root@kali:~#

Hemant Patidar

Security Researcher Penetration Tester Bug Bounty Hunter Ethical Hacker

Senior Application Security Engineer with 5+ years of hands-on experience. Author of 10+ CVEs, finder of 5,000+ valid bugs, and recognized by Apple, Google, US Department of Defense, Ferrari, and 100+ organizations worldwide.

0 Bugs Found
0 CVEs Published
0 Hall of Fames
0 Years Exp.
Download CV Get In Touch
{
0x
}
//
0xF4
0xA1
0x7C
0xBE
0x3D
0x92
0xE8
0x55
0x1A
0xC6
0x4F
0x73
0xDB
0x28
0x9E
0x61
0x0A
0xB5
0xF4
0xA1
0x7C
0xBE
0x3D
0x92
sudo
nmap
0xFF
root
ssh
0xCA
wget
0x3B
curl
grep
0xDE
exec
0x77
bash
sudo
nmap
0xFF
root
ssh
0xCA
wget
0x3B
curl
grep
1101
0010
1110
0101
1001
0110
1011
0001
1100
0111
1010
0011
1101
0010
1110
0101
1001
0110
1011
0001
1100
0111
1010
0011
$_
GET
=>
RCE
XSS
SQLi
IDOR
SSRF
LFI
RFI
XXE
CSRF
$_
GET
=>
RCE
XSS
SQLi
IDOR
SSRF
LFI
RFI
XXE
CSRF
0x41
0x90
0xCD
0x80
0xEB
0x1E
0x5B
0x31
0xC0
0xB0
0x04
0xFE
0x41
0x90
0xCD
0x80
0xEB
0x1E
0x5B
0x31
0xC0
0xB0
0x04
0xFE
// about_me

whoami

A brief introduction to who I am and what I do

Hemant Patidar — Ethical Hacker

Senior Security Researcher

Cybersecurity Enthusiast and Certified Ethical Hacker from India with 5+ years of hands-on experience in Application Security, Penetration Testing, Bug Bounty Hunting, and Security Research. Currently working as a Senior Application Security Engineer at Loginsoft, specializing in Penetration Testing across web, mobile, API, networks, and cloud environments, DAST, SAST, SCA, and Source Code Review.

Holder of industry-leading certifications including CEH Master, eWPTXv2, eCPPTv2, eJPT, CAPen, CAP, and CNSP. Author of 10+ CVE vulnerabilities and finder of 5,000+ valid security bugs. Recognized with Hall of Fames and bounty awards from Apple, Google, Meta, U.S. Department of Defense, Cisco, Netflix, Mastercard, Ferrari, and 100+ organizations worldwide. All-Time Top 10 on Yogosha with €50,000+ in bounties earned.

Name
Hemant Patidar
Location
Madhya Pradesh, India
Email
hello@hemantsolo.in
Company
Loginsoft
Download CV LinkedIn
// experience

Work Experience

Professional security roles and freelance bug bounty engagements

⚡ Full-time Roles

May 2022 — Present
Senior Application Security Engineer
Loginsoft, India
  • Source Code Review
  • CVE Research & Vulnerability Discovery
  • Reporting and Documentation
Dec 2021 — Apr 2022
Cyber Security Engineer
Technoxi, Dallas, TX
  • Web Application Pentesting
  • API Pentesting
  • Blog Writing & Documentation
Sep 2021 — Nov 2021
Cyber Security Consultant
Securelayer7, Pune, India
  • Web App Pentesting — Black, Grey & White Box
  • Infrastructure Pentesting — Internal & External
  • Android Application Pentesting
  • API Pentesting
Jul 2021
Application Security Intern
Netstar Overseas Software Services
  • Security check of eCommerce websites
  • Vulnerability documentation & mitigation
Jun 2020 — Aug 2020
Cyber Security Engineer
IsmileTechnologies, Chicago, IL
  • eCommerce website security assessment
  • Reporting & mitigation documentation
May 2020 — Jun 2020
VAPT Mentorship
Safehack, India
  • Guided 30+ VAPT interns
  • Secured client websites

