A AD://SECURITY
AVAILABLE FOR OPPORTUNITIES

ARPIT DHAMELIYA

[ Penetration Tester ]

Breaking systems. Building defenses.

Penetration tester and security analyst. I find what attackers find first, and write the playbook that stops them.

VIEW PROJECTS GITHUB CONTACT
+ YRS Experience
+ Endpoints Monitored
+ Assets Pentested
× Industry Certs
arpit@redteam:~/ops
$ whoami --profile # resolving operator identity ...
operator
arpit_dhameliya
callsign
arpitsec
location
new_york.us
cert_path
OSCP+SEC+NET+eJPT
focus
red_team · vapt · detection_eng
education
MS Cybersecurity @ Pace
$ ./engagement_status.sh [OK] recon_pipeline .... ONLINE [OK] c2_infrastructure .. READY [..] research_lab ...... ACTIVE [OK] detection_rules .... DEPLOYED # last sync: 12 min ago   $ echo "Ready for ops. Ping me."
// 01 / WHO I AM

A defender raised by attackers.

Two years in enterprise SOC. Two graduate years of research and detection engineering.

Penetration tester and security analyst. Two years across enterprise SOC and VAPT, now researching offensive tooling and detection content.

  • 3 banksVAPT across web, API, and Active Directory at Cyber Octet.
  • 500+ endpointsMulti-tenant Splunk SIEM, 50+ daily alerts, 140+ clients.
  • M.S. PaceCybersecurity · Security Operations · 3.65 GPA.
  • Active buildsBruce Smoochie ESP32-S3 pentest deck · ELK + AD detection lab.
  • RecognitionOSCP+ · NCL Top 6% · CyberSEED 2025 · SANS Holiday Hack 2025.

Penetration Tester

Web, API, AD, and network. Attack chains and the remediation playbook to close them.

Security Analyst

SOC triage, SIEM tuning, threat hunting, IR runbooks. Detections that actually fire.

Security Researcher

Hardware, embedded firmware, exploit dev, reverse engineering. Custom tooling and byte-by-byte writeups.

// 02 / PROFICIENCY TIERS

Tools I run daily.

Production-daily, engagement-ready, lab-tested. Filter or search.

Burp SuiteEXP
NmapEXP
MetasploitEXP
Splunk SIEMEXP
ELK StackEXP
NessusEXP
AcunetixEXP
WiresharkEXP
LinuxEXP
Kali LinuxEXP
PythonEXP
BashEXP
Active DirectoryEXP
MITRE ATT&CKEXP
OWASP Top 10EXP
NIST CSFEXP
ISO 27001/2EXP
Git / GitHubEXP
Threat HuntingEXP
IOC AnalysisEXP
Packet AnalysisEXP
Incident ResponseEXP
VMwareEXP
PowerShellPRO
C / C++PRO
BloodHoundPRO
ImpacketPRO
NetExecPRO
CertipyPRO
YARA RulesPRO
GrafanaPRO
AWS Security HubPRO
DockerPRO
Cisco Routers/SwitchesPRO
FirewallsPRO
IDS / IPSPRO
HoneypotsPRO
ESP32PRO
ArduinoPRO
CloudflaredPRO
RFID / NFC CloningPRO
WardrivingPRO
Binary ExploitationPRO
SQLmapPRO
HashcatPRO
FFUFPRO
SubfinderPRO
AmassPRO
Cobalt StrikeFAM
Sliver C2FAM
Mythic C2FAM
HavocFAM
GhidraFAM
IDA ProFAM
x64dbgFAM
VolatilityFAM
PacuFAM
ScoutSuiteFAM
ROADtoolsFAM
CC1101 Sub-GHzFAM
nRF24L01FAM
PN532 NFCFAM
Microsoft SentinelFAM
AutopsyFAM
FTK ImagerFAM
VMwareFAM
OSINT TechniquesFAM
No tools match that filter.
// 03 / CAPABILITIES

The full kill chain, end to end.

Port scan to persistence, and the detections that make it loud.

