KSHITIJA

MHATRE

Security Engineer | Penetration Tester

Hi, I am a Security Engineer based out in India. I have an overall 4 years of experience working in the security and development domain.

THREAT LEVEL

SYSTEMS SECURED

25+

CRITICAL

who am i

Hi, I am a Security Engineer who loves breaking things so they can be rebuilt safer. Most days you will find me deep in hunting down sneaky auth bugs, path traversal quirks, and those “how is this leaking?” info disclosure issues then turning the fixes into clean, reproducible steps the whole team can use. I started in software, moved into cybersecurity and now split time between web app pentesting, network security testing and ITSAR compliance checks.

I am also building a no-fluff cybersecurity YouTube channel: practical exploit walkthroughs, simple visuals and real-world tips you can try right away. If you like straight talk, clear demos and a bit of curiosity-driven fun, you will feel at home with my content. Outside of client work, I sharpen skills with CTFs and bug bounty-style practice and I am big on making complex topics feel simple.

what do i know

Tools

> Metasploit

> Wireshark

Experienced

> Burpsuite

> Nmap

> Nessus

> Defensics

> ZAP

> Nikto

Experienced

Language

Skill Areas

Experienced

Basic

Experienced

eJPT

INE

Certified

CNSP

CISEH

AZ-900

The SecOps Group

Pristine Infosolutions

Microsoft

Certified

> Github

> AppScan

> Caido

> Amass

> Dirb

> ServiceNow

Experienced

Intermidiate

Experienced

> Python

> Java

> MySQL

> Bash

Experienced

Basic

Intermidiate

> OSINT and Threat Intelligence

> Telecommunication and IoT Devices Penetration Testing

> Web Application Penetration Testing

> Security Compliance Testing (ITSAR, NIST CSF)

> Network Devices VAPT

> Security Content Development

where have i worked

what have i created

Prilux

A Python-based Linux enumeration script for post-exploitation auditing and CTF workflows that collects OS/distro/kernel details, flags writable PATH entries, hunts for secrets in environment variables and fstab, queries SearchSploit for kernel/sudo version exploits, lists block devices and reports useful tooling to inform potential privilege escalation paths. This mirrors standard privesc recon playbooks used by practitioners and checklists like LinEnum/LinPEAS-style routines.

Enumstar

Enumstar is a Python-based reconnaissance tool with a Tkinter GUI that streamlines subdomain discovery, HTTP/HTTPS analysis, and reporting for security assessments. It automates passive and active subdomain enumeration, validates live hosts, and inspects HTTP(S) responses for status codes, headers, redirects, and basic security signals. Tool under development.

Link ➔

what content i have created

> I make youtube videos to share what I have learnt with the community

how can we connect

Let’s connect and swap ideas, always up for good conversation and better security