bash — 80x24
root@aman:~# whoami
aman_kumar_panda — red_team_operator | penetration_tester | offensive_security
root@aman:~# cat mission_brief.txt
> Specializing in red team operations, web application exploitation, and adversary simulation.
> Architect of Aegis-AI and PhantomEye OSINT.
> Seeking to breach defenses before adversaries do — then document exactly how.
root@aman:~# ./init_portfolio --verbose
ACCESS GRANTED
root@aman:~#

System Profile

I am an offensive security practitioner and Master of Computer Applications candidate who lives in the attack surface. My core discipline is red teaming and penetration testing—mapping attack paths, chaining vulnerabilities, and demonstrating real-world business impact before adversaries do.

I don't just run scans; I weaponize findings. From manual exploitation of SQL injection and authentication bypass flaws to post-exploitation lateral movement in lab environments, I simulate advanced persistent threats to harden defenses. My toolkit spans Burp Suite, Metasploit, OWASP ZAP, and custom Python scripts.

I also build offensive tooling: SecProbe, an AI-assisted web security scanner that audits HTTP headers, SSL configs, and exposed ports with CVSS-style scoring and automated remediation guidance. Whether it is breaking into a web app or engineering a full-stack AI-driven NDR like Aegis-AI, I operate with the mindset that "the best defense is a well-documented offense."

STATUSACTIVE ● LIVE
ROLERed Team / Penetration Tester
CLEARANCECEH v12 CERTIFIED
LOCATIONJunagarh, Odisha, IN
EDUCATIONMCA (Cybersecurity & Forensics)
PROJECTS DEPLOYED03
TECH STACKS15+
SPECIALIZATIONNDR & Offensive Security
UPTIMECalculating...

Arsenal

[+] Security Tools

Burp SuiteNessusNmapWiresharkMetasploitOWASP ZAPOpenVASFTK ImagerMaltegoKali LinuxParrot OS

[+] Languages & Frameworks

PythonFastAPIFlaskAsyncIOPHPJavaScriptHTML5/CSS3MySQLscikit-learnscapypandasNumPy

[+] Networking & Protocols

TCP/IPDNSHTTP/HTTPSPacket AnalysisFlow ReassemblySubnettingVLANsWebSocket

[+] Frameworks & Standards

OWASP Top 10OWASP Testing GuideNIST CSFISO 27001CVSS ScoringSDLC

Operation Logs

Cybersecurity Intern & Professional Trainee

07/2024 – 12/2024
Hacker School (A Unit of Cartel Software)
  • Completed 200+ hours of intensive training in ethical hacking, threat analysis, and incident response methodologies.
  • Executed manual and automated penetration tests on web applications using Burp Suite and OWASP ZAP; identified and documented SQL injection, XSS, CSRF, and authentication bypass vulnerabilities with CVSS scoring.
  • Conducted network reconnaissance and vulnerability scanning using Nmap and Nessus; analyzed scan results to prioritize critical findings and recommend remediation strategies.
  • Simulated real-world attack vectors using the Metasploit Framework to validate defensive controls and support remediation planning.
  • Analyzed network traffic using Wireshark to detect anomalies and potential IoCs in simulated enterprise environments.

Operations & HR Intern

06/2024 – 09/2024
IKKASA
  • Managed end-to-end recruitment operations and onboarding for 15+ new hires, ensuring accurate employee records and streamlined documentation workflows.
  • Coordinated cross-functional administrative activities and supported founders with operational process optimization.
  • Developed standardized documentation templates that improved onboarding efficiency and reduced administrative overhead.

