Suyash Khare

About Me

Highly motivated final-year B.Tech Cyber Security student with a strong passion for offensive security. Skilled in identifying, exploiting, and documenting critical security vulnerabilities through hands-on experience in vulnerability assessment and penetration testing. Proficient in developing security tools and exploiting OWASP Top 10 vulnerabilities using platforms such as Metasploit, Burp Suite, and Nmap. Eager to apply practical, real-world cybersecurity skills in an entry-level Penetration Tester or Security Analyst role.

Experience

State Cyber Cell HQ, Bhopal | Intern (July 2025)

- Engineered a Flask-based web vulnerability scanner for internal use by the State Cyber Police to automate security testing of web applications used in investigations and departmental operations.
- Observed and learned mobile forensics and hard drive forensics procedures, such as data acquisition, hashing, evidence preservation, and chain-of-custody practices.
- Delivered a forensics training session to 10+ ASIs across Madhya Pradesh, teaching mobile and hard-drive forensics procedures while collaborating with fellow interns to guide officers through real investigation workflows.

The Red Users | Intern (Jan–Feb 2025)

- Practiced and completed multiple OWASP WebGoat labs, including injection, XSS, authentication flaws, and broken access control to strengthen web application security skills.
- Gained hands-on experience in identifying and mitigating real-world web vulnerabilities using ethical hacking tools and secure coding practices.

Global Defensive Security | Intern (Oct–Nov 2024)

- Executed a comprehensive vulnerability assessment on a client web application, utilizing Nmap for reconnaissance and Burp Suite for in-depth analysis.
- Authored a detailed final assessment report for the development team, documenting the testing methodology and confirming the application's robust security posture.

Projects

Website Vulnerability Scanner (Python, Flask, ReportLab)
- Built an automated web vulnerability scanner to identify high-risk issues like XSS, SQL Injection, CSRF, and Clickjacking across multiple website pages.
- Designed a simple Flask web interface, allowing users to start scans and view results without technical knowledge.
- Implemented multi-threaded scanning to significantly reduce total scan time and increase coverage across input fields and endpoints.
- Added automatic PDF security reporting using ReportLab — includes findings, screenshots, impact level, and recommended fixes.
Impact: Enables companies to quickly understand their cybersecurity risks and take corrective action before vulnerabilities can be exploited — bridging the gap between technical security findings and business decision-making.
Basic Honeypot (Python, Custom Web Environment)
- Developed and deployed a low-interaction honeypot on a custom website to detect and monitor unauthorized access attempts.
- Created fake login pages to intentionally attract attackers and record malicious authentication attempts in real-time.
- Implemented IP tracking and logging, capturing details such as attack frequency, timestamps, and failed login patterns.
- Integrated GeoIP lookups to identify attacker locations and analyze trends based on geographical origin.
Impact: Helps security teams understand attacker behavior and identify early signs of intrusion. Provides valuable intelligence for improving security controls, hardening login systems, and increasing resilience against automated attacks and brute-force attempts.
Port Scanner Script (Python, Sockets)
- Built a command-line port scanner using Python’s socket library to perform network reconnaissance and identify open TCP ports on a target system.
- Implemented custom timeout handling and connection logic to improve scan accuracy and avoid false positives.
- Designed clean console output that highlights open and closed ports for easier analysis during penetration tests.
- Developed to integrate easily into a broader pentesting workflow, such as Nmap follow-up scans or service fingerprinting.
Impact: Helps penetration testers and security analysts quickly identify potential entry points in a network, improving reconnaissance efficiency and reducing time spent manually checking ports before deeper exploitation phases.

Project Videos

Website Vulnerability Scanner – Demo

Detects XSS, SQLi, CSRF & Clickjacking with automated PDF reporting.

Honeypot Project — Live Attack Capture Demo

Fake login pages capturing attacker IP, login attempts & GeoIP logs.

Port Scanner Script — Recon & Enumeration

Python-based port reconnaissance using raw sockets for pentesting.

CTF & Practical Labs Experience

TryHackMe Labs

Successfully compromised 160+ vulnerable machines across multiple TryHackMe rooms.
Hands-on practice with Nmap, Hydra, Metasploit, Burp Suite, John the Ripper, reverse shells, SSH tunneling, and privilege escalation.
Applied OSINT techniques during reconnaissance to uncover publicly exposed information useful for exploitation.
Used a structured penetration-testing workflow: reconnaissance → exploitation → privilege escalation → post-exploitation → documentation.

Impact: Strengthened practical penetration-testing ability and developed the same structured attack workflow used by real-world security analysts — scanning → exploitation → privilege escalation → post-exploitation → documentation.