I specialize in behavioral vulnerability research (SSRF, Webhook, Fetcher, and CORS behavior) and secure infrastructure management (Windows/Linux/Azure).
Currently:
- 𧩠Participating in Bugcrowd programs β Atlassian & Glean (responsible disclosure)
- π Apple Security Research Device (SRD) applicant β iOS Private Cloud Compute and Lockdown Mode focus
- π¬ Building small-scale PoCs, automation scripts, and safe fuzzing setups for SaaS security
- π‘ Strong advocate of ethical testing, coordinated disclosure, and real-world defense improvement
- Security: SSRF, CORS, Redirects, Fetch Analysis, XSS, API Hardening
- Cloud & Infra: Azure, Hyper-V, Active Directory, Linux System Admin
- Scripting: PowerShell, Bash, Python, Node.js
- Tools: Burp Suite, curl, Wireshark, Postman, nmap, Zaproxy
| Repo | Description |
|---|---|
| atlassian-behavioral-ssrf-poc | Safe demo showing how webhook fetchers respond differently across address spaces (RFC1918, metadata, external). |
| glean-webhook-probe-lab | Test harness replicating safe outbound fetch and error handling behaviors, used for vendor coordination. |
| srd-prep-tools | Scripts and environment setup used for iOS behavioral analysis and logging. |
| infra-scripts-automation | PowerShell and Bash automation for server configuration, patch management, and diagnostics. |
- π§βπΌ LinkedIn
- πΈοΈ Bugcrowd Researcher Profile
- π§ varunkumars@proton.me (security contact)
βExploring vulnerabilities to strengthen security β one responsible disclosure at a time.β π