Skip to content
View sachinpatilpsp's full-sized avatar
🏠
Working from home
🏠
Working from home

Block or report sachinpatilpsp

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sachinpatilpsp/README.md

Sachin Patil Portrait

Typing SVG
Whoami

Sachin Patil β€” AI-Driven Vulnerability Security Researcher

TCS Experience Location Microsoft CVE HackerOne Open Source


Public CVEs

CVE ID Severity Summary
CVE-2026-7461 πŸ”΄ HIGH Amazon ECS Agent β€” Remote Command Injection in container orchestration
CVE-2026-40931 πŸ”΄ HIGH Path Traversal + Symlink Poisoning β€” Filesystem escape via junction abuse
CVE-2026-42043 πŸ”΄ HIGH Axios SSRF β€” Server-Side Request Forgery in axios HTTP client

MSRC

πŸ›‘οΈ Microsoft Security Response Center β€” Hall of Fame

MSRC April 2026 MSRC May 2026

πŸ”¬ Vulnerability Research & Disclosures

🟒 Active MSRC Disclosures (Microsoft)

  • Azure Pipelines Agent β€” Arbitrary File Write to RCE Chain

    • Status: Important Severity.
    • Vector: Arbitrary file write vulnerability enabling a Remote Code Execution (RCE) chain.
  • Microsoft Edge β€” Elevation of Privilege (EoP) & Arbitrary File Deletion to SYSTEM

    • Status: Critical Severity.
    • Vector: Leading to Elevation of Privilege (EoP) and arbitrary file deletion via a confused deputy attack.
  • Hall of Fame: https://msrc.microsoft.com/update-guide/acknowledgement/online


Achievements

πŸ† Award Platform Year
πŸ›‘οΈ 2x Hall of Fame (consecutive months) Microsoft MSRC Apr–May 2026
πŸ› 300+ Bug Reports Triaged & Resolved HackerOne 2022–2024
πŸ”΄ 3x Public CVEs β€” AWS, NPM,Microsoft MITRE / NVD 2026
⭐ 2x Security Advisory Credits GitHub Security 2025–26

Publications

Research writeups, CVE analyses & methodology breakdowns β€” Published on Medium & InfoSec Write-ups

πŸ”΄ CVE Technical Write-ups

πŸ“„ Bypassing a Security Patch (CVE-2026-24884)

πŸ“„ How We Bypassed an Axios Patch (CVE-2026-42043)

πŸ“„ Zero-Day to SYSTEM (RCE): Escaping AWS ECS Containers via OS Command Injection CVE-2026–7461

πŸ“„ Beyond the Digits: The Emotional Rollercoaster of My First CVE

🧠 AI & Offensive Security Research

πŸ“„ Hacking the Brain of AI: Prompt Injection Methodologies in LLMs

πŸ“„ Prompt Playbooks: AI Crime-as-a-Service is Booming on the Dark Web

πŸ“„ AI Hallucinations Explained β€” Why They Happen & Can We Reach 0%?

πŸ“„ The AI Governance Gap: Why 77% of Companies Use AI but Only 37% Have a Policy

🌐 Threat Intelligence & Industry Analysis

πŸ“„ Nation-State Hackers & Geopolitics: Why 64% of Orgs Fear Espionage

πŸ“„ The 2027 Prediction: When Cyberattacks Become Fully Autonomous

πŸ“„ The CVE Program Crisis: When the Vulnerability Database Becomes Vulnerable

πŸ“„ Q-Day is Coming: How Quantum Computing Will Redefine Offensive Security

🎯 Career & Methodology

πŸ“„ Bug Bounty vs Pentesting: A Unique Hybrid Methodology for Both Worlds

πŸ“„ The 2026 Cybersecurity Certification Trap: Why Paper Credentials Are Failing

Medium InfoSec Writeups


Toolchain

🧰 Penetration Testing & Web Sec

Burp Suite Metasploit Acunetix Nmap Nikto WPScan recon-ng Wireshark

πŸ” Vulnerability Management & Triaging

Qualys Nessus Dynatrace HCL AppScan HackerOne

πŸ•΅οΈ Threat Intelligence & Recon

Shodan MITRE Rapid7 Censys

πŸ”¬ Binary Analysis & Research

Ghidra WinDbg WinAFL GhidraMCP

πŸ€– AI-Driven Security Stack

Claude AI Gemini Copilot Ollama PentestGPT Penligent AI

☁️ Cloud & Scripting

Azure AWS Python JavaScript

πŸ’» Operating Systems

Kali Linux Windows

Research Focus:

Research Domain Proficiency Core Focus Areas
Open-Source Research 100% Node.js Libraries, Microsoft & Google OSS, Internet-to-Code
Windows Internals 92% Symlink Poisoning, Directory Junctions, Patch Diffing
Web App Security 88% Logic Flaws, SSRF, LLM Prompt Injection
Cloud (Azure/AWS) 85% ECS Agent Exploits, Container Orchestration
Binary & Fuzzing 80% Ghidra MCP, WinAFL, Reverse Engineering

πŸ’Ό Professional Experience & Research

🏒 Tata Consultancy Services (TCS)

Security Analyst (Nov 2021 - Present)

  • Vulnerability Triage & Remediation: Managed and resolved 300+ security vulnerabilities reported via HackerOne, ensuring end-to-end remediation by collaborating with engineering teams.
  • Risk Exposure Reduction: Reduced critical risk exposure by 60% through consistent patching and strategic mitigations across web applications and infrastructure.
  • Compliance & Audits: Led infrastructure security audits (internal/external), ensuring compliance with PCI-DSS and GDPR.
  • Security Automation: Automated vulnerability scanning using Qualys and tracked remediation via JIRA, achieving a 40% closure rate for high-risk findings.
  • Stakeholder Reporting & Training: Authored detailed security reports for stakeholders and trained development teams on secure coding practices, specifically focusing on the OWASP Top 10.

πŸ› Independent Vulnerability Research & Bug Bounty

☁️ Cloud & Infrastructure Security


πŸ“¦ Open-Source & Internet-to-Code Analysis


Stats

GitHub Stats GitHub Streak


Snake

github-snake

Links

LinkedIn Twitter MSRC HackerOne Intigriti TryHackMe Medium


Responsible Disclosure Practitioner β€’ AI-Driven Researcher β€’ Open to Collaboration


"Security is not a product, but a process." β€” Bruce Schneier


Popular repositories Loading

  1. online-exam-portal online-exam-portal Public

    CSS 1

  2. TestRepo TestRepo Public

  3. sachinpatilpsp sachinpatilpsp Public