Skip to content
View ev1lm0rty's full-sized avatar
40 followers · 0 following

Achievements

Achievement: QuickdrawAchievement: StarstruckAchievement: Pull SharkAchievement: Arctic Code Vault Contributor

Achievements

Achievement: QuickdrawAchievement: StarstruckAchievement: Pull SharkAchievement: Arctic Code Vault Contributor

Block or report ev1lm0rty

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ev1lm0rty/README.md

Shubham Arya

Senior Product Security Engineer — securing large-scale consumer platforms across gaming, fintech, and telecom.

🌐 ev1lm0rty.com · 📧 shubham_arya@outlook.com · 💼 LinkedIn

What I Do

  • Threat Modeling & Architecture Reviews - STRIDE-based assessments for backend microservices, public APIs, and new product features
  • Adversarial Security Assessments — uncovering P0s including account takeover chains, pipeline compromises, and data exposures
  • Application Security - DAST, SAST, SCA, Android security, WAF management across high-scale production environments
  • Security Automation - building tools that scale security coverage without scaling headcount
  • Bug Bounty — co-managing Bugcrowd program end-to-end at Dream11

Featured Projects

Project Stack Description
HTB-Recon Python, Bash Automated recon script for HackTheBox machines
LazyScripts Python, Bash Focused scripts for pentesting and bug bounty workflows
Dump-Programs Python Automated extraction of VDP and bug bounty scopes from Bugcrowd, HackerOne

Writing

Skills

Security: Threat Modeling (STRIDE), DAST (Burp Suite, OWASP ZAP), SAST (Checkmarx, Fortify, BlackDuck), SCA, API Security, Android Security (Frida, jadx), WAF (AWS WAF), MITRE ATT&CK, OWASP

Cloud & Infra: AWS, GCP, Orca Security, CSPM, CI/CD Security, ELK Stack

Languages: Python, Bash, Java, Go, JavaScript

Highlights

  • Podium finisher at national-level CTF competitions including DeathBell and ByteCyberLabs
  • 5+ years securing large-scale consumer platforms across fintech, telecom, and gaming

Pinned Loading

  1. HTB-Recon HTB-Recon Public

    Automated Recon Script for Hackthebox machines (hackthebox.eu)

    Shell 55 13

  2. LazyScripts LazyScripts Public

    Quick and dirty scripts for pentesting.

    Python 41 8

  3. Dump_Programs Dump_Programs Public

    Dump bug bounty scopes from bug crowd, hackerone etc.

    Shell 10 2

  4. Writeups Writeups Public

    Writeups for wargames and vulnerable machines.(HTB, Overthewire, Rootme etc.)

    PowerShell

  5. New-Feed New-Feed Public

    Centralised platform for research, news and videos.

    Python 1

  6. ImSleepy ImSleepy Public

    Python 9 8