I break things professionally
so attackers can't
I'm Nash N Sulthan — a security engineer who has spent 8+ years finding the cracks before the bad guys do. From bypassing admin panels of fintech platforms to uncovering critical flaws in national e-voting systems, I specialize in turning "it's probably fine" into "it's actually secure."
I've helped build AI-powered vulnerability scanners, red-teamed high-profile targets, spoken on network security at ISRO's Vikram Sarabhai Space Centre, and organized CTF competitions that trained the next generation of hackers. When I'm not testing your defenses, I'm probably writing tools to automate the process.
What I Do
Penetration Testing & Vulnerability Assessment
Deep-dive security testing for web applications, APIs, mobile apps, servers, and network infrastructure. I go beyond automated scanners — manual exploitation, business logic flaws, and chained attack paths that tools miss. Aligned with OWASP Top 10, SANS, and PCI-DSS standards.
Red Teaming & Offensive Security
Adversary simulation that tests your detection and response, not just your perimeter. I've identified exposed internal endpoints from public-facing services, bypassed authentication on critical systems, and mapped attack paths that span multiple security boundaries.
Cloud Security & DevSecOps
Security architecture reviews and hardening for AWS, Azure, and GCP environments. Secure CI/CD pipeline design with GitHub Actions, Terraform-based infrastructure as code, Kubernetes security, and container hardening. SOC deployment using Wazuh, ELK, and CloudTrail integrations.
Security Tooling & Automation
Custom security tools in Python, Golang, and Bash. I've built AI-powered vulnerability scanners that reduced false positives significantly, fully automated out-of-band vulnerability testing frameworks, and dark web monitoring tools used by law enforcement.
Compliance & Secure Development
Implementation support for PCI-DSS, NIST 800-53, ISO 27001, and GDPR. Secure code review, threat modeling, security awareness training, and building a secure-by-design culture across engineering organizations.
Arsenal
Speaking
-
Nov 2022
Vikram Sarabhai Space Centre (VSSC) — ISRO
Network Security & Cybersecurity — talk at India's premier space research centre
-
Aug 2022
Seasides Conference
Goa — Hands-on Threat Hunting workshop for 200+ security professionals
-
Aug 2022
OWASP Kerala
Threat Hunting — detection & mitigation best practices workshop
Track Record
-
→
Swiss Post e-Voting System — Critical VulnerabilitiesPublic security test. Reported multiple critical flaws; contributed 8% of all accepted submissions. (2019)
-
→
P1 — Leading UK Fintech CompanyIdentified and bypassed PyPICloud admin account, protecting millions of users. (2022)
-
→
Picnic International — Hall of FameReported vulnerabilities in website and mobile app. Listed in Picnic's Hall of Fame. (2022)
-
→
Top 100 — Hack The BoxGlobal Top 100 ranking on the world's leading offensive security platform.
-
→
Dark Web Monitoring Tool — Kerala Police CyberdomeBuilt a monitoring tool for HAC'KP / Kerala Police to track illicit dark web activities. Top Contributor.
-
→
OWASP Kerala — Board MemberDriving secure software development practices and community events across Kerala.
-
→
c0c0n CTF — Organizer & Tech Lead (2018–2024)Designed and ran Capture The Flag competitions focusing on reverse engineering and web app security.
-
→
Natana CTF — Organizer & Tech LeadOrganized CTF competitions for Technopark employees to build offensive security skills.
-
→
GTech MuLearn — Core MemberFostering peer-to-peer tech learning in a community of 16,000+ members.