profile

Kundan Dhupkar

About Me

I'm Kundan Dhupkar, a Cyber Security Student

Hi! My name is Kundan Dhupkar. I am a cybersecurity student with hands-on experience in web security, penetration testing, and SOC fundamentals through platforms like TryHackMe, PentesterLab, and PortSwigger's Web Security Academy. I also run a blog simplifying complex security topics, with a focus on Web Application Security, Linux, and Cryptography. Actively seeking entry-level roles to apply and grow my skills in real-world environments.

Birthday : 22 May 2004

Age : 21

Website : kundandhupkar.github.io

Email : dhupkarkundan@gmail.com

Degree : B.Sc Cyber & Digital Science

Phone : +91 93xx xxx xxx

City : Pune

Freelance : Available

Download Cv Hire me

Education

2022 - 2025

B.Sc Cyber & Digital Science

Savitribai Phule Pune University(SPPU)

2020 - 2022

HSC, Computer Science

Fergusson College

Hands-On Training

2022 - Present

Web Security Academy - PortSwigger Labs

Completed 80+ labs on PortSwigger's Web Security Academy, gaining in-depth experience with web vulnerabilities like XSS, SQL Injection, and more.

2020 - Present

TryHackMe - CTFs

Solved over 220+ rooms on TryHackMe, focusing on real-world cybersecurity challenges and practical skills.

Skills

Log Analysis

Experienced in analyzing Windows, Linux, and network logs to detect suspicious activities.

SIEM Monitoring

Skilled in using SIEM tools like Splunk and Microsoft Sentinel to monitor and investigate alerts.

Incident Response

Familiar with handling alerts and documenting incidents following standard response procedures.

Alert Monitoring

Actively monitored real-time alerts and escalated potential security incidents as per playbooks.

Threat Intelligence

Used threat feeds and IOC sources to enrich incident context and improve detection capabilities.

Malware Indicators

Basic understanding of malware behavior and how to detect IOC patterns in logs and alerts.

MITRE ATT&CK Mapping

Mapped detected threats and alerts to MITRE ATT&CK TTPs for better analysis and reporting.

Security Reporting

Prepared incident summaries and shift-wise reports with clear findings and recommendations.

Firewall & IDS Monitoring

Reviewed firewall, IDS/IPS logs to identify scans, brute-force attempts, and suspicious access.

Vulnerability Management

Worked with tools and reports to track known vulnerabilities and support patch management.

Network Traffic Analysis

Used tools like Wireshark and packet captures to identify anomalies in traffic flow and behavior.

Email Security Review

Analyzed phishing emails and headers to extract indicators and determine compromise level.

Endpoint Monitoring

Reviewed endpoint alerts from EDR tools to detect malware, persistence, and unauthorized access.

Ticket Handling

Worked with ticketing systems like ServiceNow to document, update, and close incident tickets.

Case Documentation

Maintained detailed incident notes and evidence for each case handled during shift operations.

Threat Hunting (Basic)

Performed basic hypothesis-driven hunting based on abnormal user or system behaviors.

SIEM Query Writing

Comfortable writing SPL and KQL queries to filter logs and extract meaningful data.

Windows Log Analysis

Reviewed Security, System, and Application event logs for signs of compromise or abuse.

Linux Log Monitoring

Analyzed auth.log, syslog, and audit logs to detect failed login attempts and unusual activity.

Shift-Based Operations

Adapted to 24x7 SOC environments with alert triage, handovers, and effective time management.

Penetration Testing

Hands-on experience with tools like Burp Suite, OWASP ZAP, and various Kali Linux tools for identifying and exploiting vulnerabilities.

Web Application Security

Practical experience in web application security testing and exploiting vulnerabilities (XSS, SQLi, etc.) from 50+ labs on PortSwigger.

Network Scanning & Reconnaissance

Skilled in using tools like Masscan, Naabu, and Nmap for network scanning and reconnaissance.

OWASP Top 10

Familiar with the top web application security risks as outlined by OWASP, including understanding and mitigating common vulnerabilities like SQL Injection, Cross-Site Scripting, and Security Misconfiguration.

Computer Networking

Solid foundation in networking concepts, including TCP/IP, DNS, and protocols essential for network communication, along with experience in diagnosing and securing network architectures.

Python

Proficient in Python for scripting, automation, with experience in using Python libraries for cybersecurity tasks, such as network scanning and web testing.

Bash

Skilled in Bash scripting for automating repetitive tasks, managing files, and conducting system-level operations essential for cybersecurity workflows on Unix-based systems.

Network Security

Hands-on experience in implementing security measures like firewalls, intrusion detection systems, and VPNs to protect networks against unauthorized access and threats.

Cryptography

Understanding of cryptographic principles, including encryption, hashing, and digital certificates, with practical experience in securing data through cryptographic techniques.

Cloud Security

Knowledgeable in securing cloud environments, including familiarity with AWS and Azure security practices, identity management, and configuring cloud security settings to prevent unauthorized access.

OSINT (Open-Source Intelligence)

Proficient in OSINT techniques to gather publicly available information from various online sources, aiding in reconnaissance and threat assessment in cybersecurity research.

Cyber Threat Intelligence

Skilled in gathering and analyzing threat intelligence to identify indicators of compromise and potential attack patterns, helping to strengthen proactive defense strategies.

Secure Coding Practices

Knowledge of secure coding standards for Python, JavaScript, and PHP, with a focus on OWASP Top 10 vulnerabilities.

Cybersecurity Tools

Experience with tools like Burp Suite, OWASP ZAP, Nuclei, FFuF, GoBuster, Amass, and Subfinder for reconnaissance, enumeration, and vulnerability scanning.

Linux System Administration

Competent in system administration tasks, troubleshooting, and configuration of Linux environments (Ubuntu, Kali).

Problem-Solving

Strong analytical skills in identifying security vulnerabilities and solving complex technical challenges.

Attention to Detail

Proven ability to find and report even subtle issues in web applications and networks.

Communication

Clear and effective communicator when documenting vulnerabilities and writing reports for secure coding and bug hunting.

Certificates & Achievements

Certificates

October 2024

Crash Course on Python

Google

October 2024

Certified Network Security Practitioner (CNSP)

The SecOps Group

September 2024

Certified AppSec Practitioner (CAP)

The SecOps Group

May 2024

Google CyberSecurity Specialization

Google

January 2024

Digital Forensics Essentials (DFE)

EC-Council

December 2023

Ethical Hacking Essentials (EHE)

EC-Council

December 2023

Network Defense Essentials (NDE)

EC-Council

December 2021

Defronix Certified Junior Security Practitioner

Defronix Cyber Security

Achievements

December 2024

Listed in NASA's Hall of Fame

Received Hall of Fame for identifying vulnerabilities in NASA's systems and responsibly reporting them.

August 2021

Security Research Hall of Fame - Process Street

Received recognition in the Bug Bounty Hall of Fame. Acknowledged by Process Street for responsibly disclosing vulnerabilities and working with the team to remediate them.

Projects

TraceFox - Domain OSINT Tool

TraceFox is a Linux-based OSINT (Open Source Intelligence) tool designed for gathering and organizing domain and organization-related information. It focuses on simplicity, speed, and effectiveness, making reconnaissance more efficient. The tool is scalable, with future plans for additional features.

Secure Coding 101

Developed a comprehensive guide on secure coding practices covering Python, JavaScript, and PHP.