Cyber Security Expert
I'm Yogi Atram

Yogi Atram — Security Analyst & Bug Bounty Researcher

CEH v13 certified Security Analyst & Bug Bounty researcher. I protect web apps, APIs, and infrastructure from the increasing sophistication of modern attackers. Start protecting your data today.

Yogi Atram
Bug Hunter
Security Researcher
Red Team Operator
Yogi Atram
0+
Engagements
0+
Bugs Disclosed
0.0
Max CVSS
0
CVE Chained
01About

An operator who actually ships disclosures.

0+
Vulns Disclosed
0
Hall of Fame
CEH v13
Certified
0+ yr
Field Experience
whoami

Security Analyst with hands-on experience across vulnerability assessment, web application penetration testing, and API security. Passionate about finding and responsibly disclosing weaknesses before they get exploited.

CEH v13 certified, currently delivering criticals through direct disclosure programs and client engagements at FORnSEC Solutions. Looking to contribute to and grow inside a collaborative security team that takes offense seriously.

Web PentestingAPI SecurityAuth BypassMobile / APKRecon & OSINTResponsible Disclosure
Currently
Security Analyst Intern
FORnSEC Solutions — Nagpur
ACTIVE
Education
B.Voc Cybersecurity
St. Vincent Pallotti CoET · 2023—2026
Certified
CEH v13 — EC-Council
Certified Ethical Hacker
02Services

What I do, end to end.

Six core engagements I take on.

Web Application Pentesting
OWASP TOP 1001

Web Application Pentesting

End-to-end WAPT following OWASP Top 10 — auth flows, business logic, IDOR, injection, SSRF.

API Security Assessment
REST · GRAPHQL02

API Security Assessment

Deep API reviews using Burp & Postman — authz failures, CORS misconfig, rate-limit and token issues.

Mobile App Security
ANDROID · APK03

Mobile App Security

Android APK static + dynamic analysis with MobSF, Apkleaks and Jadx — leaked secrets, broken trust.

VAPT & Network Audits
NESSUS · RAPID704

VAPT & Network Audits

Nessus / Rapid7 driven vulnerability assessments with prioritized, actionable remediation reports.

Code & Config Review
CLOUD · CI/CD05

Code & Config Review

Static review of cloud configs, Firebase, AWS IAM, and CI/CD pipelines for misconfigurations.

Red Team Research
0DAY · POC06

Red Team Research

CVE chaining, CSP/auth bypass research, and PoC weaponization for direct responsible disclosure.

03Experience

Work I've shipped on the clock.

Internship · Ongoing

Security Analyst Intern

FORnSEC Solutions, Nagpur
2025 — 2026
Scope 01

Performed VAPT, WAPT, and API security assessments using Burp Suite and Postman across 12+ client engagements spanning government portals and private sector organizations.

Scope 02

Conducted web application penetration testing, API security reviews, and network audits following OWASP Top 10 methodology across diverse client environments.

Scope 03

Documented vulnerabilities with detailed proof-of-concept write-ups and exploits; delivered remediation reports for each assessment.

04Findings

Selected vulnerabilities, responsibly disclosed.

Featured criticals across direct disclosure programs and bounty work.

Stored XSS via SVG Upload — Hall of Fame
HIGH
ACKNOWLEDGED
Linktree

Stored XSS via SVG Upload — Hall of Fame

Linktree

Stored XSS via SVG Upload — Hall of Fame

Stored XSS · File Upload

SVG upload pipeline on Linktree's user-content CDN (ugc.production.linktr.ee) accepted scriptable SVGs without sanitization, executing arbitrary JavaScript in the linktr.ee origin on direct file access.

Impact

Stored XSS in the user-content origin — session theft and account takeover surface against authenticated users. Acknowledged by Linktree via Bugcrowd; researcher credited in the program Hall of Fame.

Stored XSS → Account Takeover
HIGH · 8.8
MITIGATED
SciSpace

Stored XSS → Account Takeover

SciSpace

Stored XSS → Account Takeover

Stored XSS · CVE chain

PDF viewer ran an outdated PDF.js (CVE-2024-4367), allowing arbitrary JS via a malicious PDF. Combined with cookies missing the HttpOnly flag, this chained into full Account Takeover.

