~/anand $ cat anand.txt
[email protected]
=======================
cybersecurity engineer · bug bounty hunter · hybrid athlete
socials
-------
linkedin
linkedin.com/in/anandsreekumaras
twitter
twitter.com/anandsreekumar_
github
github.com/anandsreekumaras
instagram
instagram.com/anandsreekumaras
stackoverflow
stackoverflow.com/users/5317663/anand-a-s
what i do
=========
cybersecurity engineer
@
ey global delivery services
independent bug bounty hunter
write-ups
=========
cloudflare workers and d1 as a stealthy c2 framework for data exfiltration
march 2025 | cloudflare · c2 · evasion
dependency confusion on microsoft teams infrastructure
may 2024 | dependency confusion · supply chain · msrc
remote code execution via dependency confusion
march 2024 | rce · supply chain · h1
abusing graphql idor to delete another user's profile picture
july 2022 | graphql · idor
blind ssrf via dns rebinding
april 2022 | ssrf · dns rebinding
talks
=====
ghost math: syscall-only injection, deterministic shellcode & quic c2 — a modern edr bypass monograph
avar 2025 (28th edition) · december 2025
ghost math: syscall-only injection, deterministic shellcode & quic c2 — a full kill-chain that slipped past crowdstrike falcon
hacktivity 2025 · budapest · october 2025
def con trivandrum chapter meetup talk
dc0471 meetup 0x02 · september 2018 ·
photos
projects
--------
endropy [2026]
forensics for ethereum addresses — sanctions, deployer history & exploit-similarity checks
endropy.xyz
terminalcat [2026]
self-hosted web terminal backed by tmux — closing the browser doesn't kill your processes
terminalcat.anandsreekumar.com
tools
-----
knockknock [2019]
bash script for ip/host filtering via http status codes
github.com/anandsreekumaras/knockknock
chromeshot [2019]
headless chrome tool for visual recon
github.com/anandsreekumaras/chromeshot
miscellaneous
-------------
first prize,
c0c0n 2024
ctf —
news coverage
contact
-------
[email protected]