Languages & Scripting

PythonBashPowerShellC / C++SQL

Recon & OSINT

NmapAmassSubfinderFFUFRecon-ngShodan

Web & API Exploitation

Burp SuiteOWASP Top 10SQLmapJWTGraphQLSSRFIDOR

Active Directory

BloodHoundImpacketNetExecCertipyKerberoastADCS ESC1-8NTLM Relay

Cloud & Platforms

AWS Security HubDockerLinuxWindows ServerVMwarePacu

Network & Hardware

Cisco IOSFirewallsIDS / IPSHoneypotsESP32ArduinoRFID / NFC

Detection & IR

Splunk SIEMELK StackYARA RulesMITRE ATT&CKThreat HuntingNIST 800-61

Frameworks & Compliance

NIST CSFNIST 800-61ISO 27001/2OWASP Top 10CIS ControlsCVSS Scoring
// 04 / WORK HISTORY

Professional experience.

Two roles, one mission: keep adversaries on the back foot.

VAPT & SOC OPERATIONS
Cybersecurity Analyst @ Cyber Octet Pvt. Ltd. 📅 Jan 2023 to Nov 2023 📍 Ahmedabad, India
  • 3 banksVAPT across web, API, and Active Directory. Critical OWASP Top 10 findings, financial-compliance ready.
  • 500+ endpointsMulti-tenant Splunk SIEM, 50+ daily alerts, 8+ log sources, 140+ enterprise clients.
  • 15+ vulnsCritical remediation across client production, unauthorized-access risk −20%.
  • 200+ assetsScanned with Nessus, Burp, Acunetix, Nmap, exploitable attack surface −25%.
Splunk SIEMVAPTOWASP Top 10NessusBurp SuiteActive DirectoryBanking
Cybersecurity Intern @ Cyber Octet Pvt. Ltd. 📅 Oct 2022 to Dec 2022 📍 India
  • 20+ searchesSplunk correlation rules, false positives −30%, escalation time 4h → <1h.
  • 3w → 8dAverage remediation time, via cross-team collaboration across 3 engineering teams.
Splunk CorrelationSOC TuningVuln MgmtCross-team
// 05 / BUILDS & RESEARCH

Projects & research.

Hardware, tooling, and writeups shipped for the field.

ACTIVE RESEARCH / FEATURED PROJECT
IN DEVELOPMENT / JUL 2024 → DEC 2025

Bruce Smoochie · Standalone Wireless Pentest Deck

Portable, battery-powered multi-radio auditing platform on ESP32-S3. Sub-GHz, 2.4 GHz, NFC, and IR in one handheld. Red team field ops, no laptop required. 3+ hours runtime.

Sub-GHz (CC1101)DONE
2.4 GHz (nRF24L01)DONE
NFC (PN532)DONE
GPS WardrivingIN PROGRESS
UI / OLEDIN PROGRESS
ESP32-S3C++EmbeddedCC1101nRF24L01PN532LittleFS
View on GitHub → Request demo →
ACTIVE / AUG 2024 → PRESENT

Enterprise Security Monitoring & IR Lab

Corporate homelab, AD, 5+ VMs, GPOs, Kerberos, segmented networks. Ransomware & APT chains end-to-end.

5+VMs
12Detection Rules
90%Catch Rate
8IR Scenarios
−40%Containment
ELK StackActive DirectoryPythonMITRE ATT&CK
SHIPPED

Threat Correlation Engine

Modular CLI SIEM correlation engine in Python, custom log parsing, brute-force / credential / spray detection, cached IP enrichment.

810Python LOC
5Detections
5Severity Tiers
~42KEvents/sec
1Dependency
PythonSIEMLog AnalysisDetection Engineering
View on GitHub →
SHIPPED / MAY 2024 → APR 2025

PhishArk · Automated Phishing Framework

Python framework, phishing templates + multi-tunnel Cloudflared for deniable red team infra.