Impact

Any logged-in user opening a crafted PDF could be silently hijacked. Resolved after direct disclosure.

Account Takeover via Chrome Extension — CSP Bypass
HIGH
DISCLOSED
Hardened Web App

Account Takeover via Chrome Extension — CSP Bypass

Hardened Web App

Account Takeover via Chrome Extension — CSP Bypass

Session Hijacking · CSP Bypass

PoC Chrome extension read auth tokens directly from IndexedDB, forwarded them to a service worker, and POSTed the payload to an attacker server. Page-level CSP never fired — extension service workers are exempt by browser design.

Impact

Any user installing a lookalike extension loses their session silently. Full ATO. Mirrors Socket Research (Apr 2026): 108 malicious extensions, 20,000+ users compromised via the same content.js → background.js → C2 path.

Firebase emailVerified Bypass → Auth Bypass
CRITICAL · 9.1
ACKNOWLEDGED
Blink.new

Firebase emailVerified Bypass → Auth Bypass

Blink.new

Firebase emailVerified Bypass → Auth Bypass

Authentication Bypass · CWE-287

Firebase Identity Toolkit /accounts:update accepted a client-controlled emailVerified: true. Any signup could self-certify as verified, skipping the email workflow entirely.

Impact

Trivially scriptable bypass enabling mass verified-account creation, pre-account takeover, premium-feature abuse, and reputation manipulation. Reviewed by Blink team.

Hardcoded AWS Cognito Credential Exposure
HIGH
DISCLOSED
Audible (Amazon)

Hardcoded AWS Cognito Credential Exposure

Audible (Amazon)

Hardcoded AWS Cognito Credential Exposure

Mobile · Credential Exposure

6 hardcoded Cognito Identity Pool IDs in the Audible Android APK granted unauthenticated write access to production Kinesis streams and AWS Pinpoint across 4 AWS accounts.

Impact

Telemetry tampering and unauthenticated writes to production AWS resources.

Payment Bypass — Client-Side Callback Tamper
HIGH
DISCLOSED
Poorvika.com

Payment Bypass — Client-Side Callback Tamper

Poorvika.com

Payment Bypass — Client-Side Callback Tamper

Business Logic · Payments

A cancelled UPI transaction could be modified client-side to reflect success, completing orders without actual payment. Server never re-verified the PayU callback.

Impact

Free orders at scale — direct financial loss.

1-Click ATO via Stored XSS
HIGH
DISCLOSED
Kimi AI

1-Click ATO via Stored XSS

Kimi AI

1-Click ATO via Stored XSS

Stored XSS · ATO

Stored XSS triggered via a crafted ShareChat share link enabling full account takeover with zero user understanding.

Impact

Single click → session theft → full account control.

CORS Misconfiguration in DevRev Chatbot
HIGH
DISCLOSED
Frontegg / DevRev

CORS Misconfiguration in DevRev Chatbot

Frontegg / DevRev

CORS Misconfiguration in DevRev Chatbot

CORS · Credential Exfil

Wildcard Origin reflection paired with Access-Control-Allow-Credentials: true on api.devrev.ai enabled cross-origin credential exfiltration against authenticated users.

Impact

Any malicious origin could read authenticated DevRev API responses.

Firebase API Key Misconfiguration (2 Reports)
MEDIUM
PATCHED
Napkin AI

Firebase API Key Misconfiguration (2 Reports)

Napkin AI

Firebase API Key Misconfiguration (2 Reports)

Misconfiguration

Firebase API key lacked HTTP referrer restrictions — enabling email enumeration, unauthenticated account creation, and password reset flooding.

Impact

Spam, abuse, and account harassment vectors. Vendor deployed fixes post-disclosure.