Deployed Assets

Aegis-AI
Intelligent Network Behavior Analysis System
Critical
PythonFastAPIZeekSuricatascikit-learnXGBoostTensorFlowKafkaElasticsearchGrafanaDocker
An AI-driven Network Detection and Response system combining Deep Packet Inspection with multi-model ML (Isolation Forest, XGBoost, LSTM) to detect zero-day threats, APTs, and known attacks in real-time. Assigns a Threat Score (0–100) to each network flow and classifies them as Benign through High Risk.
PhantomEye OSINT
Open Source Intelligence Framework
High
PythonFlaskSQLiteRequestsBeautifulSoupShodan API
An automated OSINT reconnaissance framework that aggregates intelligence from multiple open sources. Performs domain enumeration, email harvesting, subdomain discovery, and social media footprinting. Generates comprehensive target profiles with automated report generation for red team pre-engagement phases.
SecProbe Scanner
AI-Assisted Web Security Auditor
High
PythonFastAPIOpenSSLNmapCVSS
An AI-assisted web security scanner that audits HTTP security headers, SSL/TLS configurations, and exposed ports. Provides CVSS-style severity scoring with automated remediation guidance for each finding. Designed for continuous security assessment in CI/CD pipelines.
▸ Aegis-AI — System Flow
Raw Network Packets ┌──────────────┐ libpcap Capture TCP, UDP, ICMP, HTTP, DNS, HTTPS Packet Sniff └──────┬───────┘ ┌──────────────┐ Zeek / Deep Packet Inspection — parse headers + payload Suricata └──────┬───────┘ ┌──────────────┐ Feature Extract: packet size, timing, flags, Extraction entropy, flow duration, protocol └──────┬───────┘ ┌─────────────────────────────────────────────┐ ML Inference Engine Isolation Forest XGBoost LSTM (Anomaly Det.) (Known Atks) (Seq.) └──────────────────┬──────────────────────────┘ ┌──────────────┐ Threat Score 0–100 → BENIGN / LOW / MEDIUM / HIGH RISK Aggregator └──────┬───────┘ │ Score > 75 → Trigger Alert ┌──────────────┐ Dashboard Grafana / React — live traffic, alerts, flow table & Alerts └──────────────┘
▸ PhantomEye OSINT — System Flow
Target Input (Domain / IP / Email / Username) ┌──────────────┐ Input Normalize target, validate format, Parser route to appropriate modules └──────┬───────┘ ┌─────────────────────────────────────────────┐ Reconnaissance Modules Domain Enum Subdomain Email (WHOIS/DNS) Discovery Harvesting (Amass) (Hunter.io) Social Media Shodan IP DNS Records Footprinting Intelligence (A/AAAA/MX) └──────────────────┬──────────────────────────┘ ┌──────────────┐ Data Correlate findings, deduplicate, Aggregator build unified target profile └──────┬───────┘ ┌──────────────┐ Report PDF/JSON output with attack surface Generator summary for red team pre-engagement └──────────────┘
▸ SecProbe Scanner — System Flow
Target URL ┌──────────────┐ Target Resolve domain, check HTTPS, identify Resolver open ports via Nmap └──────┬───────┘ ┌─────────────────────────────────────────────┐ Audit Modules HTTP Header SSL/TLS Port Security Configuration Scan Analysis (OpenSSL) (Nmap) CSP Check HSTS Verify Info Leak CORS Policy Cipher Suite Detection └──────────────────┬──────────────────────────┘ ┌──────────────┐ CVSS Score each finding (0.0–10.0), Scoring Low / Medium / High / Critical └──────┬───────┘ ┌──────────────┐ Remediation Auto-generated fix guidance Report per finding — JSON / PDF export └──────────────┘

GitHub Intel

GitHub Stats
Top Languages

Research Feed

2025 — In Progress
Aegis-AI: Intelligent Network Behavior Analysis for Zero-Day Threat Detection Using Deep Packet Inspection and Ensemble Machine Learning
Research paper documenting the design and evaluation of Aegis-AI — a multi-model ML approach (Isolation Forest + XGBoost + LSTM) for real-time network threat detection. Covers DPI-based feature engineering, behavioral anomaly detection bypassing signature limitations, and prototype validation on CIC-IDS2017 with >85% classification accuracy.
NDRDPIMLZero-DayCIC-IDS2017
In Progress
2025 — In Progress
DHCP Defence: An Automated DHCP-Aware Network Defense System for Attack Detection and SDN-Based Traffic Rerouting
Research paper proposing an intelligent DHCP-aware defense framework using SDN for real-time attack detection and automated traffic rerouting. Addresses DHCP starvation, rogue servers, MAC spoofing, and DDoS by integrating ML-based behavioral analysis, multi-layer device authentication, and dynamic SDN controller actions for attacker isolation and legitimate traffic rerouting.
DHCPSDNMLNetwork SecurityTraffic Rerouting
In Progress

Academic Roots

Master of Computer Applications (MCA)
Specialization: Cybersecurity & Digital Forensics
2023 – 2025
Bachelor of Science (B.Sc)
Computer Science
2020 – 2023
CEH

Certified Ethical Hacker v12

EC-Council | 2024

PTS

Professional Penetration Tester

Hacker School | 2024

Secure Channel

Initiate Contact
Available for red team engagements, penetration testing projects, cybersecurity collaborations, and offensive security research opportunities.