Open to internships — Offensive Security & Penetration Testing

Abhradeep
Maitra

Cybersecurity Lead · Penetration Tester · Tool Builder

Your attack surface has gaps. I find them before threat actors do.

I don't just learn security — I build tools that automate it, design CTFs that simulate real attack chains, and run workshops that turn passive users into security-aware professionals. If your team needs someone who thinks like an attacker and communicates like a collaborator, that's the gap I fill.

See My Work ↓ GitHub ↗ LinkedIn ↗ Email ↗
500+ Participants trained via CTF & workshops
₹2L+ Sponsorship secured cold B2B outreach
5+ Security tools shipped open source, production
50+ GitHub stars on Crecon alone

// capabilities

Skills & Tools

What I bring to your security team — tools I operate, techniques I apply, systems I've worked in.

Security Tools

NmapBurp SuiteWireshark HydraJohn the RipperSQLMap Aircrack-ngNucleiMetasploit

Script Literacy

PythonBashC (DSA)

I read and adapt scripts — I know what every module does, what a function is trying to achieve, and how to modify it. Security is the skill. Code is the tool.

Domains

Web App SecurityPenetration Testing Network DefensePort Scanning Vulnerability AssessmentOSINT Incident Response

Operating Systems & Platforms

Kali LinuxParrot OSWindows Active Directory

HackTheBox Academy — Badges Earned

Click a category to expand & scroll through badges.

// work

Experience

What I've delivered — not just what I've learned.

Cybersecurity Lead

IgniteX Club, RCCIIT

Oct 2025 – Oct 2026
  • Directing cybersecurity strategy for a 100+ member club — turning passive learners into hands-on practitioners through structured programs and real attack simulations
  • Designed and delivered technical events that created measurable security awareness across the campus, reaching 500+ students in under 6 months
  • Mentoring juniors on offensive techniques, tool development, and CTF methodology — building a pipeline of security-ready talent

Cybersecurity Day Organizer ★ HoD Award

IgniteX Club, RCCIIT

Mar 2026
  • Organised a 100+ attendee security event with zero slides — opened terminals instead. Live password cracking demos with Hydra and John the Ripper changed how the room thought about security
  • Earned Certificate of Appreciation from the HoD, Department of IT, RCCIIT — recognition for measurable impact on campus security culture

CTF Organizer — Stranger's CTF ₹2L+ Secured

RCCIIT — Techtrix '26

2026
  • Cold-pitched infosec companies (Altered Security, APIsec University, .XYZ Domains) with a professional B2B deck — secured ₹2 Lakhs+ in sponsorship, entirely through direct outreach
  • Architected 20+ custom challenges covering SQLi, XSS, auth flaws, crypto, and OSINT — simulating real-world attack patterns across skill levels
  • Deployed and managed a custom CTFd platform on resource-constrained VMs, optimised for 500+ concurrent participants without downtime
  • Officially listed on CTFtime — putting RCCIIT on the global competitive hacking map

// flagship project

Main Project

A tool built to replace manual recon workflows — the kind of thing your pentesting team would actually use.

crecon
★ Flagship Tool v0.1.0
⚡ One command. Full recon. Nmap → CVE lookup → SSH testing → directory brute-force → web crawl → Nuclei → AI-generated attack paths with exact payloads. Zero manual chaining.

Automates the first phase of every engagement. Port 80 open → triggers directory brute-force, web crawl, Nuclei CVE validation automatically. Port 22 open → auto-tests default SSH credentials. NVD CVE lookup fires on every detected service version. All findings are piped to an AI layer that generates actual attack paths — not generic advice, but exact commands and payloads.

Supports 5 AI providers (DeepSeek-R1, Groq, Gemini, OpenAI, Anthropic) with automatic fallback. Installable as a native Kali Linux command. Built for real engagements, not demos.

