online

DARIVXE

<security researcher>
$ cat focus.txt
  • Offensive Security Research
  • OSINT
  • Web Exploitation
  • Deep Web Rabbithole Dweller
01 · ABOUT

breaking systems
to understand them.

// identity
handledarivxe
rolesecurity researcher
based_inIndia
plays CTF for/as fryingpan.bat, mouseepad and icecube
lovesmusic, films, video games & the beach

I'm a cybersecurity researcher driven by curiosity about how systems work and how they fail.

Started off as a kid with unrestricted internet access, falling deep into online rabbitholes and spending hours reading blogs about how vast and chaotic the internet really is.

When I'm not testing systems or chasing bugs, I research current breaches, analyze threat activity, and investigate the commercial spyware ecosystem.

03
projects
02
certs
02
writeups
curiosity
02 · SKILLS

the toolkit.

// a working list of what i reach for when dissecting protocols and tearing through assumptions.

01 / 5 [●]
Reconnaissance & OSINT
  • Infrastructure discovery
  • Exposure analysis
  • Subdomain enumeration
  • Intelligence validation
  • Attacker behaviour profiling
  • Deep web monitoring
02 / 5 [●]
Offensive Security
  • Misconfiguration discovery
  • Credential exposure analysis
  • Web exploitation
  • Attack surface analysis
03 / 5 [●]
Network & App Analysis
  • DNS enumeration
  • Traffic analysis
  • Identifying exposed services
  • Insecure communication patterns
04 / 5 [●]
Threat Intel & Detection
  • Intelligence lifecycle
  • MITRE ATT&CK mapping
  • Indicator correlation
  • Threat actor profiling
05 / 5 [●]
Research & Reporting
  • Vulnerability documentation
  • Structured intelligence reports
  • Hypothesis-driven analysis
  • Technical write-ups
[●] WEB
curl Proxyman
[●] OSINT
dnsdumpster Google Dorking Shodan
[●] REVERSE ENGINEERING
Radare2
[●] OFF-SEC
Nmap Subfinder Nuclei VirusTotal Metasploit Bash Python
[●] NETWORK & DEFENSE
Wireshark Bettercap mitmproxy
03 · WINS

the receipts.

// a short list of moments where the system blinked first.

02ND / KOTH
01
Placed 2nd at ReCon 2026 KOTH
@ VIT-AP University
Exploited multiple vulnerabilities (including exposed .git repositories) to gain privileged access and maintain persistence in a live attack-defense competition against rival teams.
King of the Hill Live Attack/Defense Web
DISCLOSED
02
Vulnerability Disclosure — Grammarly via HackerOne
@ HackerOne · Responsible Disclosure
Identified and reported a WebSocket authentication flaw enabling session hijacking and unauthorized access to authenticated sessions. Published a technical write-up.
Bug Bounty WebSocket Auth
TOP 2%
03
Top 2% on TryHackMe
@ Global ranking — offensive & defensive labs
Ranked globally across red-team and blue-team tracks. A perfectly normal hobby with completely reasonable hours.
CTF Red Team Blue Team
60+ PAGES
04
Spyware Market Research — OSINT Investigation
@ Independent / Develliance
Produced an analytical report mapping the global commercial spyware ecosystem — vendor operations, real-world misuse cases and the legal fallout that followed.
Threat Intelligence OSINT Policy
3.5 · LOG

experience
+ certs.

// a record of where i've operated and what i've earned along the way.

$ tail -f experience.log

Vocational OSINT Researcher

Jul 2025 — Dec 2025
@ Deveillance | [Remote]
  • Conducted open-source intelligence investigations — spyware market analysis & corporate technology footprint mapping.
  • Produced professional intelligence reports with hypothesis testing and threat-actor contextualization.
  • Utilized archival searches, CSEs, metadata extractors, dark web indexing and geolocation services.

ReCon 2026 — KOTH Runner Up

Apr 2026
@ VIT - AP University | [On-site]
  • Secured 2nd place in the King of the Hill cybersecurity competition among top offensive security participants.
  • Received ₹3L+ worth sponsor rewards including certifications, premium tooling access, domains and industry perks.
  • Individually shortlisted by HackersDaddy for a 1-month internship opportunity and awarded a JAPT certification voucher.
$ ls -la ./certs
VERIFIED
MOIS — Certified OSINT Expert
My OSINT Training · 2025
RECOGNIZED
ReCon 2026 — KOTH Finalist
ReCon · Attack / Defense · 2026
04 · PROJECTS

field reports.

2 records / sorted: recent
01
Threat Intelligence 2025

Commercial Spyware Ecosystem Analysis

A comprehensive intelligence-led study of the global commercial spyware market, examining vendor operations, documented misuse cases, and resulting legal and regulatory responses.

Threat Intelligence OSINT Policy Impact
read report
02
Technology Footprint 2025

Technology Footprint Analysis: Cloudflare

An investigation into Cloudflare's publicly observable infrastructure, technology stack, partnerships, and security posture — based entirely on open-source intelligence.

OSINT Infra Intelligence Cloud Security
read report
03
Investigative OSINT 2025

Discovering Potential Whistleblowers

An OSINT-driven investigation into behavioral indicators, anonymity patterns, and online activities linked to potential whistleblowers across social media, Reddit, Tor forums, and public records.

OSINT Whistleblowers Behavioral Patterns
read report
more reports incoming_
05 · WRITEUPS

ctf logs.

Walkthroughs of challenges I've solved — categorized by event, difficulty and the techniques that cracked them.

01
JEOPARDY
Bearcat CTF
21 Feb 2026 10 min 02
Hiring CTF
CloudSEK CTF 2 May 2026 15 min
06 · BLOG

research & notes.

// unfiltered thinking, bug bounty findings, and the occasional existential note. mostly published on medium.

01 · Bug Bounty📘

How I Broke a Realtime Editor's WebSocket Authentication

Nov 21, 2025 · 3 min read
02 · Learning📘

The Less I Know The Better

Jan 30, 2026 · 2 min read
07 · CONTACT

let's talk:]

Want to collaborate, discuss cybersecurity, or just say hi? My inbox is open — reach out via email or the channels below.