r0x5r

Offensive Security Professional

Rohit Sharma

Security Analyst | Bug Bounty Hunter — specialized in Web, API, Mobile, and Network Security.

View experience
Summary

Cyber Security Analyst with 4+ years in bug bounty and professional pentesting. Reported 500+ vulnerabilities across web, API, mobile, and network targets, and delivered 70+ pentest projects for startups and enterprises. Recognized by Apple (10x), Nvidia, Lenovo, RedHat, and more. Strengths include black-box/gray-box testing, scope validation, cloud audits, and actionable VAPT reporting.

About Me

I’m a Cyber Security Analyst focused on offensive security and continuous improvement. I conduct VAPT with an emphasis on black-box testing and exploit development to uncover critical vulnerabilities. I’ve reported 500+ vulnerabilities and completed 70+ professional pentest engagements, helping teams reduce misconfigurations and strengthen security posture across web, mobile, APIs, and networks. I’ve also contributed CVEs and received multiple Hall of Fame acknowledgments from industry leaders including Apple (10x), Nvidia, Lenovo, and RedHat.

Vulnerabilities Reported

500+

Pentest Projects

70+

Hall of Fame Acks

50+

Experience

  1. R

    Security Analyst — Breachlock

    • Pentesting across web, API, thick client, Android/iOS, and internal/external networks.
    • PCI DSS testing, phishing assessments, OSINT, and Microsoft 365 reviews.
    • Cloud audits on Azure, AWS, GCP, O365; streamlined PTaaS workflows and remediation tracking.
    • Mentored junior analysts on methodologies and exploitation techniques.
  2. A

    Security Analyst Trainee — Appzlogic

    • Led SAST/DAST and VAPT across web and API applications; authored security test cases.
    • Manually found 120+ vulnerabilities across 14+ pentests; improved client awareness.
  3. F

    Freelance Cyber Security Analyst — Various

    • Reduced vulnerabilities for clients by 30% through detailed reporting and VAPT.
    • Secured a proprietary trading platform handling $3.7M+ weekly payouts.
    • Specialized in OWASP Top Ten; contributed to security research with payouts.
  4. I

    Cyber Security Summer Intern — Cyber Cell

    • Assisted in investigations and incident response; conducted forensics and OSINT.
    • Created checklists, guidance for public security hygiene, and authored reports.
  5. B

    Bug Bounty & CVEs

    • Apple Inc. Hall of Fame (10x) through April 2024.
    • Nvidia Hall of Fame (Oct 2022); RedHat acknowledgment (Jul 2022); Lenovo InfoSec (May 2022).
    • Published CVEs: CVE-2022-3774, CVE-2023-5302.

Skills

Web Pentesting
  • OWASP Top 10
  • SAST/DAST
  • Secure Code Review
Mobile Security
  • iOS / Android
  • OWASP MSTG
API Security
  • REST / SOAP
  • AuthN/AuthZ
  • Scope Validation
Network & Thick Client
  • Internal/External
  • Threat Modeling
Cloud & Compliance
  • AWS / Azure / GCP
  • O365
  • PCI DSS
Ops & Reporting
  • SIEM Awareness
  • VAPT Reporting
  • PTaaS Workflows

Services for Companies

Tailored penetration testing and security assessments to strengthen your organization's security posture.

External & Internal Web/Network Assessments
- Black/gray box VAPT of web apps, APIs, and networks
- OWASP Top 10, misconfigurations, privilege escalation
- Actionable remediation guidance and retesting
iOS, Android & Thick Client Testing
- OWASP MSTG-aligned testing of mobile and thick clients
- Phishing simulation and social engineering resilience checks
- Secure storage, transport, and runtime protections
Microsoft 365 & Cloud Audits
- Microsoft 365 posture reviews, identity and access hardening
- Azure, AWS, GCP configuration and least-privilege reviews
- Monitoring, logging, and incident response readiness
Scoping & Validation
- Scope validation for APIs, mobile, cloud, and networks
- Testing strategy, timelines, and risk-based prioritization
- Compliance-aligned reporting (PCI DSS, ISO references)

Resume

Resume.pdf

Latest version available

Download PDF

Hall of Fame

50+ Security Acknowledgments

Recognized by leading organizations worldwide for responsible security disclosure

Apple Inc.

11 Times

July 2021 - July 2024

Multiple security acknowledgments across iOS, macOS, and web services

NVIDIA

Hall of Fame

Oct 2022

Graphics and AI platform security

RedHat Inc.

Hall of Fame

Jul 2022

Enterprise Linux and cloud security

SAP

Hall of Fame

Jun 2023

Enterprise software security

Lenovo

Hall of Fame

May 2022

Hardware and firmware security

Trend Micro

Hall of Fame

Jun 2022

Cybersecurity platform vulnerabilities

Duke University

Acknowledgment

Apr 2022

Academic infrastructure security

Drexel University

Acknowledgment

Sep 2022

Educational platform security

University of Turku

Acknowledgment

Feb 2023

Research system security

University of Houston

Acknowledgment

2022

Campus network security

Caterpillar Inc.

Hall of Fame

Sep 2022

Industrial equipment security

Michelin

Hall of Fame

Apr 2022

Automotive platform security

Ericsson

Hall of Fame

Jun 2021

Telecommunications security

Deutsche Telekom

Hall of Fame

May 2021

Network infrastructure security

Vodafone

Hall of Fame

Sep 2021

Mobile network security

Renault Group

Hall of Fame

Nov 2021

Automotive systems security

OSS.GG Hackathon

Recognition 2024

Oct 2024

Open-source security bug identification and reporting

NCIIPC India

Government Recognition

Mar 2021

Critical infrastructure vulnerability disclosure

Published CVEs

CVE-2022-3774

Security vulnerability disclosure

CVE-2023-5302

Coordinated vulnerability disclosure

Achievements & Recognition

Hall of Fame acknowledgments and security contributions across global organizations.
Apple logo
Nvidia logo
RedHat logo
Lenovo logo
Drexel logo
More logo
Published CVEs
  • CVE-2022-3774

    Vulnerability disclosure and remediation guidance

  • CVE-2023-5302

    Coordinated disclosure improving ecosystem security

Blog

Visit Medium

Contact

Send a message
Let's Connect

Open to security consulting, VAPT, and research collaborations. Connect with me on LinkedIn for the fastest response.

Primary Contact

linkedin.com/in/r0x5r
github.com/r0x5r
r0x5r.medium.com
Built with v0