Profile Image

My name is MAHIN VM. I currently work as a Information Security Analyst at NDimensionZ Solutions. Experience in Bug Bounty programs and Cybersecurity Research. I am proficient in vulnerability assessment and penetration testing (VAPT). In 2018, I was awarded the Best Startup Award for my innovative contributions to web application features. Additionally, I secured the 2nd place in Microsoft's Bug Bounty Researcher Hall of Fame in March 2020.

Cybersecurity Education:

  • Diploma in Information Security and Cyber Defense (DISCD)

Latest Internship Experience:

  1. Three-month Information Security Analyst internship at NDimensionZ Solutions, Where I gained valuable hands-on experience in vulnerability assessment and penetration testing on various product-based applications using both manual and automated tools and reported the risk based on OWASP. Collaborated closely with client technical teams to address security gaps, providing tailored recommendations and guidance to achieve PCI DSS compliance. Led PCI DSS compliance assessments for multiple clients, evaluating their payment card processing environments, identifying vulnerabilities, and recommending actionable remediation strategies. Documented POCs and attack methodology on various vulnerabilities and prepared detailed reports. Performing static and dynamic security assessments on Android and IOS applications with tools like APKtool, APKeditor, Jadx, dex2jar, Mobsf, Drozer, Burp suite etc. Performed various types of security assessment on infrastructure devices such as firewalls, servers, WIFI and access-control devices etc. Hand-on experience with following tools- Nessus, Clone Systems, Acunetix scanner, checkmarkx, Jira, Mantis Bug Tracker, etc.
  2. Two-month VAPT internship at Redteam Cybersecurity Labs, where I gained valuable hands-on experience in vulnerability assessment and penetration testing.

Licenses & Certifications:

  1. CEH Master at EC-Council (Issued Jan 2023)
    2.
  2. Mobile Application Penetration Testing at TCM Security (Issued May 2023)
  3. DIPLOMA IN INFORMATION SECURITY AND CYBER DEFENSE (DISCD) at RedTeam Hacker Academy (Issued Jun 2023)
    4.
  4. API Penetration Testing at APIsec University (Issued May 2023)
    5.
  5. CEH PRATICAL at EC-Council (Issued Jan 2023)
    6.
  6. CEH at EC-Council (Issued Jan 2023)
    7.
  7. AWS Cloud Security at Amazon Web Services (AWS) (Issued Nov 2023)
    8.
  8. Preparing for Your Professional Cloud Security Engineer Journey at Google Cloud Training Online (Issued Nov 2023)
    9.
  9. Certified AppSec Practitioner (CAP) at The SecOps Group (Issued Dec 2022)
    10.
  10. SQL INJECTON ATTACKS at CodeRed (Issued Dec 2022)
    11.
  11. BEGINNER APPROACH TO BUG HUNTING at RedTeam Cybersecurity Labs LLP (Issued Feb 2022)
    12.
  12. Android Badge at PentesterLab (Issued Apr 2022)
    13.
  13. Recon Badge at PentesterLab (Issued Mar 2022)
    14.
  14. Jr Penetration Tester Learning Path at TryHackMe (Issued Dec 2021)
    15.
  15. Android Penetration Testing at Udemy (Issued Aug 2020)
    16.
  16. Android Ethical Hacking Practical Course C|AEHP (Issued Jul 2020)
    17.
  17. Advanced Penetration Testing at Cybrary (Issued Dec 2019)
    18.
  18. Penetration Testing and Ethical Hacking at Cybrary (Issued Mar 2019)
    19.

    Achievements/Honors & Bounties:

    • 55 Hall of Fame acknowledgments and 20 bounties from platforms like HackerOne, Bugcrowd, Zerocopter, Federacy, and VDP.

    • Assigned 3 CVEs.


    Work Experience:

    # Information Security Analyst, NDimensionZ Solutions Pvt Ltd (June 2024 - Present)

    • Performed vulnerability assessments on various product-based applications using both manual and automated tools.
    • Collaborated with client technical teams to address security gaps and provided tailored recommendations for PCI DSS compliance.
    • Led PCI DSS compliance assessments, evaluated payment card processing environments, and recommended remediation strategies.
    • Documented POCs and attack methodologies on various vulnerabilities and prepared detailed reports.
    • Conducted static and dynamic security assessments on Android and iOS applications with tools like APKtool, Apkeditor, Jadx, dex2jar, Mobsf, Drozer, Burp Suite.
    • Performed security assessments on infrastructure devices such as firewalls, servers, WiFi, and access-control devices.
    • Hands-on experience with tools like Nessus, Clone Systems, Acunetix scanner, Checkmarx, Jira, and Mantis Bug Tracker.


    Other Roles:

    • Source Code Analyst, Red Team Member at Pentabug
    • Security Researcher at huntr.dev
    • Founder & CEO at Fegazine
    • Volunteer at Kerala Police Cyberdome
    • Security Researcher at Bugcrowd & HackerOne
    • White Hat Hacker at RedTeam Hacker Academy


    Skills:

    • Vulnerability Assessment and Penetration Testing (VAPT)
    • Cloud Security
    • Bug Bounty Hunting
    • PCI DSS
    • Cybersecurity
    • Ethical Hacking
    • Web and Android Vulnerability Assessment
    • Programming Languages: C++, JavaScript, HTML, SQL, PHP, Bash Script, Python


    Projects:

    1. AEM-Finder Tool: An Adobe Experience Manager Internal Information Disclosure Vulnerability Scanner.
      2.
    2. IPGen Tool: Generating IP lists with additional features.
      3.
    3. Social Media App: 1st Prize Startup Winner.
      4.

rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora