class Suraj:
name = "Suraj Gupta"
alias = "0xmr"
role = "Pentester & Cloud Security Engineer"
domains = ["Web", "Active Directory", "AWS", "AI/LLM"]
language = ["Python", "Bash"]
def mission(self):
return "Find it before the bad guys do."- π Currently pentesting Web, AD, AWS & AI/LLM
- π± Deep-diving AWS Security, AI/LLM attacks, Web Advanced
- π Disclosed IDOR vulns, exposed S3 buckets, Grok/Kimi findings
- π Personal cheatsheet & notes β 0xmr.qzz.io
- π€ Open to collaborate β github.com/0xmrsecurity
| # | Vulnerability | Target | Impact |
|---|---|---|---|
| π | IDOR Γ 2 | Live Production Systems | Unauthorized data access exposed |
| πͺ£ | Exposed S3 Bucket | Live Production | Sensitive data publicly accessible |
| π | Command Injection | Grok AI (via Chatbot) | Remote command execution vector |
| π€ | System Prompt Extraction | Kimi AI (Chinese LLM) | Full system prompt leaked |
Languages
Pentesting Tools
Cloud & OS
Netspray:- NetSpray is a wrapper script designed to save time when performing password or hash spraying across multiple protocols. It leverages the power of NetExec to automate the process efficiently.
Usage: NetSpray <protocols|all> <targets|subnet> -u <username> [-p <password> | -H <hash>] [OPTIONS]Scrad:- This tool finds hidden endpoints across the entire website using js.
Usage Ready to use from brower, just click on scrad bookmark and it will open a new page with in a 2 seconds.Public POC (Proof of Concepts):- list of public Exploit in python and bash languages.
Pentesting Notes
"Certifications are expensive. Skills are not. Here's the proof of work."
|
π« Cybrary β Offensive Penetration Testing |
βοΈ TryHackMe β Offensive Pentesting Path |
βοΈ AWS Security βββββββββββ Deep dive: IAM escalation, Lambda abuse, EC2 , S3 etc.
π€ AI/LLM Security βββββββββββ Prompt injection, model extraction, System Prompt Extract and Jail Break.
π Web Advanced ββββββββ OAuth/OTP, SSRF chains, LFI, Command Injection.
"The quieter you become, the more you are able to hear."
