Skip to content

Mukul Joshi

HANDLE: CYB3RFY·Pune, IN

SUBJECT FILE

Cybersecurity researcher and CTF competitor with podium finishes at CTFQuest '26 (1st), H7CTF (2nd, top 0.2%), and DY Patil Offline CTF (2nd). Currently a Research Intern at Fenrir Security, focused on web application penetration testing, prompt engineering, and AI-driven security tooling. Operates the CYB3RFY YouTube channel — 90+ instructional videos on web exploitation and CTF methodology. Secretary of the ISDF cybersecurity club at AIT Pune; directed the Bypass CTF (542 teams).

EDUCATION

Army Institute of Technology (AIT)

Pune, Maharashtra
Bachelor of Engineering, Computer Science — Expected June 2027August 2023 — Present

EXPERIENCE

Fenrir Security Pvt Ltd

Remote
Cybersecurity Research InternFebruary 2026 — May 2026
  • Executed penetration testing on web applications and designed AI-driven custom skill files utilizing prompt engineering, increasing the efficiency of automated vulnerability detection.
  • Programmed custom Python and Bash scripts to automate reconnaissance, network enumeration, and payload delivery workflows.

CopperCloud IOTech Pvt Ltd

Pune, Maharashtra
Intern, IoT SecurityApril 2025 — July 2025
  • Deployed secure IoT architectures for Industry 4.0 applications, fortifying system resilience through hands-on hardware implementation and rigorous security audits.

PROJECTS

Content Creation, Community BuildingAugust 2024 — Present
  • Grew an educational cybersecurity community to 360+ subscribers across 90+ technical videos on web exploitation, CTFs, and practical hacking.

Multi-Agent AI Bug Bounty Framework

Python, Bash, Security Automation2025 — Present
  • Architected a Lead/Worker multi-agent LLM framework across a 5-phase test pipeline: reconnaissance, endpoint mapping, structured testing, validation, and reporting; earned a $250 HackerOne bounty for an Account/Org takeover via OAuth Device-Grant phishing.
  • Engineered automated recon with source-map recovery, webpack chunk enumeration, GraphQL introspection, and CDP dual-session browser automation; deployed on programs including HubSpot, Twilio, Toyota Motor Europe, HDFC, and Groww across HackerOne, Intigriti, and BugBase.

TECHNICAL SKILLS

LANGUAGES
Python, JavaScript, C/C++, HTML/CSS, Bash, SQL
SECURITY TOOLS
Burp Suite, Nmap, Metasploit, Wireshark, SQLmap, Hydra, Gobuster, Postman, Chrome DevTools Protocol (CDP)
SECURITY DOMAINS
Web Exploitation, Bug Bounty Research, REST API Testing, Penetration Testing, Digital Forensics, OSINT, IoT Security
AI & AUTOMATION
Multi-Agent LLM Orchestration, Prompt Engineering, Claude, Gemini, GitHub Copilot
DEVELOPER TOOLS
Git, GitHub, Linux (Kali, Windows, Ubuntu)
PLATFORMS
HackerOne, Intigriti, BugBase

POSITIONS OF RESPONSIBILITY

Secretary — Information Security and Digital Forensics (ISDF) Club

Army Institute of Technology, Pune
July 2025 — Present
  • Mentored a core committee of 40 juniors to manage a community of 1,500+ members, and presented technical workshops on forensics, steganography, and web exploitation to 200+ students.
  • Directed the organization of Bypass CTF, a 36-hour hybrid competition featuring 542 teams online and a top-30 offline finale.

ACHIEVEMENTS

  • PLATFORMS & TEAMS:Top 1% on TryHackMe; active member of Team Tracebash (Top 10 in India on CTFtime).
  • PODIUM FINISHES:1st Rank in CTFQuest '26; 2nd Rank at H7CTF (Top 0.2%) and DY Patil Offline CTF; 3rd Rank at Code Intrusion CTF (IIIT Bhagalpur) and SCIT CyberON CTF.
  • NOTABLE RANKINGS:5th Rank at Lakshya CTF; 6th Rank at Trinetra CTF qualifying for the offline finale at Shiv Nadar University; 11th Rank at Vishwa CTF Mini.
  • FULL OPERATIONS LOG →

EXTRACURRICULAR

Instrumentalist and Musician (Flute, Ukulele)

Army Institute of Technology, Pune
August 2023 — Present
  • Performed at intercollegiate music events, collaborating with peers and utilizing technical audio workflows to record, layer, and mix musical covers.