Dibyendu Sikdar
Offensive Security Portfolio
Security research, offensive tradecraft, and practical tooling.
I am a penetration tester, security researcher, and CTF player focused on web application security, cloud attack paths, CI/CD abuse, and emerging AI system risks. My work tends to sit where application logic, infrastructure behavior, and attacker creativity meet.
This site brings together my technical writeups, challenge solutions, and field notes from hands-on offensive security work. I like turning unusual edge cases into repeatable attack paths, then documenting them in a way that is useful to operators, defenders, and other curious people in the room.
What I Work On
Application Security
Authentication and authorization flaws, insecure workflows, SSRF, file handling issues, JavaScript and Next.js reconnaissance, and web-driven privilege escalation paths.
Cloud and Platform Abuse
Multi-tenant isolation failures, managed service abuse, CI/CD exposure, secret leakage, and practical offensive paths through modern developer and platform infrastructure.
AI and Agent Security
Prompt injection, RAG abuse, retrieval boundary failures, agent workflow manipulation, and code-executing analytics systems that drift into unintended attack surfaces.
Selected Projects
Recipies-Of-A-Jenkins-Hacker
Jenkins-focused offensive research covering enumeration, pipeline abuse, credential dumping, privilege escalation, forensics, and lateral movement.
pastehunter
An automation project for collecting indexed pastes and surfacing leaked credentials, sensitive data, and other high-signal exposure material.
SPSE
A Python-based security toolkit and scripting collection for vulnerability assessment, exploitation workflows, and security automation exercises.
StaticAnalyzer
A Burp plugin for runtime static analysis of server responses, designed to surface interesting signals from live traffic during testing.
ApkDissector
A Java-based Android APK decompiler project focused on making APK analysis and reverse engineering workflows more approachable.
HackerOneReportGrabber
A utility for collecting public HackerOne reports into a local HTML view for reference, review, and research-oriented reading.
Research and Competition Highlights
Competition and Practice
CTFs have been a big part of how I sharpen offensive intuition, test new exploitation ideas, and stay close to hands-on problem solving across web, infra, cloud, and AI-focused challenge environments.
Recognition and Research
- Microsoft Security Researcher acknowledgement archive
- Hands-on work across offensive research, CTF exploitation, and tooling
- Writeups on cloud abuse, CI/CD attack paths, AI challenge solving, and web exploitation
- Long-running collaboration with the SundayParan01ds CTF team
Full CTF Performance
- HackTheBox Cyber Apocalypse CTF 2025 - Team Rank 104 / 8100+ : Team CS
- Cisco Offensive Summit 2024 CTF by Immersive Labs - Rank 4th (Team)
- HackTheBox Business CTF 2024 - Team Rank 7 / 940 : Cisco
- HackTheBox Cyber Apocalypse CTF 2024 - Team Rank 251 / 5694 : Team CS
- HackTheBox Business CTF 2023 - Team Rank 45 / 980 : Cisco Systems
- HackTheBox Cyber Apocalypse CTF 2023 - Team Rank 587 / 6483 : Solo
- HackTheBox Business CTF 2022 - Team Rank 110 : Cisco Systems
- HackTheBox Business CTF 2020 - Rank 12 : SundayParan01ds (SAP)
- Advent of CTF 2020 - Rank 26 : Solo
- Virtual Secure Coding Tournament 2020 - Rank 6 : Solo
- 2nd Position in Hacker's Category in SAP CTF 2017
- Collaborated with SundayParan01ds across multiple CTF events through 2021
Profiles and Links
Professional Profiles
Learning and Community Platforms
I use CTFs and challenge environments as a testing ground for new attack ideas, exploit chains, and research themes before turning them into more structured writeups and tooling.
Stack Overflow
I also share smaller technical notes and answers through community forums and developer Q&A spaces when they are a good fit for the problem.