SSO Login Bypass — Unverified Firebase Token
CRITICAL
DISCLOSED
Swayam (Govt. of India)

SSO Login Bypass — Unverified Firebase Token

Swayam (Govt. of India)

SSO Login Bypass — Unverified Firebase Token

Authentication Bypass

/set_cookies accepted unverified Firebase tokens, allowing authenticated sessions for arbitrary government email addresses without password or email ownership.

Impact

Full impersonation of any registered user on a Govt. of India platform.

05Hall of Fame

Acknowledged by the targets I broke.

Vendors and platforms that confirmed, mitigated, or patched the issues I responsibly disclosed.

// disclosed
Linktree
Stored XSS · Hall of Fame
HIGHACK · 01
// disclosed
SciSpace
Stored XSS → ATO
HIGHACK · 02
// disclosed
Blink.new
Firebase Auth Bypass
CRITICALACK · 03
// disclosed
Swayam · Gov.in
SSO Login Bypass
CRITICALACK · 04
// disclosed
Audible · Amazon
AWS Cognito Exposure
HIGHACK · 05
// disclosed
Kimi AI
1-Click ATO
HIGHACK · 06
// disclosed
Poorvika
Payment Bypass
HIGHACK · 07
// disclosed
Frontegg / DevRev
CORS Misconfig
HIGHACK · 08
// disclosed
Napkin AI
Firebase Misconfig
MEDACK · 09
// disclosed
Hardened Web App
CSP Bypass · Ext
HIGHACK · 10
06Arsenal

Tools & domains I operate with.

Burp SuiteBurp SuitePostmanPostmanNessusRapid7OWASP ZAPOWASP ZAPNiktoMobSFWapitiApkleaksJadxLinuxLinuxNmapMetasploitMetasploitHydraSQLMapFridaBurp SuiteBurp SuitePostmanPostmanNessusRapid7OWASP ZAPOWASP ZAPNiktoMobSFWapitiApkleaksJadxLinuxLinuxNmapMetasploitMetasploitHydraSQLMapFrida
[ domains ]
// Operational Focus

Where I strike.

  • Web App Pentesting
    WAPT
  • API Security Testing
    API
  • Vulnerability Assessment
    VAPT
  • Network Auditing
    NET
  • Mobile App Security
    MOB
  • OWASP Top 10
    OWASP
// Toolkit · 12 active
hover_to_inspect()
Burp SuiteWeb Proxy
Burp Suite
Intercept, fuzz & exploit HTTP flows
// ready
PostmanAPI
Postman
API recon, auth & schema abuse
// ready
Scanner
Nessus
Network & host vulnerability scans
// ready
Scanner
Rapid7
InsightVM enterprise assessments
// ready
OWASP ZAPWeb Proxy
OWASP ZAP
Active & passive web scanning
// ready
Recon
Nikto
Web server misconfig discovery
// ready
Mobile
MobSF
Static & dynamic APK / IPA audit
// ready
Scanner
Wapiti
Black-box web vulnerability scan
// ready
Mobile
Apkleaks
Secrets & endpoints from APKs
// ready
Reverse
Jadx
Decompile DEX → readable Java
// ready
LinuxOS
Linux
Daily driver for offensive ops
// ready
Recon
Nmap
Port scan, service & OS fingerprint
// ready
07Projects

Things I built to break things.

Hardware · Red Team

BadUSB Device

Keystroke-injection hardware platform that delivers reverse SSH shells on plug-in — built to demonstrate the physical attack surface most blue teams underweight.

Framework · Automation

VajraScan

Custom VAPT framework wrapping Wapiti, OWASP ZAP, and DirBuster behind a unified vulnerability reporting layer for streamlined client assessments.

08Certifications

Credentials & continuous learning.

Verified certificates from EC-Council and FORnSEC Solutions. Click any tile to view the full document.

2026 · Active
Certified Ethical Hacker (CEH v13)
EC-Council
2023 — 2026
B.Voc — Cybersecurity
St. Vincent Pallotti CoET, Nagpur
// Certificate gallery
verified · ec-council & fornsec
// 09 — Contact

Got a target that needs breaking?

Pentests, retainer engagements, or responsible disclosure coordination — drop me a line and I'll get back within 24 hours.

Start a conversation