Het Patel
@networkshard
India
Inventyv Software Services Pvt. Ltd.
I'm a Cybersecurity Engineer - Intern focused on building defensive systems that are practical, scalable, and testable. I work across penetration testing, vulnerability validation, and secure engineering practices.
I specialize in Linux-first security workflows, web and infrastructure testing, and research-driven remediation while learning through hands-on delivery in real-world environments. My approach is simple: verify everything, automate what repeats, and keep systems understandable.
Skills & Tools
Experience
Inventyv Software Services Pvt. Ltd.
Cybersecurity Engineer — Intern
Dec 2025 — Present
Ahmedabad, Gujarat
- Collaborated with development teams to remediate vulnerabilities and improve secure coding practices.
- Improved overall application security posture through proactive testing and cross-team collaboration.
- Participated in internal security assessments and knowledge-sharing sessions.
Hacker4Help
VAPT & Cybersecurity Researcher — Intern
Apr 2025 — Jun 2025
Anand, Gujarat
- Performed Vulnerability Assessment and Penetration Testing across 25+ websites and reported findings to stakeholders.
- Researched emerging security threats and gained hands-on experience with automated VAPT tooling.
- Assisted with content delivery, training material, and learner support.
Hall of Fame
CERT-IN
Indian Computer Emergency Response Team
Hall of Fame — September & October 2025
View on CERT-IN →CVEs
Arbitrary API Token Creation
InvenTree Security Advisory
Impact
Any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST /api/user/tokens/ request. The returned token is immediately usable for full API authentication as the target user, from any network location, with no further interaction required.
CVE ID
CVE-2026-35478
Score
8.3/10
BIND Zone File Injection via TXT Record
Froxlor Security Advisory
Impact
The DomainZones.add API endpoint fails to sanitize newline characters in TXT record content, so an authenticated customer with DNS editing enabled can break out of the record line in generated BIND zone files. This allows injecting arbitrary BIND directives and DNS records — including $INCLUDE to read world-readable files, spoofed A/MX/CNAME records for subdomain takeover or email interception, and malformed content that takes the zone offline.
CVE ID
CVE-2026-41234
Score
7.6/10
API Authentication Bypasses 2FA
Froxlor Security Advisory
Impact
Froxlor's API authentication (FroxlorRPC::validateAuth) does not enforce Two-Factor Authentication. When a user enables 2FA, the web UI correctly requires a TOTP code — but the API accepts requests authenticated with only an API key and secret, issuing no TOTP challenge. An attacker who obtains a leaked API key+secret for a 2FA-protected account has full access to all API operations without providing a second factor.
CVE ID
CVE-2026-52793
Score
8.1/10
Certifications
CRTA
Certified Red Team Analyst
Site Stats
370
24
2025