Pavan Kumar Chinta (mr-white-hat) — Security Researcher & Bug Bounty Hunter

// 01 whoami

I'm a security researcher and penetration tester pursuing my M.Eng in Cybersecurity at the University of Maryland. I cut my teeth doing enterprise pentests at Amadeus Software Labs, and I spend my free cycles hunting high-impact bugs in real-world targets — web, API, cloud, and Android.

My work lives at the intersection of offensive security and automation: I build Python pipelines, autonomous recon/triage workflows, and PoCs that turn messy findings into clean, reproducible reports. Responsible disclosure, non-destructive testing, attacker mindset.

$ cat ~/.current_focus

Active MSRC security research & coordinated disclosure with Microsoft
Android & OAuth attack-surface research on high-profile apps
Building autonomous bug-bounty pipelines (recon → triage → report)
Grinding toward OSCP

// 02 experience

Security Engineer — Penetration Tester

Amadeus Software Labs · BengaluruFeb 2023 — Apr 2024

Ran 25+ penetration tests across enterprise web, network, and cloud assets; prioritized high-severity findings and led technical debriefs with engineering teams.
Engineered a Python pipeline integrating Qualys scans with Jira — dedup + real-time ticketing — cutting manual triage by 15+ hrs/week.
Detected 3 privilege-escalation vectors in Telefónica SME endpoint/email/web-control agents; drove full patch deployment within two weeks.

Burp Suite · Qualys · Jenkins · OpenShift · Kubernetes · SAP · Linux

Cyber Security Intern — Red Teamer

CyberSapiens United LLPJan 2022 — Jun 2022

Focused on red teaming and vulnerability research — recon, exploitation, reporting, and responsible disclosure across multiple targets.
Identified dozens of issues spanning VAPT and web application security.

VAPT · Ethical Hacking · Recon · Reporting

Board Member — Satoshi Division (Cybersecurity & Blockchain)

Next Tech Lab · SRM APNov 2020 — Jun 2023

Hosted 12+ Red-Team CTFs & hackathons, training 150+ students in exploitation and vulnerability analysis.
Coordinated fixes for 6 critical flaws in university systems, hardening campus security.

CTFs · Mentorship · Vulnerability Analysis

// 03 loot & recognition

0high-impact vulns reported

$0earned in bounties

0students trained in offense

0published research chapter

$ ls /hall-of-fame

Microsoft
GitHub
Mercedes-Benz
BigBasket
Groww
Hashnode
NCIIPC (India)

⌗ $ curl -s hackerone.com/mr-white-hat Active researcher on HackerOne — view my public profile & reputation →

🛡️ Microsoft (MSRC)

First-ever bounty — $1,200 for a chained business-logic flaw, plus rate-limiting & security-misconfig reports. Hall of Fame recognition; a 2026 information-disclosure report earned 30 Researcher Recognition points.

🐙 GitHub

Reported 3 vulnerabilities — Broken Authentication, Reflected XSS, and HTML Injection. Acknowledged + sent the full swag haul.

🎯 Yogosha Strike Force

Member of an invite-only private community of trusted ethical hackers working real-world security challenges for top-tier organizations.

🏎️ Mercedes-Benz · BigBasket · Groww

Hall-of-Fame acknowledgements for responsibly disclosed web & mobile vulnerabilities across major consumer platforms.

// 04 arsenal

// offensive

Burp Suite
Metasploit
Nmap
OWASP ZAP
nuclei
naabu
sqlmap
proxychains
Wireshark

// cloud & devsecops

AWS (IAM·S3·EC2)
GuardDuty
CloudTrail
KMS
Azure
Docker
Kubernetes
GitHub Actions

// languages

Python
C
JavaScript
Node.js
PHP
SQL
Bash

// web · api · mobile

REST APIs
FastAPI
Android Security
ContentProvider
OAuth / DCR
Flutter

// forensics & binary

GDB · pwndbg
Autopsy
Splunk
John the Ripper
Hashcat
ASLR / stack analysis

// methodology

OWASP Top 10
MITRE ATT&CK
Threat Modeling
CVSS 3.1
NIST 800-53
ISO 27001

// 05 research & projects

$ ./recon --recent

active research

MSRC Security Research

Ongoing private vulnerability research and coordinated disclosure with the Microsoft Security Response Center (MSRC) across Microsoft's web & cloud surface. Specifics held under responsible disclosure.

active research

Mobile & OAuth Attack Surface

Hunting exported components, insecure ContentProviders, and OAuth / dynamic-client-registration abuse across high-profile Android apps. Live findings held under coordinated disclosure.

tooling

Autonomous Bug-Bounty Workflow

An agentic pipeline (Claude + ChatGPT) that orchestrates recon, structured testing, triage, and report generation — built around responsible, non-destructive disclosure.

open source · go

netra-browser

A single-binary Go MCP bridge connecting AI agents to a real, logged-in Chrome — 40 tools for navigation, capture & automation. The browser layer behind my autonomous research workflow.

→ github.com/mr-white-hat/netra-browser

$ ls /projects

Sept 2025

Cloud Security Automation & Threat Detection

Found 35+ misconfigurations across AWS IAM/S3; built Lambda auto-remediation for least-privilege, cut config drift 40%. Wired CloudTrail + GuardDuty + custom Lambda to cut response latency, improving CSPM metrics 60%. Mapped to NIST 800-53 & ISO 27001.

May 2025

Multi-Layered Network Pentest & PrivEsc

Red-team simulation in a 3-tier hybrid (Linux/Windows) lab with Nmap, sqlmap, Metasploit. Surfaced 8 detection blind spots, ran 5 exploit chains for lateral movement, mapped to MITRE ATT&CK + CVSS — cutting MTTD/MTTR 25%.

May 2022

OWASP Top-10 Web App VAPT

10+ assessments aligned to OWASP Top 10 (2021) — injection, XSS, auth bypass — with validated PoCs, CVSS 3.1 scoring & CWE mapping, driving a 60% reduction in recurring vulns.

CRC Press · Taylor & Francis

📖 Published Research Chapter

“Optimal Deployment of Multiple IoT Applications on Fog Computing” — a PSO-based IoT resource-allocation algorithm that improved simulated network lifespan by 15%.

// 06 creds & education

// education

M.Eng, Cybersecurity Engineering

University of Maryland, College Park

Jan 2025 — Dec 2026 (expected)

Pen Testing · Hacking C & Unix Binaries · Cloud Security · Digital Forensics & IR · Secure OS

B.Tech, CSE — Cybersecurity Spec.

SRM University, Andhra Pradesh · India

Satoshi Lab · Next Tech Lab

// certifications

eJPT Junior Penetration Tester — INE
OSCP Offensive Security — in progress
HTB Dante Pro Lab — Hack The Box
GTSF Google Technical Support Fundamentals

// also

⚑ Edu-MS — 1st place, Edu-Tech Hackathon (50+ teams)

// 07 contact

— bash — establish_connection.sh —

./mail ./hackerone ./linkedin ./github ./resume.pdf