A Security Researcher focused on offensive security and vulnerability research. Recognized by multiple organizations in the public and private sectors for responsible security disclosures and contributions to improving digital infrastructure security.
I'm Rokkam Vamshi (iamaangx028), a security researcher focused on offensive security. I enjoy pulling web apps, APIs, and networks apart to understand how they actually fail, chaining findings into real-world exploitation paths, and writing the automation that makes the hunt repeatable. I also document what I learn as weekly security writeups.
1 yr 9 mos
Leading continuous attack surface discovery and CVE research, I turn findings into validated, real-world exploitation paths. I build automation to scale reconnaissance, drive proactive red-teaming simulations of adversarial behavior, and own the mapping and monitoring of exposed assets across enterprise environments.
Supported the team's attack surface monitoring and vulnerability research — writing automation scripts, validating findings, and studying real-world exploitation techniques. This hands-on foundation is what I now build on in my analyst role.
7 mos
My first hands-on security role. Alongside the team I ran 30+ web, network, and API pentests under tight timelines, often with custom tooling — surfacing 50+ critical/high-severity issues including SQL injection, IDORs, account takeovers, unauthorized admin access, PII leaks, and business-logic flaws.
Sree Vidyanikethan Engineering College - Notable coursework in Computer Science & Cybersecurity
Access my Resume here
Domain-based recon engine with subdomain enumeration, deduplication, Nuclei scanning, and results in user friendly dashboard.
A powerful JavaScript enumeration and analysis tool for security researchers and penetration testers. Will make it Public once I complete working on it!
Lightweight terminal-based password manager with encryption for personal use.
A Burpsuite extension that is used to automatically highlight Burp HTTP history with different colors.
Practical certification demonstrating hands-on penetration testing skills and methodology. Covers network attacks, web application testing, and system exploitation.
Specialized training in API security testing, vulnerability assessment, and remediation strategies. Focuses on OWASP API Top 10 security risks.
A deep dive into WebApp, Network and AD security testing and remediation. It was a 100% hands-on practical exam based certification with custom report template. It covers various penetration testing methodologies and real-world scenarios.
Thank you for responsibly disclosing the information leakage finding on one of our Jenkins servers. We appreciate the professional manner in which the issue was reported.
❞
We extend our gratitude for your responsible disclosure of critical security vulnerabilities in our web portal. Your expertise helped protect sensitive educational data.
❞
Thank you for identifying and reporting the authentication bypass vulnerability in our research portal. Your contribution has significantly improved our security posture.
❞
We appreciate your responsible disclosure of the SSRF vulnerability in our internal API. Your detailed report allowed us to quickly remediate the issue.
❞
Thank you for your diligent effort in identifying and responsibly reporting the Blind XSS vulnerability in our Support Portal.
❞
You helped us in improving IT security at our University
❞
Explore my comprehensive weekly cybersecurity learning journey. Every writeup lives on a dedicated, interactive node-based map — read them in order or jump to whatever topic you need.
NCIIPC AICTE Pentathon 2024 Finalist. Attended my first ever offline CTF challenge. It was a fun and great learning experience.
Got a chance to meet the great minds of Cybersecurity. Thanks to Yassine Aboukir 🐐 for the entry Pass.
Attended BSides Vizag to connect with the local security community and learn from talks and hands-on sessions led by researchers across India.
@iamaangx028
@rokkam-vamshi
@iamaangx028
@iamaangx028