VY

Vivek Yadav

Cyber Security Engineer

Schedule call

whoami

0xd3vil - A Hacker who dons a white hat by day and transforms into a Cyber Security Engineer to protect the internet.


Specialize in identifying and mitigating vulnerabilities across Web, Mobile, API, and Cloud environments. Expertise spans Threat Detection, Firewalls, Log Analysis, Malware Analysis, SIEM, DevOps, Vulnerability Research & Management, Source Code Review, and Security Automation.


Helped secure over 100+ top internet companies, addressing 250+ critical security vulnerabilities, and have been honored in the Security Hall of Fame by Google, Apple, Dell, Domino’s, Xiaomi, and more. Achievement Gallery


Received recognition from the Dutch Government (NCSC) and the Government of India (NCIIPC) for my contributions.


Ranked among the Top 50 Ethical Hackers globally (July 2023 - March 2024)


This is just a quick snapshot of my journey!


Feel free to reach out about anything— CyberSecurity, Tech, or even life in general 😊. I’m always happy to connect and help however I can! 🤝


Posts

Spring-Kafka Deserialization Vulnerability (CVE-2023-34040) Analysis

Vulnerability in Spring Kafka ErrorHandlingDeserializer that allows remote code execution through deserialization of records from untrusted sources, emphasizing the need for proactive security in software development.

    How I Hacked Topmate to Edit Any User’s Profile Reviews

    I identified a critical vulnerability that allowed me / attacker to edit reviews/testimonials of any Topmate user’s profile — including the founder. Vulnerability enables malicious actors to manipulate review content and compromise user reputations on the platform.

      Integrate Dependency Track with Jenkins CI/CD for SBOM — A Complete DevSecOps Guide

      A step-by-step guide on integrating Dependency Track with Jenkins, enabling automated vulnerability management within the CI/CD pipeline to enhance software security through SBOM generation and analysis.

        How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?

        Discovery of an account takeover vulnerability in a Web3 application using Google OAuth, which allowed unauthorized access to a victim account without credentials.

          All Posts