Rishab Nayyar

Certified OSCP+, OSCP, and Security+ security professional with hands-on experience in penetration testing, vulnerability assessment, and red team operations.
Experienced in web, API, and mobile security testing, Active Directory attacks, and real-world offensive security scenarios.
Strong knowledge of security tools, emerging technologies, and best practices with a focus on practical exploitation and remediation guidance.
Passionate about continuous learning in offensive security, ethical hacking, and information security research.
Tech nerd who loves everything about computers.

Networking & Protocols: TCP/IP, LAN/WAN, VLANs, VPNs, Network Security, Firewalls, Switching, Routing, Troubleshooting.
Security Assessment & Pentesting: VAPT, SAST, DAST, OSINT, OWASP Top 10, SANS Top 25, MITRE ATT&CK framework, Red Team Operations.
Operating Systems: Windows Server & Desktop, Linux (Ubuntu, CentOS, Kali), macOS, Active Directory environments.
Cloud & DevOps: Azure, AWS, Docker, CI/CD pipelines, Python, Bash scripting, Infrastructure as Code security reviews.
Tools & Techniques: Nmap, Burp Suite, Metasploit, BloodHound, Impacket, Mimikatz, Tenable.io, gobuster, OWASP ZAP, Postman, Wireshark, and custom scripts for recon & exploitation.

Freelance — Penetration Tester / Bug Bounty Hunter
07/2021 – Present

Conducted security testing on web applications, APIs, and mobile platforms for organizations through HackerOne, Bugcrowd, private programs, and independent engagements.
Discovered vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), Insecure Direct Object References (IDOR), authentication bypass, and exposed API endpoints.
Reported findings with proof-of-concept exploits; several reports were marked as duplicates of previously reported issues or resolved internally.
Identified a security flaw in a college web application that exposed sensitive student data; responsibly disclosed the vulnerability, leading to remediation.
Executed Active Directory attacks in lab environments, including Kerberoasting, DCSync, SeImpersonatePrivilege, and credential dumping with Mimikatz/Impacket.
Performed reconnaissance, privilege escalation, and lateral movement across Windows/Linux targets, simulating real-world attacker tradecraft.

Microsoft — Future Ready Talent; Research Intern
02/2021 - 12/2021

Executed secure code reviews and web application testing within Azure environments.
Developed Python/Bash scripts to automate vulnerability scanning, report generation, and log parsing.
Educated teams on common security vulnerabilities and best practices.
Conducted security reviews in Azure environments, identifying cloud misconfigurations and IAM privilege escalation paths.

SISTMR Australia — Cybersecurity Intern
01/2022 - 05/2022

Conducted web, API, and network penetration testing targeting vulnerabilities like SQLi, XSS, and authentication bypass.
Performed web, API, and mobile application penetration tests aligned with OWASP Top 10.
Assisted in integrating security testing into DevOps workflows, including tool tuning and automation scripting.
Collaborated on red team style assessments including internal network and AD misconfiguration testing.
Documented findings and provided remediation guidance to development teams.

Bell Canada — Sales Representative
09/2024 – 11/2024

Configured secure networking solutions for customers, including VPN setups and remote access tools.
Consulted on secure networking and VPN deployments, ensuring compliance with corporate security policies.
Maintained strict adherence to data privacy regulations while using Salesforce and Microsoft Dynamics.

Sri Guru Gobind Singh College (SGGS College) - Chandigarh, India
01/2019 - 08/2022

Loyalist College — Ontario College Graduate Certificate in Cyber Security, Toronto
01/2023 - 08/2024