Hello, I'm
Lokanath Pradhan
Cybersecurity Researcher · Bug Bounty Hunter · Developer
Cybersecurity professional with hands-on experience in web application & network vulnerability assessment, bug bounty research, and security tool development. 50+ vulnerability reports submitted across HackerProof, HackerOne, Bugcrowd, immunefi (Web3), and direct disclosures — with bounty-paid and resolved findings at Max Healthcare, Perfios, TATA Motors, HDFC Life, Synology, Adidas, and Hero MotoCorp. Critical-severity Web3 finding on Berachain. Proficient in Python, Go, JavaScript, and Shell scripting.
Technical Skills
Languages
Frameworks
Security Tools
Cybersecurity
Dev & Cloud
Vuln Classes
Experience
Independent Security Researcher
Bug Bounty — HackerProof, HackerOne, Bugcrowd, immunefi, Direct Disclosure
- 50+ vulnerability reports across 6+ platforms; findings include Bounty-Paid, Resolved, and In-Review statuses across public and private programs.
- HackerProof (Com Olho) — 38 reports at Max Healthcare, Perfios, Allcargo, TATA Motors, HDFC Life, Zerodha, Orient Electric and more. Bounty-paid: Unauthenticated PII Exposure (Perfios P4), Session Cookie Server-Side Exceptions (Max Healthcare P2).
- HackerOne — Reports at LinkedIn (Business Logic / Rate Limit Bypass, High), 8x8 (Host Header Injection / Cache Poisoning, Medium), Remitly, Deribit, Status (CVE-2025-59474).
- immunefi (Web3) — Critical finding on Berachain: Public RPC leaks live Mempool data via txpool_content, enabling frontrunning attacks (#50274).
- Direct Disclosure — SSRF + OAuth PII leakage (Adidas); Nginx Config Disclosure (Hero MotoCorp, acknowledged); CORS Misconfiguration CDN credential leakage, High (Synology).
- Bugcrowd — Directory Listing (Monash University), Prometheus Node Exporter on 26 production hosts (Opera), AWS Access Key Exposure, DNS Rebinding (Ibotta).
Python Intern
Twintechn Engineering & Design Technology Pvt. Ltd.
- Contributed to Python automation scripts during a 1-month internship.
- Gained practical exposure to real-world software engineering and development workflows.
Projects
CredStore
Cross-platform credential management / password manager app.
EvilEye
IoT offensive security tool based on ESP32 Node MCU.
TLDX
Top-level domain expansion tool using the IANA domain list.
403
HTTP 403 bypass tool for penetration testers.
CryptoCut
Web3 fuzzing tool for smart contract security testing.
turtle
CLI file sharing tool via Telegram Bot API with config automation.
netcon
Network misconfiguration discovery tool.
More tools and research available on my GitHub profile.
CTF & Security Labs
7+
HTB Badges
10
THM Paths
50+
Vuln Reports
6+
Platforms
Completed TryHackMe paths:
Certifications
Web Application Red Teaming
TryHackMe · THM-QTORDPWTLH
Red Teaming Certificate
TryHackMe · THM-MX2CT1OWUV
Web Application Pentesting
TryHackMe · THM-VFQY7ULUSF
Jr Penetration Tester
TryHackMe · THM-RZ5TO4GFL3
SOC Level 1
TryHackMe · THM-BWZLC7GWR8
Security Engineer
TryHackMe · THM-52XT7PRMM7
DevSecOps
TryHackMe · THM-6O8OSRSEXB
AWS Introduction to Containers
Amazon Web Services · a263bbef-b739-4f49-ad5a-073faa97ad71
Tech Mahindra Cybersecurity (MSDE Skill India)
NSDC · 9390e20a-9cac-48f7-9fb4-35eddca4aeae
ISC2 Candidate
ISC2 · 2a33246e-6a45-4269-a9dd-220cc3e1daa4
Cybersecurity Fundamentals
IBM · 31252357-04ef-4b8d-a97e-09334cc7d933
Education
CS & Engineering (Diploma)
KIIT Polytechnic, Bhubaneswar
PGDCA
UCC Utkal Computer Center
+2 / 12th
C.H.S.E Board, Odisha