I'm a Cybersecurity Practitioner

I'm a Tech Enthusiast

I'm an Exploit Creator

I'm a CTF Player

Hello👋,Myself Hrishikesh Patra

Cybersecurity Consultant at a Big 4 Firm - Safeguarding the Digital Frontier

About Me

Identification

I'm Hrishikesh Patra, a Cybersecurity Professional

I specialize in securing Web, API and Android applications by identifying and mitigating risks through comprehensive vulnerability assessments and penetration testing. With a strong focus on safeguarding APIs and IT infrastructures, I analyze threats, prioritize vulnerabilities, and implement effective remediation strategies.

In addition to security assessments, I develop custom security tools, create proof-of-concept exploits, and perform in-depth malware analysis to enhance protection. I stay updated with the latest security trends and technologies, constantly improving my skills. Whether working in teams or individually, I thrive in dynamic environments, seeking to contribute my expertise and grow in a challenging cybersecurity role.

3+

Years Experience

10+

Certificates

80+

Hours of Courses

10+

Projects Done

Resume

Profile

Experience

February 2025 - Present

Security Consultant

Ernst & Young Global Delivery Services (EY GDS), Kolkata

  • Delivered web application and API penetration testing for enterprise clients in banking, telecom, and media domains.
  • Discovered and validated high- and critical-risk issues including access control flaws, authentication bypasses, and sensitive data exposure.
  • Performed manual, scenario-driven testing aligned with OWASP standards to demonstrate real-world security impact.
  • Handled pre-engagement scoping, authorization validation, and testing readiness checks.
  • Worked closely with development teams to explain findings, guide remediation, and verify fixes through re-testing.
  • Produced clear, structured penetration testing reports with actionable remediation guidance.
  • Built and maintained 20+ Docker-based security labs for CTF-style exercises and internal skill assessments.

Centre for Development of Advanced Computing (C-DAC)

Deputed by ManpowerGroup Pvt. Ltd.

Kolkata, West Bengal, India

Assistant Information Security Analyst

May 2023 - February 2025

  • Promoted for consistent performance with expanded security assessment responsibilities.
  • Performed web, API, and Android security testing for government systems.
  • Identified and mitigated high-impact issues including payment bypass and RCE.
  • Built a CTF platform with 50+ challenges, training 300+ participants.
  • Implemented ISMS security controls and developed a CIS-aligned Windows audit tool.

Information Security Associate

March 2022 - April 2023

  • Conducted web, API, and mobile application security testing.
  • Reported vulnerabilities with clear remediation guidance.
  • Performed threat modeling and supported Android security reviews.

Education

August 2022 - July 2024

Master of Computer Application

JAIN (Deemed to be University)

Full-time MCA - CS and IT  (Online Mode)[UGC & AICTE Approved]
Acquired skills of Web Development, Python, PHP, Networking, DBMS, Computer Programming, Project management, etc.

Grade: A (9.04 CGPA)

November 2020 - December 2022

Diploma

Indian School of Ethical Hacking (ISOEH)

Diploma in Cybersecurity
Acquired skills of C, Python, Networking, Cybersecurity, Ethical Hacking, Penetration Testing, etc.

Grade: A

July 2019 - July 2022

Bachelor Degree

University of Burdwan

Chandannagar Government Collage (Duplex College)

Grade: A (7.41 CGPA)

Passing Year - 2019

Higher Secondary

West Bengal Council of Higher Secondary Education

Kanailal Vidya Mandir (English Section)

Grade: A (71.2%)

Passing Year - 2017

Secondary

West Bengal Board of Secondary Education

Kanailal Vidya Mandir (English Section)

Grade: A (62%)

My Skills

Vulnerability Evaluation70%

Risk Mitigation64%

Web Application Security70%

Android Application Security65%

Report Writing55%

Python72%

JavaScript55%

PHP66%

SQL45%

Download CV

Certificates

Credentials

Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here
Want to Show Details?
Click Here

Interest

Avocations

Malware Analysis

Performs Malware analysis using static and dynamic techniques like sandboxing and reverse engineering to identify behaviors, functionality, and threat vectors and also safe handling and detonating of malware.

API Testing

Interest in API testing, especially REST APIs, to ensure the functionality and security of web services.

Custom Rom Building

Knowledge of building custom ROMs for Android devices, device trees, and system customization, to create unique user experiences.

Android App Reverse and Modification

I do Android app reverse engineering and modification I can analyse APK files, decompile code, and use tools such as Apktool, JD-GUI, and Frida to modify apps to enhance their functionality or bypass certain restrictions.

Capture the Flag (CTF)

As a CTF player, I possess a strong ability to solve complex cybersecurity challenges and think outside the box. I am highly skilled in areas such as cryptography, reverse engineering, and web exploitation.

My Works

Projects

Follina Exploiter (CVE-2022-30190)Available in GitHub 

A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.

15+   10+ (On GitHub)

Android App Pentesting ChecklistAvailable in GitHub 

This repository contains a checklist of tasks and techniques that can be used to perform a comprehensive security assessment of an Android application.

3   1   1 (On GitHub)

WebPage Login BruteForceAvailable in GitHub 

A GUI tool for Brute Force Login in a web page with Python, hack accounts on any website with a good dictionary of words. Also brute force CSRF Token.

3   2 (On GitHub)

OWASP Top 10 for 2021 Practice GroundAvailable in GitHub 

OWASP21-PG is a practical lab for learning to identify and prevent web vulnerabilities, focusing on the OWASP Top 10 for 2021, with hands-on experience in all categories.

3   1   1 (On GitHub)

D-Dos Attack ScriptAvailable in GitHub 

A CLI Based Python3 Script For D-Dos Attack On Public IP Or Domain.

20+   5+ (On GitHub)

Stage ToolAvailable in GitHub 

A Steganography (LSB-Method) Tool For Hide-Unhide (Encode-Decode) Text From Image & Audio File. Also, Hide Image Behind An Image & Extract IT.

1 (On GitHub)

PastUSBAvailable in GitHub 

PastUSB is a powerful forensic tool for monitoring USB activity on Windows and Linux. It tracks device insertions and removals, provides device information, and helps detect unauthorized access.

1 (On GitHub)

Contact

Get in Touch

Address

Chandannagar, Hooghly
Kolkata
West Bengal, India