PythonNmapNuclei paramikoBeautifulSoupdnspython NVD APIDeepSeek-R1subprocess ThreadPoolExecutorsocket
GitHub ↗ Writeup ↗ ↓ Full Docs
crecon auto scan running
auto mode — full chain: Nmap → CVE lookup → SSH test → dir enum → web recon → Nuclei
crecon banner
crecon --help — banner + subcommands
dir enum results
dir enum + recon — .htpasswd, .svn, Apache detected
AI analysis
AI analysis — CVE-2021-44224 (CVSS 8.2) — complete attack chain with exact commands

// case-based projects

Case-Based Projects

Focused tools built to solve specific gaps — each one deployable in a real security workflow.

SafeWall IDS / Monitor

Real-time network security monitor your SOC can actually use. Sniffs every incoming packet via Scapy, detects DDoS spikes (>40 pkt/sec), flags malware signatures (SQLi, XSS, Nimda, path traversal), and auto-blocks offending IPs with iptables — no analyst action required.

PythonScapyiptables
GitHub ↗ ↓ Docs
IPclean Forensics

Post-incident log auditor. Scans a full directory of log files, pinpoints every file containing a target IP, and optionally wipes them clean — saving hours of manual grep work during forensic cleanup and containment.

Pythonargparseos
GitHub ↗ ↓ Docs
expDB Utility

Exploit lookup, zero friction. Reads the software/version from your clipboard and opens ExploitDB pre-filled — cutting the lookup time to seconds during live engagements. Small tool, real time savings at scale.

Pythonpyperclipwebbrowser
GitHub ↗ ↓ Docs

// events & initiatives

On The Ground

Security events I organised end-to-end — logistics, sponsorship, platform, challenges, and delivery.

Cybersecurity Day 2026 Workshop
100+ attendees Mar 2026 RCCIIT

Replaced slide decks with live terminals. Walked 100+ students through real password cracking using Hydra and John the Ripper. Earned Certificate of Appreciation from HoD, Dept. of IT — for measurable impact on campus security awareness.

Stranger's CTF — Techtrix '26 CTF Event
500+ participants ₹2L+ prize pool Kolkata

Custom CTF platform, Stranger Things theme, glitchy terminal aesthetic — gutted CTFd's frontend from scratch. Secured ₹2L+ through cold B2B outreach to infosec companies. Officially listed on CTFtime.

Live Site ↗

Live platform data — CTFd admin dashboard & CTFtime results

CTFd Statistics — 567 users, 359 teams, 20 challenges
CTFd Dashboard — 567 users · 359 teams · 1902 IPs · 20 challenges · 1830 pts
Category & submission breakdown
Submission breakdown — 2011 solves · 15,602 attempts
CTFd Scoreboard
Scoreboard — top teams with max score 1580
CTFtime — Stranger's CTF Techtrix 26 scoreboard approved
CTFtime — Scoreboard approved · 201 teams total
Prize distribution campaign
Prize campaign — 21 emails sent · distributed to winners
● View on CTFtime ↗

// credentials

Certifications & Training

Verified credentials — what I've put in the work to earn.

🔒

APISec Certified Practitioner (ACP)

APIsec University · API security testing, authentication flaws, OWASP API Top 10

🆕

CRTP — Certified Red Team Professional

Altered Security · Active Directory attacks, Kerberos abuse, lateral movement ·

🛡

CEH v13 — Certified Ethical Hacker Training

Simplilearn · EC-Council · Training completed · Exam target: Oct 2026

🏆

Certificate of Appreciation — Cybersecurity Day 2026

RCCIIT · Signed by HoD, Dept. of IT & Faculty Advisor, IgniteX Club

🐍

Automate the Boring Stuff with Python

Udemy · Al Sweigart · March 2026 · 9.5 hours

HackTheBox — Junior Cybersecurity Analyst Path

Completed · Web exploitation, network enumeration, privilege escalation in simulated enterprise environments

🎓

B.Tech — Computer Science & Engineering

RCCIIT University · 2023 – 2027 · Data Structures, Networking, Cybersecurity

// reach out

Let's Work Together

Looking for an offensive security intern who ships tools, runs events, and thinks like an attacker? Let's talk.

Email

[email protected]
in

LinkedIn

abhradeep-maitra
</>

GitHub

github.com/Abhracodec
M

Medium

@abhramaitra32