networkshard
Het Patel — Cybersecurity Engineer

Het Patel

@networkshard

India

Inventyv Software Services Pvt. Ltd.

I'm a Cybersecurity Engineer - Intern focused on building defensive systems that are practical, scalable, and testable. I work across penetration testing, vulnerability validation, and secure engineering practices.

I specialize in Linux-first security workflows, web and infrastructure testing, and research-driven remediation while learning through hands-on delivery in real-world environments. My approach is simple: verify everything, automate what repeats, and keep systems understandable.

Skills & Tools

Penetration Testing VAPT Red Teaming Vulnerability Assessment Security Research Ethical Hacking Burp Suite Nmap Metasploit Kali Linux Wireshark Python Docker Bash Linux Penetration Testing VAPT Red Teaming Vulnerability Assessment Security Research Ethical Hacking Burp Suite Nmap Metasploit Kali Linux Wireshark Python Docker Bash Linux

Experience

Inventyv Software Services Pvt. Ltd.

Cybersecurity Engineer — Intern

Dec 2025 — Present

Ahmedabad, Gujarat

  • Collaborated with development teams to remediate vulnerabilities and improve secure coding practices.
  • Improved overall application security posture through proactive testing and cross-team collaboration.
  • Participated in internal security assessments and knowledge-sharing sessions.

Hacker4Help

VAPT & Cybersecurity Researcher — Intern

Apr 2025 — Jun 2025

Anand, Gujarat

  • Performed Vulnerability Assessment and Penetration Testing across 25+ websites and reported findings to stakeholders.
  • Researched emerging security threats and gained hands-on experience with automated VAPT tooling.
  • Assisted with content delivery, training material, and learner support.

Hall of Fame

NASA

Vulnerability Disclosure Policy (VDP)

Letter of Recognition — May 2026

View letter →

CERT-IN

Indian Computer Emergency Response Team

Hall of Fame — September & October 2025

View on CERT-IN →

Zyte

Responsible Disclosure Program

Security Researcher — Hall of Fame

View on Zyte →

CVEs

Arbitrary API Token Creation

InvenTree Security Advisory

8.3/10

Impact

Any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST /api/user/tokens/ request. The returned token is immediately usable for full API authentication as the target user, from any network location, with no further interaction required.

CVE ID

CVE-2026-35478

Score

8.3/10

View advisory on GitHub →

BIND Zone File Injection via TXT Record

Froxlor Security Advisory

7.6/10

Impact

The DomainZones.add API endpoint fails to sanitize newline characters in TXT record content, so an authenticated customer with DNS editing enabled can break out of the record line in generated BIND zone files. This allows injecting arbitrary BIND directives and DNS records — including $INCLUDE to read world-readable files, spoofed A/MX/CNAME records for subdomain takeover or email interception, and malformed content that takes the zone offline.

CVE ID

CVE-2026-41234

Score

7.6/10

View advisory on GitHub →

API Authentication Bypasses 2FA

Froxlor Security Advisory

8.1/10

Impact

Froxlor's API authentication (FroxlorRPC::validateAuth) does not enforce Two-Factor Authentication. When a user enables 2FA, the web UI correctly requires a TOTP code — but the API accepts requests authenticated with only an API key and secret, issuing no TOTP challenge. An attacker who obtains a leaked API key+secret for a 2FA-protected account has full access to all API operations without providing a second factor.

CVE ID

CVE-2026-52793

Score

8.1/10

View advisory on GitHub →

Certifications

CRTA

Certified Red Team Analyst

Cyberwarfare

Site Stats

Total Views

370

Blog Posts

24

Since

2025

Connect