Skip to content
View XploitGh0st's full-sized avatar
2 followers · 3 following

Highlights

  • Pro

Block or report XploitGh0st

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
XploitGh0st/README.md

Nanda Kumaran G

Ethical Hacker · Bug Bounty Researcher · Cryptography & SS7 Explorer

Typing animation about focus areas

Email badge LinkedIn badge Bugcrowd badge

"Secure the signal. Break the noise. Ship the fix." — operating mantra

┌─[nkg@cyberdeck]─[~/offsec]
└──$ status --verbose
status : online
stack  : offensive security / deep crypto / telecom edge
focus  : vulnerabilities that matter, reports that get patched

🛰️ Threat Radar

  • 🕶️ B.E. Cyber Security student (Easwari Engineering College) obsessed with practical exploit design and clean disclosure.
  • 🎯 Active bug bounty researcher across Bugcrowd targets (KFC, OPPO) delivering reproducible PoCs and mitigation playbooks.
  • 🛡️ Creator of VAPT playbooks for Fluent X clients; lead Null EEC Chapter ops, spinning up CTFs and blue-team vs red-team drills.
  • 🧪 Research rabbit holes: post-quantum primitives, blockchain threat models, SS7 signaling interception, covert channels.

⚙️ Mission Modules

Surface Mission Packet Current Experiments
Web & API Break auth flows, smash logic bugs, chain low severity to payouts. Multi-tenant auth bypass lab, automated recon pipelines.
Cryptography Stress-test smart contracts, roll custom proofs, adversarial fuzzing. Solidity escrow vault, BB84 key-exchange simulator.
SS7 / Telecom Track insecure routing, SIM swap vectors, SMS interception. Private lab with srsLTE + rogue HLR replay scripts.

🧰 Arsenal

Offensive Stack

Burp Suite OWASP ZAP Nmap Wireshark Metasploit Shodan Ghidra

Nikto ffuf

Crypto & Blockchain

Solidity Hardhat Ethereum Hyperledger

Foundry Zero-Knowledge Circuits

Cloud & Infra

AWS Azure Docker Kubernetes

AWS IAM AWS EC2 AWS S3 AWS VPC Azure AD Azure VNet Azure VMs

Scripting & Platforms

Languages and platforms

Kali Ubuntu

Telecom & IoT

Arduino Software Defined Radio IoT Sensors

SS7 Toolkits srsLTE Osmocom Sensor Integration

📡 Signal Log

  • SIH 2024 — Built the Track & Trace blockchain backend; team crowned national winners.
  • SARAM 2024 Project Expo — Runner-up showcasing Cipher-Connect secure comms suite.
  • Fluent X — Delivered end-to-end VAPT with executive-ready remediation matrix.
  • Null EEC Chapter — Vice President coordinating CTF design, purple-team workshops, and campus cyber drills.

🔬 Live Experiments

  • Automating recon-to-report pipelines with Python, Nuclei, and custom correlation logic.
  • SS7 attack surface lab with SDR hardware, mapping paging channel abuse scenarios.
  • Quantum-safe key exchange demos blending QKD concepts with practical app integrations.

🤝 Connect

  • 📧 Kumarangnanda@proton.me
  • 🔗 linkedin.com/in/nanda-kumaran-g
  • ☁️ Always up for collaborations on offensive research, stealth crypto primitives, or telecom resilience.
"If it is exploitable, it is fixable." — Ping me before the bad actors do.

Popular repositories Loading

  1. CVE-2025-26794-exploit CVE-2025-26794-exploit Public

    SQL injection exploit for CVE-2025-26794 in Exim 4.98. Automated data extraction via time-based blind SQLi. For authorized penetration testing only.

    Python 2

  2. CVE-2025-48932---exploit CVE-2025-48932---exploit Public

    Python 2

  3. ElAnswer ElAnswer Public

    Your invisible AI assistant that reads your screen and answers any question in seconds. Just press a hotkey, and let ElAnswer do the thinking ...

    Python 2 1

  4. kubernetes kubernetes Public

  5. UI10_useless_suspect UI10_useless_suspect Public

    C++

  6. blackc4ts blackc4ts Public