TheHumanElement
YourSecurityisMissing
I'm Aayush Shrestha (aka Paincakes), a Penetration Tester with expertise in Web/Mobile Applications, API, Network, and Cloud Infrastructure. I specialize in uncovering critical vulnerabilities and providing practical guidance to help organizations strengthen their security posture.
#0*
National
HTB Rank
0+
Years Exp
0+
ORGANIZATIONS
About Me
As a penetration tester, I specialize in identifying security vulnerabilitiesacross a wide range of digital environments, includingWeb/Mobile Applications, APIs, and both Network and Cloud Infrastructure.My goal is to uncover weaknesses and provide clear, actionable guidanceto help organizations fortify their defenses.
I stay current with the latest security trends and collaborate closelywith development and operations teams to integrate security seamlesslyinto their workflows. Currently, I work as aSecurity Testing Engineer at F1Soft International Pvt. Ltd.
By combining technical expertise with a collaborative approach,I help develop strong, secure systems that protect key assetsand align with business priorities.
Achievement
Reached #1 Rank on Hack The Box National Leaderboard.
Certifications
eCPPTv2, ISO 27001 Lead Auditor, AWS Cloud Security Foundations.
Expertise
Web/Mobile Application, APIs, Network and Cloud Infrastructure and CI/CD Pipelines.
Approach
Clear, practical recommendations that help organizations and clients strengthen defenses.
Capability Matrix
Select a domain to decrypt detailed operational intel, tooling, and field achievements.
Web Application & API Penetration Testing
Tooling
Key Achievements
- Uncovered critical Remote Code Execution (RCE) vulnerabilities in production banking infrastructure.
- Conducted rigorous API penetration testing for major fintech products.
- Performed reverse engineering on Android/iOS applications.
Verified Credentials
Professional Journey
A timeline of tactical operations and technical conquests.
Security Testing Engineer
- Conducted Vulnerability Assessment & Penetration Testing across Web, Mobile, and API Platforms in accordance with industry-standard guidelines.
- Executed both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities throughout the software development lifecycle.
- Integrated automated security checks within CI/CD pipelines, fostering Security-as-Code practices to enhance DevSecOps workflows.
- Delivered internal training sessions and security awareness programs to empower teams with best practices and threat mitigation strategies.
- Continuously performed security research to stay updated on Emerging Threats, Vulnerabilities, and Technologies.
Offensive Security Analyst
- Performed Vulnerability Assessments (VA) and Penetration Testing (PT) across Network Infrastructure, Web Applications, and AWS Cloud infrastructures, identifying vulnerabilities, misconfigurations, and weaknesses.
- Generated comprehensive reports outlining findings, exploitation steps, and remediation recommendations ensuring clear understanding and prioritization of security measures.
- Contributed to security research efforts by staying updated on the latest trends, and developed custom tools and scripts to enhance offensive security capabilities, improving efficiency and effectiveness of assessments.
- Collaborated with teams to implement recommended security measures and provide ongoing support, ensuring the strengthening of overall security posture.
Let's Secure Your Infrastructure
Open to penetration testing, freelance projects, and collaborative research.