2025

def con trivandrum chapter meetup talk

dc0471 meetup 0x02 · september 2018 · photos

projects

--------

endropy [2026]

forensics for ethereum addresses — sanctions, deployer history & exploit-similarity checks

endropy.xyz

terminalcat [2026]

self-hosted web terminal backed by tmux — closing the browser doesn't kill your processes

terminalcat.anandsreekumar.com

tools

-----

knockknock [2019]

bash script for ip/host filtering via http status codes

github.com/anandsreekumaras/knockknock

chromeshot [2019]

headless chrome tool for visual recon

github.com/anandsreekumaras/chromeshot

miscellaneous

-------------

first prize, c0c0n 2024 ctf — news coverage

contact

-------

mail@anandsreekumar.com