JOSHUA S
offensive security · red team
M.Tech CSE student passionate about offensive security, specializing in bug bounty hunting, CTFs, and penetration testing. Focused on uncovering vulnerabilities, refining exploitation tactics, and delivering actionable impact.
- Alias h3xh7wk
- Base Coimbatore, India
- Work Bug Bounty, Penetration Testing, CTF Player
- Web / API testing
- Network testing
- Source Code Review
- CTF Methodology
- Advanced Web Exploitation
- Cryptography & Forensics
- Reverse Engineering
- OSINT & Threat Intelligence
- FPV Drone Racing
- Homelab Setup
- Hardware Hacking
- PC / Console Gaming
- ASUS ROG STRIX G16
- Arch Linux
- Hyprland
- Minecraft
- GTA 5 RP
For collaborations, security engagements, or CTF builds — send a message.
h3xh7wk@gmail.com
Certified Associate Penetration Tester
Hands-on certification validating core pentest methodology, tools, and techniques across reconnaissance, exploitation, post-exploitation, and reporting.
Certified Red Team Analyst (CRTA)
Hands-on certification validating end-to-end adversary emulation across Windows/Active Directory: initial access, privilege escalation, lateral movement.
Multi-Cloud Red Team Analyst
Hands-on credential focused on offensive operations across cloud environments, covering cloud reconnaissance, identity abuse, privilege escalation in hybrid scenarios.
Active Directory Red Team Specialist
Hands-on certification focused on Active Directory attack paths, including privilege escalation, lateral movement, and operational reporting.
Certified Purple Team Fundamentals (PTF)
Officially recognized under the Community Edition track for completing the Purple Team Fundamentals examination, focused on bridging offensive and defensive security workflows.
Cyber Security Professional
Passed the W3Schools Cyber Security certification exam and awarded the Cyber Security Professional credential (professional level). Certificate of completion issued July 6, 2025.
Cyberthon Winner
Secured 1st place at SRM Institute’s 24-hour cybersecurity hackathon. Built a project to identify the IP address behind a dark web (.onion) site, focused on darknet investigations and red team tradecraft.
CTF Quest 2025
3rd Place
Secured a top-three finish in the CTF Quest at THIRAN 2025, representing Sri Ramakrishna Engineering College and solving real-world cybersecurity challenges with peers.
CTF Quest 2026
3rd Place
Secured 3rd position in CTF Quest at Sri Eshwar THIRAN 2026, representing Sri Ramakrishna Engineering College and solving practical cybersecurity challenge tracks.
EncipherX 4.0 CTF
2nd Place
Awarded 2nd place in EncipherX 4.0 CTF hosted by St. Vincent Pallotti College of Engineering and Technology, Nagpur (Feb 7–8, 2026).
EncipherX 4.0 CTF
Best Player
Received the “Best Player” title at EncipherX 4.0 CTF for standout problem-solving performance and consistent challenge clears across the event.
SREC Hackathon 2.0 2nd Place
Secured 2nd place at SREC Domestic Hackathon 2.0 with team SyncSphere for an OD & event management system.
R00T@W4R CTF 2025
3rd Place
Secured 3rd place at R00T@W4R CTF 2025, organized by the Dept. of CSE (Cybersecurity), PSNA College of Engineering & Technology, Dindigul. Awarded Certificate of Winner — Star Performer on Aug 2, 2025.
Cybercom CTF 2025
3rd Place
Secured 3rd place with Team Knull in Cybercom CTF 2025 (Chennai, Sept 27–28). Awarded a Certificate of Appreciation; verification code CYB-6L2Z-V9P4.
Amor Mortis CTF 2026
3rd Place
Secured 3rd place in Cybercom’s Valentine-themed “AMOR.MORTIS” Capture The Flag held in Chennai (Feb 14–15, 2026), demonstrating strong competitive cybersecurity problem solving.
Flag Hunter 2.0
4th Place
Placed 4th overall after finals in Flag Hunter 2.0, with strong clears in forensics and web plus steady progress in OSINT, crypto, and speed rounds.
YesWeHack Bounty
$250 Reward
Received a $250 payout for reporting an Improper Access Control vulnerability (CWE-284), rated Medium severity (CVSS 5.3), with triage acknowledgment and points awarded.
YesWeHack Bounty
$100 Reward
Received a $100 payout for reporting an Improper Authentication vulnerability (CWE-287), rated High severity (CVSS 8.2), with validated impact and platform recognition.
Advent of Cyber 2025
Completed TryHackMe’s Advent of Cyber 2025, covering SOC operations, web exploitation, and digital forensics over 24 days of hands-on challenges.
Israel–India Hackathon 2026
1st Place
Won 1st place at the Israel–India Global Innovators Hackathon 2026 at Sri Ramakrishna Engineering College. Built “The Traffic Simulator,” a synthetic SIEM/XDR log generator with anomaly injection.