70+Templates
<60sStand-up
+50%Efficiency
MultiTunnel
PythonBashCloudflared
LIVE / V3 EDITION

OSCP+ / OSEP Advanced Cheatsheet v3

Searchable reference, 18 attack categories, 396 commands. Copy-on-click, live variable interpolation.

HTMLCSSJS
Open the cheatsheet →
LIVE TOOL

Reverse Shell Generator

78 reverse/bind/MSFVenom payloads + listeners + TTY upgrades. Set LHOST/LPORT once, copy in a click.

HTMLJSWeb
Launch the tool →
// 06 / PUBLISHED WORK

Writing & field notes.

Original posts from the lab, the engagement, and the debrief.

Active Directory

Certificates in Active Directory · Visual Guide

From keys to AD CS, CSRs, and auto-enrollment, the full chain, built up with diagrams that finally make ESC1-8 click.

15 min readOriginal
SOC & SIEM

SOC + SIEM in 2026: A Working Analyst's Mental Model

The pipeline, the queries, the metrics that survive a board review, drawn from two years of multi-tenant SOC operations.

14 min readOriginal
Active Directory

Kerberos in Active Directory · Visual Guide

Tickets, TGTs, delegation, and every Kerberos attack, built up with diagrams from authentication first principles.

18 min readOriginal
READ ALL WRITEUPS
// 07 / RECOGNITION

Achievements & certifications.

Competitions, CTFs, and credentials.

National Cyber League · Top 6%

FALL 2024 & FALL 2025

Top 6% across both seasons, individual and team brackets.

CyberSEED 2025 Competitor

UCONN / INVITATIONAL

UConn's flagship CTF, web, AppSec, forensics, reversing.

SANS Holiday Hack 2025 · Finisher

2025 EDITION

All primary objectives, OT, blockchain, AI prompt-injection, AD pivots.

OSCP Proving Grounds & CTFs

HTB · THM · PicoCTF

Hundreds of boxes across HTB, TryHackMe, PicoCTF, OffSec PG. Full OSCP+ kill chain.

EC-Council

EC-Council CCT · Beta Tester

EC-COUNCIL

Beta tester for the EC-Council CCT cert, evaluated exam materials.

Google Developer Group

Google Developer Group · Member

GDG COMMUNITY

Member, emerging tech and security collab.

CERTIFICATIONS

OSCP+
OSCP+ · Offensive Security Certified Professional OffSec · Active
CompTIA Security+
CompTIA Security+ CompTIA
CompTIA Network+
CompTIA Network+ CompTIA
eJPT
eJPT · Junior Penetration Tester INE Security
CCT
Certified Cybersecurity Technician (C|CT) EC-Council
API Security Analyst
API Security Analyst Specialization
// 08 / ACADEMICS

Education.

COMPLETED

Pace University

Seidenberg School of Computer Science
📜 M.S. Cybersecurity 🎯 Conc: Security Operations
📅 Jan 2024 to Dec 2025 📍 New York, NY 📊 GPA 3.65 / 4.0
RELEVANT COURSEWORK
Malware Analysis Network Security & Defense Web Security Cryptography Mobile Forensics IoT Security Ethical Hacking Python Automation
COMPLETED

Dharmsinh Desai University

Faculty of Engineering
📜 B.E. Electronics & Communication
📅 Jun 2019 to May 2023 📍 Nadiad, India 📊 GPA 3.4 / 4.0
SUBJECTS
Computer Networks Information & Network Security Embedded Systems Microprocessors Digital Signal Processing Cryptography Data Structures Operating Systems
// 09 / GET IN TOUCH

Let's connect.

Pentest, red team, research collabs, or a chat about a wild bug.

Open to full-time roles, internships & research collaborations
Email arpitdhameliya7@gmail.com
LinkedIn linkedin.com/in/arpit-dhameliya
GitHub github.com/arpitsec
X / Twitter @DhameliyaArpit1
TryHackMe
TryHackMe tryhackme.com/p/Arpit007
Location New York, USA · Open to remote & relocation

// SECURE CHANNEL

Drop a message. I'll route it through your default mail client.