// INFORMATION SECURITY PRACTITIONER — INDIA

VrunSec

$ whoami — Red Teamer

Security practitioner building deep offensive skills through adversary simulations, hands-on labs, and real-world attack research. Documenting everything — for the community.

VIEW REPOS READ BLOG CONTACT

Vrun@kali:~$

Vrun@kali:~$ cat whoami.txt [ OK ] Loading... Name : Varun Singh Chauhan Location : India Focus : Red Team · Web · Network Platform : Real World Vrun@kali:~$ ls certs/ THM_AdventOfCyber.pdf AICLSA_July2025.pdf AICWSE_June2025.pdf AICWSA_Dec2024.pdf Vrun@kali:~$ _

01 //

ABOUT

I'm an Information Security practitioner with a deep focus on offensive security — red team operations, web application testing, and network security assessments. I build skills through real-world simulations and continuous self-directed research.

This site is my public knowledge base: raw lab notes, vulnerability disclosures, cert docs, and blog posts — covering everything from Linux internals to real-world attack vectors. Built to help beginners and fellow practitioners alike.

Professionally trained in Offensive Security and VAPT at Armour Infosec. I am currently giving back to the community as an active Volunteer at Security BSides Indore.

10+

CVES/BUGS

CERTS

HTB

HACK THE BOX

BSIDES

VOLUNTEER

02 //

SKILLS

Web App Security

OWASP Top 10 Web/API, manual testing methodology, exploitation and report writing.

BURP SUITEOWASPSQLiXSS

Red Teaming

Adversary simulation, attack chain development, evasion, lateral movement.

MITRE ATT&CKC2EVASION

Network Pentesting

Recon, enumeration, protocol attacks, exploitation on internal/external networks.

NMAPWIRESHARKTCP/IP

Linux Systems

Deep internals, server admin, privilege escalation paths, hardening.

BASHPRIVESCSYSTEMD

Windows & Active Directory

AD architecture, domain attacks — Kerberoasting, pass-the-hash, misconfigs.

ADKERBEROSLDAP

OSINT & Recon

Passive/active recon, attack surface mapping, target profiling.

SHODANOSINTRECON-NG

03 //

VULNERABILITY DISCLOSURE

CERT.PL CVE-2026-8171

Identified and reported an unauthenticated Reflected Cross-Site Scripting (XSS) and many other vulnerabilities. Assigned CVE-2026-8171 for the XSS; communication is ongoing for the remainder.

REFLECTED XSS CVE-2026-8171 CERT.PL

VIEW PROOF ↗

NCSC-NL & NCSC.CH COMMUNICATION ONGOING

Reported high-severity vulnerabilities covering Local File Inclusion (LFI) and severe PII/GDPR exposure. Communication is ongoing for CVE assignment.

LFI PII / GDPR NCSC

SQL INJECTION APPRECIATED

Reported Boolean and Union-based SQLi (10 databases dumped) to NCSC-NL, NCSC.CH, and CERT.PL. Received official appreciation (did not qualify for CVE).

SQLi NCSC-NL NCSC.CH CERT.PL

04 //

KNOWLEDGE REPOS

Webpentest PUBLIC

Detailed Vulnerabilities, exploitation techniques, and testing methodology for web application security assessments.

WEB OWASP EXPLOITATION

Network-Pentesting PUBLIC

Recon, Enumeration, Exploitation, Post Exploitation, Privilege escalation For Network Security Assessments.

NETWORK RECON ENUM

Linux-notes PUBLIC

Linux fundamentals to Administrative Roles — CLI, file systems, permissions, processes, system internals and Different Service Configurations for Enterprise Level Works.

LINUX CLI ROOT

Basic Networking & Windows ON REQUEST

Bios, Foundation of TCP/IP, DHCP & DNS, Windows Server Admin Roles.

TCP/IP WINDOWS AD ENTERPRISE

05 //