🐛 Bug Bounty & Freelance

Aug 2021 — Present
Penetration Tester — All Time Top 10
Yogosha — Freelance
  • Secured 3rd Rank in Top Hackers S2 2021
  • Secured 6th Rank in Top Hackers 2021
  • Secured 1st Rank — RootedCon CTF Spain 2023
Jul 2022 — Present
Synack Red Team Member
Synack Red Team — Freelance
  • Web, API & Network Penetration Testing
Jan 2020 — Present
Security Researcher
HackerOne
  • U.S. DoD — Researcher of the Month (Feb 2021)
  • Reputation: 500+
Jan 2020 — Present
Security Researcher
Bugcrowd
  • Hall of Fame: 50+
  • Top 600 Hackers Globally
May 2020 — Present
Security Researcher
Open Bug Bounty
  • 50+ vulnerabilities reported
  • Recommendation from Vovsoft
Jan 2020 — Present
Security Researcher
NCIIPC India (A unit of NTRO)
  • Top 15 Researcher in NCIIPC Newsletter (Oct 2020)
  • Secured 40+ Indian Govt. websites
  • RCE, XSS, Rate Limiting & more
// education

Education

🎓

B.Tech — Civil Engineering

SRM Institute of Science and Technology, Chennai
2018 — 2022
CGPA: 8.6 (First Class with Distinction)
📚

High School — Mathematics

Himalaya International School, Ratlam, M.P.
2013 — 2018
Class 12th | Mathematics
// certifications

Certifications

Industry-recognized credentials validating my expertise

🛡️

eWPTXv2

Web App Penetration Tester eXtreme — INE
Jan 2024
🔐

CEH Master

Certified Ethical Hacker (Practical + Theory) — EC-Council
Dec 2023
🎯

CAPen

Certified AppSec Pentester — The SecOps Group
Dec 2023

CAP

Certified AppSec Practitioner — The SecOps Group
May 2023
🌐

CNSP

Certified Network Security Practitioner — The SecOps Group
May 2023
🔑

eCPPTv2

Certified Professional Penetration Tester — INE
2022
💻

eJPT

Junior Penetration Tester — eLearnSecurity
Mar 2021
📡

Intro to Cybersecurity

Cisco
Apr 2021
📱

Android App Penetration Testing

LinkedIn Learning
Oct 2021
// skills

Technical Skills

Core competencies in offensive security

Web Application Pentesting 95%
Network Pentesting 90%
API Security Testing 85%
Android App Pentesting 80%
Source Code Review 85%
CVE Research 80%
Bug Bounty Hunting 95%
Network Security 80%
// tools

Security Tools

Custom-built and open-source tools I use and contribute to

💥

AppCrasher

Private security reconnaissance & testing tool for finding application-level vulnerabilities at scale.

🔒 Private Tool
🔄

Code-Evolution-Tracker

Track and analyze code changes across repositories to identify security-relevant modifications and potential vulnerability introductions.

View on GitHub →
🎯

Host Header Injection Scanner

Automated vulnerability scanner to detect Host Header Injection vulnerabilities across web applications at scale.

View on GitHub →
// hall_of_fame

Hall of Fame & Recognitions

Acknowledged by 100+ organizations for responsibly disclosing vulnerabilities

🍎 Apple — Apple — Hall of Fame
🏎️ Ferrari — Hall of Fame
🇺🇸 US Dept. of Defense — Researcher of the Month
🔍 Google — Apple — Hall of Fame
📺 Netflix — Hall of Fame
💳 Mastercard — Hall of Fame
🌐 Cisco — Hall of Fame
🍗 KFC — Hall of Fame
🏨 OYO — Excellence Certificate
📝 WordPress — Hall of Fame
💻 Dell — Hall of Fame
📱 T-Mobile — Hall of Fame
💰 Paytm — Certificate of Appreciation
📡 NETGEAR — Hall of Fame
🎯 HubSpot — Hall of Fame
✈️ TripAdvisor — Hall of Fame
🔤 Grammarly — Hall of Fame
🎵 SoundCloud — Hall of Fame
🇮🇳 NCIIPC India — Top 15 Researcher
📧 Mailgun — Hall of Fame
🏆 Yogosha - All time Top 10
🛡️ Under Armour — Hall of Fame
🧴 Unilever — Hall of Fame
🔵 Indeed — Hall of Fame
🍎 Apple — Hall of Fame
🏎️ Ferrari — Hall of Fame
🇺🇸 US Dept. of Defense — Researcher of the Month
🔍 Google — Hall of Fame
📺 Netflix — Hall of Fame
💳 Mastercard — Hall of Fame
🌐 Cisco — Hall of Fame
🍗 KFC — Hall of Fame
🏨 OYO — Excellence Certificate
📝 WordPress — Hall of Fame
💻 Dell — Hall of Fame
📱 T-Mobile — Hall of Fame
💰 Paytm — Certificate of Appreciation
📡 NETGEAR — Cash + Kudos
🎯 HubSpot — Hall of Fame
✈️ TripAdvisor — Hall of Fame
🔤 Grammarly — Hall of Fame
🎵 SoundCloud — Hall of Fame
🇮🇳 NCIIPC India — Top 15 Researcher
📧 Mailgun — Hall of Fame
🏆 Yogosha - All time Top 10
🛡️ Under Armour — Hall of Fame
🧴 Unilever — Hall of Fame
🔵 Indeed — Hall of Fame
// cve_research

