~ Hello World ~
I am Harsh Bothra

Senior Security Consultant | Cobalt Core Team Lead & Pentester | Synack Red Teamer | Bugcrowd Top 150 Hackers & MVP 2020 | Author | Speaker | Trainer | Poet | Learner

                        Working Day & Night to make Cyber Space safe & secure.



About Me

Hey World, I am Harsh Bothra. Here's a little about me :)

Harsh Bothra is currently working as a Senior Security Consultant at RedHunt Labs and is also one of the Core Pentester & Team Lead at Cobalt.io. He holds a bachelors degree in Computer Science & Engineering, and his significant interests revolve around Application Security, Penetration Testing & Red Teaming. Harsh loves to participate in various bug bounty programs and are currently ranked under Top 180 Researchers & MVP for 2020 Q1-Q2 on Bugcrowd and is a part of Synack Red Team. He actively blogs about his security findings and interesting learnings on Medium Publications. He has authored two books on Hacking, primarily focusing on beginners. Harsh's book has been previously recommended by NITTR-Chandigarh & AICTE (Govt. of India bodies). He holds 60+ Hall of Fames from various companies and tested over 600+ Applications. He loves to talk about multiple cyber security stuff and has carried out many sessions related to Cyber Security, Ethical Hacking & Application Security. He is always ready to support and mentor people the best way he can. Harsh recently completed his one year long learning challenge named as Learn365

Download CV

Skills

Web Application Penetration Testing

API Penetration Testing

Internal & External Network Penetration Testing

Mobile Application Penetration Testing (Android & iOS)

Source Code Review





Cloud & Container Configuration Review [AWS, Azure & Docker]

Thick Client Penetration Testing

Security Tools - Burp Suite, Nmap, Metasploit, Sqlmap & Others

Python, Php, Bash, Javascript

Writing & Communication - Blogs, Articles & Reports

Experience

Cobalt Core

Core Team Lead & Pentester

November 2020 - Present

Featured Pentester @https://cobalt.io

Performing Penetration Testing on Web Application, Network, Mobile, Thick Client and Cloud Configuration Reviews for the top clients world-wide. As a team lead, I am responsible to successful execution of a penetration testing, ensuring quality and collaboration between the testing team along with vulnerability triaging and reviewing.

RedHunt Labs

Senior Security Consultant

March 2021 - February 2022

Wprked as a Senior Security Consultant at RedHunt Labs, my responsibilities included end-to-end penetration testing, open source intelligence, configuration review, reporting and client communication.

Detox Technologies

Cyber Security Analyst

August 2020 - February 2021

Worked as a Cyber Security Analyst at Detox Technologies, my responsibilities included Manual Penetration Testing of Web Application, Internal and External Network, APIs, Mobile Applicaiton, Thick Clients, Threat Modeling, Cloud Configuration Review, Phishing Simulation, Red Teaming Simulation, Reporting & Documentation. Apart from that I work along with team to implement knowledge transfer, implementing streamlined approach to penetration testing, providing knowledge to public via blogs & pre-recorded sessions.

Security Innovation

Security Engineer

August 2019 - August 2020

Worked as a Security Engineer at Security Innovation, my responsibilities included Manual Penetration Testing of Web Application, Internal and External Network, APIs, Mobile Applicaiton, Thick Clients, Threat Modeling, Cloud Configuration Review, Reporting & Documentation.

Synack Red Team

Red Team Member

April 2020 - Present

Accessing & Securing the applications.

Bugcrowd

Freelance Researcher

February 2020 - Present

Accessing & Securing applications.

Cyber Square Info Solutions

Founder

September 2017 - August 2019

Projects & Publications

SecurityExplained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Take Me There!

Resources Wiki

Single place to find all the resources I have created.

Written in Bash

Take Me There!

