A walkthrough of how a low-severity IDOR escalated into ATO during a private engagement.
draft — coming soonAbhi HackZ
Security Analyst, VAPT Engineer, bug bounty hunter and security speaker. I break web, mobile, API, network, IoT, wireless and AI systems — then help organisations build them back stronger.
Who is Abhi HackZ?
Abhishek Bhaskar, known professionally as Abhi HackZ (also written AbhiHackZ or Abhi_HackZ), is a Security Analyst and VAPT Engineer with over five years of experience in offensive security, vulnerability assessment, penetration testing and bug bounty hunting.
Over the course of his career he has assessed and helped secure more than 1000 applications and infrastructures — spanning enterprise web platforms, mobile apps, APIs, internal networks, wireless environments, IoT devices and, more recently, AI systems.
Alongside consulting work, he actively participates in bug bounty and responsible disclosure programs and has earned Hall of Fame recognitions from multiple organisations. He is passionate about offensive security research, automation, AI security, and giving back to the community through talks, workshops and open-source tooling.
Experience
- Web Application VAPT
- Mobile Application VAPT
- API Security Testing
- Network Security Assessment
- Report Writing & Validation
- Bug Bounty Report Review
- Client Security Consulting
- Security Automation Development
Skill Arsenal
offensive-security
bug-bounty
ai-security
frameworks
Hall of Fame
Public recognitions earned through responsible vulnerability disclosure.

NASA
Recognition for responsible vulnerability disclosure.
⧉ proof link — add later

RepAutomate
Recognition for responsible vulnerability disclosure.
⧉ view on RepAutomate
Vero VDP
Responsible disclosure under the Vero VDP program.
⧉ view on BugcrowdBug Bounty
// update counts in index.html — search data-count
Projects & Security Tools
Open-source security tooling. Tap a card to open the repo on GitHub.
CVEs & Disclosures
Assigned CVE identifiers and coordinated disclosures.
Security Research & Writeups
How tool-calling agents leak data and execute unintended actions, and how to test for it.
draft — coming soonFrom subdomain enumeration to live triage — the methodology behind my automation framework.
draft — coming soonEvents & Community
Talks, workshops, conferences and campus sessions. Tap any album to view photos.
Security Talks
Bug Bounty Hunting
Methodology, recon and the mindset behind finding high-impact bugs.
Web & API Security
Common classes, real-world chains and how to test them.
Mobile Security
Android/iOS assessment fundamentals and tooling.
AI Security
Prompt injection, LLM red teaming and agent threat models.
Security Automation
Building pipelines that do the boring work for you.
Certifications
Media Gallery
Every photo across talks, conferences and campus sessions. Tap to open.