smit asher

I’m an Offensive Security Practitioner currently working as a Red Team Intern → Team Lead Intern with DeepCytes Cyber Labs (UK, Remote). I focus on vulnerability assessment and penetration testing (VAPT) across web applications, REST APIs, and network services using structured methodologies aligned with industry standards.

In my engagements, I run reconnaissance and attack surface mapping with tools like Nmap, WhatWeb, and WapW00f to identify exposed services and entry points before active testing. I then validate issues such as IDOR, XSS, SQL Injection, Broken Access Control, and security misconfigurations, correlating findings against OWASP Top 10.

I also carry out controlled exploitation using Metasploit, sqlmap, commix, and custom Python scripts to demonstrate exploitability and real-world business impact. Beyond web testing, I assess REST API endpoints and cloud-hosted platforms for IAM misconfigurations, over-permissive access policies, excessive data exposure, and missing authentication controls.

I’m careful about evidence quality and impact: I write vulnerability reports with CVSS v3.1 risk ratings, impact explanations, and remediation guidance. I use MitmProxy and Wireshark for traffic interception, deep packet inspection, and protocol-level analysis, and I support triage with VirusTotal IoC severity plus credential testing using Hydra and John the Ripper—while leading peer reviews and client walkthroughs as Team Lead Intern.