Learn 365 Challenge

Repository of Notes from learning of each day under #learn365 Challenge

Give a Try

Project Bheem [Archived]

Open Source Scope Based Reconnaissance Tool

Written in Bash

Give a Try

Hacking: Be a Hacker with Ethics

Khanna Publishers

Recommended by AICTE (Cyber Security Reference Book) & NITTTR-Chandigarh

2016

Get a Copy

Mastering Hacking - The Art of Information Gathering & Scanning

Khanna Publishers

2019

Get a Copy

Wall of Fame

CVE-2020-24849

CVE-2020-23868

CVE-2020-23989

Stackpath

ConvertKit

Xfinity Home & xFi

Statuspage

Naspers

ISC2

Hubspot

Socrata

Transferwise

Arlo

Redox

Telefonica Germany

Sophos

Gusto

Dell Technologies

Overstock

InVision

Humble Bundle

Mastercard

You Need a Budget

Jet.com

Centrify

SAP Concur

MasterCard VDP

Cybrary

Canva

35+ Private Programs

Certifications & Achievements

eWPTXv2

eLearnSecurity

9362555

eCPPTv2

eLearnSecurity

9276703

Certified Ethical Hacker v10

EC-Council

2019 - 2021

Bugcrowd MVP for 2020 Q1

Bugcrowd

2020 Q1

Introduction, Unix, Essential, PCAP, White & Serialize Badge

PentesterLab

Qualys Certified Specialist - Vulnerability Management

Qualys

Fortinet NSE Level-1 & Level-2

Fortinet

IBM Data Science Track

IBM

Certified Information Security Expert & Certified Web Application Security Expert

Innobuzz Knowledge Solutions

2013 - 2016

Introductory certifications in Python, Python Data Science Toolbox, Intermediate Python, R, SQL for Data Science

Datacamp

Deep Learning for Computer Vision

NVIDIA Deep Learning Institute

5th Runner Up - HackerCup India

2016

11th Rank - Ground Zero Summit - No Escape: CTF

2015

Letter of Acknowledgement for Project Bheem by Symbiosis Center for Information Technology

2020

Talks & Sessions

Exploiting Misconfigured JIRA Instances for $$

Find Talk Here

Got Cookies? Exploiting Vulnerabilities in Cookie Based Authentication

Find Talk Here

Pentester Diaries EP-2: 2FA Bypass Techniques

Find Talk Here

Security Talks by Harsh (Collection of all Security Talks by Me)

Find Playlist Here

Buggy Wisdom: Tales of Bug Hunting and How You Can Do It Too!

Find Podcast Here

Bug Hunting Tactics - Cyber Sentinel UPES Dehradun

Find Talk Here

Interview - GrayHat Conference 2020

Find Talk Here

Speaker - Red Team Village at GrayHat Con 2020

Find Talk Here

Speaker - Red Team Village at C0c0n 2020

Find Talk Here

Speaker - Bug Bounty Village at C0c0n 2020

Find Talk Here

Speaker - Cyber June'gle 2020 by Defcon Red Team & Texas Cyber

Find Talk Here

Speaker - Null Bhopal September Meetup

Find Talk Here

Offensive Recon - Bug Hunter's Playbook

Find Talk Here

Speaker - TheQuest 0x03 by We Are Plymouths

Find Talk Here

Trainer: 3-day Cyber Security Workshop at RNB Global University

Guest Speaker: Cyber Security Practices at RNB Global University

Session: Cyber Security Essentials at Wadia College, Pune

Guest Speaker: Penetration Testing at Vivekanand Institute of Technology, Jaipur

Guest Speaker: All India Radio, Jaipur

Speaker: Cloud Security Alliance Dehradun, 2016

Community Engagements

OWASP-Jaipur Chapter Leader

2016-2018

Organizer: Cyber Square Summit 2016

Head of Technija Cyber Security Club at Amity University Rajasthan

OWASP-Bikaner Chapter Leader

2019-2020

Education

B.Tech - Computer Science with Minors in Management Studies

Amity University Rajasthan

2015-2019

8.12 CGPA

High School

Yadav Bharti Senior Secondary School

2014-2015

81%

Get in Touch

Drop me a Email at below address:

hbothra22@gmail.com