CVEs & Publications

Vulnerabilities I've discovered and responsibly disclosed

CVE-2020-29469
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-29470
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-29228
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-29230
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-29231
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-29233
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CVE-2020-24609
Security vulnerability discovered and responsibly disclosed.
View on MITRE →
CSCvu17992
Cisco security vulnerability identified and reported.
View on Cisco →
Google Dorks x5
Published 5 Google Dorks on Exploit-DB for OSINT and reconnaissance.
View on Exploit-DB →
// blog

Latest Writeups

Bug bounty writeups and cybersecurity research articles

How I earned $500 from Google
Sep 20, 2020

How I earned $500 from Google — Flaw in Authentication

Read writeup →
Account Takeover via Password Reset
Aug 06, 2021

Account Takeover (User + Admin) Via Password Reset

Read writeup →
Subdomain Takeover
Feb 07, 2022

Subdomain Takeover — A Complete Guide

Read writeup →
// services

Services

Freelance cybersecurity services for businesses and individuals

🕸️

Web App Pentesting

Comprehensive security assessment of web applications using manual testing and automated tools to find critical vulnerabilities.

🔌

API Security Testing

In-depth API penetration testing covering authentication, authorization, injection, and business logic vulnerabilities.

📱

Mobile App Pentesting

Android application security testing including static analysis, dynamic testing, and reverse engineering.

🌐

Network Pentesting

Internal and external network penetration testing to identify vulnerabilities in your infrastructure.

☁️

Cloud Pentesting

Security assessment of cloud infrastructure (AWS, Azure, GCP) including misconfigurations, IAM issues, and data exposure risks.

🤖

AI & LLM Security

Security testing of AI/ML models and LLM-powered applications including prompt injection, data leakage, and model manipulation.

⛓️

Web3 Security

Smart contract auditing, DeFi protocol security assessment, and blockchain application penetration testing.

🖥️

Thick Client Pentesting

Security assessment of desktop and thick client applications — reverse engineering, traffic interception, and local storage analysis.

🔎

Source Code Review

Manual security-focused code review to discover vulnerabilities that automated scanners miss.

🎓

Security Training

Live bug bounty bootcamp, VAPT training, and mentorship for aspiring security researchers.

🎓 Academy By SoloSecurities

Join our Live Bug Bounty Bootcamp and learn hands-on penetration testing from a professional security researcher.

Visit Academy
// faq

Frequently Asked Questions

Common questions about my services and expertise

A penetration test (pentest) is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. I simulate real-world attacks to find vulnerabilities before malicious hackers do, then provide a detailed report with remediation guidance.

I offer Web Application Pentesting, API Security Testing, Mobile App Pentesting, Network Pentesting, Cloud Security Assessment, AI & LLM Security, Web3 / Smart Contract Auditing, Thick Client Pentesting, and Source Code Review. Each engagement is tailored to your specific needs.

It depends on the scope and complexity. A standard web application pentest typically takes 1–2 weeks. Larger engagements involving multiple applications, APIs, or infrastructure can take 3–4 weeks. I'll provide a clear timeline after scoping your project.

You'll receive a comprehensive report including an executive summary, detailed vulnerability descriptions with proof-of-concept, risk ratings, and step-by-step remediation instructions. I also offer a follow-up call to walk through the findings and answer questions.

Yes! Through the Academy By SoloSecurities, I offer live Bug Bounty Bootcamps, VAPT training, and 1-on-1 mentorship for aspiring security researchers. Visit academy.solosecurities.com for details.

Simply reach out via email at hello@hemantsolo.in or call me at +91-8120771351. We'll discuss your requirements, scope, timeline, and budget to get started.

// contact

Get In Touch

Have a project or need a security assessment? Let's talk.

📧
📞