I am a security researcher from New Delhi, India.

I was most recently a Senior Information Controls Fellow with the Open Technology Fund, hosted by the Internet Governance Project at the School of Public Policy, Georgia Institute of Technology, where I researched the scale of DNS censorship in India. My past affiliations include Hasgeek, Kloudle, Stackmate, CIS India, and Infosec Clinic.

My blog is centered primarily around network and application security. My writing has featured in publications such as The Hindu, The Quint, The Wire, 2600 Magazine, and elsewhere. Some of my work has been documented in publications such as the New York Times and Caravan Magazine.

• [ 2020-07-15 ] Command injection vulnerability in V-SOL home networking devices
• [ 2019-08-24 ] Attacking a weak 3D Secure implementation
• [ 2018-05-03 ] Extracting personal phone numbers linked to Aadhaar
• [ 2018-02-23 ] Disclosure of account balance and recent transactions on PayPal
• [ 2017-06-29 ] Fuzzing for obfuscated phone numbers