// ethical hacker & cyber security consultant

Aditya
Sharma

aka assassin_marcos

Ethical hacker & cybersecurity expert with 8+ years. 200+ Hall of Fame recognitions.
Breaking things to make them stronger.

Hire for Pentest View Achievements
0+
Years Experience
0+
Hall of Fame
0+
Companies Secured
0+
CVEs Published
scroll
// 01

Aditya Sharma is an experienced ethical hacker and cybersecurity researcher with 8+ years of expertise in safeguarding digital environments from evolving threats. Known in the hacking community as assassin_marcos — one of India's top bug bounty hunters and penetration testers.

Recognized by industry leaders including Google, Microsoft, Adobe, Intel, Sony, Dell, Mastercard, Philips, Nokia, AT&T, Okta, HubSpot and dozens more for responsibly disclosing critical security vulnerabilities.

Currently Senior Cyber Security Consultant at REOFT Technologies — performing penetration testing, vulnerability assessments, managing security teams, and collaborating with global organizations to strengthen their cybersecurity defenses.

LocationNew Delhi, India
FocusOffensive Security & VAPT
LanguagesEnglish, Hindi
AvailabilityOpen for engagements

Core Skills

VAPT
Penetration Testing
Network Security
API Testing
Mobile Security
Reverse Engineering
Cloud Security
Python / Bash

Tools

Burpsuite Metasploit Nuclei FFuf Wireshark Amass Dirsearch TheHarvester Nmap SQLMap
// 02

Hall of Fame

Recognized by 200+ organizations for responsible vulnerability disclosure

Google Microsoft Adobe Intel Sony Dell Mastercard Nokia AT&T Philips Okta HubSpot Bugcrowd HackerOne US DoD Google Microsoft Adobe Intel Sony Dell Mastercard Nokia AT&T Philips Okta HubSpot Bugcrowd HackerOne US DoD
CVE

CVE-2020-24416

Critical vulnerability discovered in Adobe InDesign. Reflected XSS via crafted URL leading to session hijack.

$10K

MindGeek Bounty

$10,000 USD bounty for critical security vulnerability discovered in MindGeek/Pornhub infrastructure.

200+

Global Recognition

Hall of Fame from Fortune 500 companies, government agencies, and top bug bounty platforms worldwide.

Conferences

BSides Ahmedabad2022, 2023
OWASP Seaside2020, 2023
Nullcon Security2020, 2022
BSides Delhi2021
United Conf. on Cyber Space2020 (Core Team)
// 03

Work Experience

Jan 2024 — Present

Cyber Security Consultant Freelance

REOFT Technologies Pvt. Ltd. — Indore, India
  • Performing penetration testing and vulnerability assessments, identifying and mitigating system weaknesses in hotel industry networks
  • Managing team of four people along with project pitching and client acquisition
  • Collaborating with global organizations to identify and resolve system vulnerabilities, strengthening their cybersecurity defenses
Jan 2017 — Present

Cybersecurity Researcher Bug Bounty

Bugcrowd — Delhi, India
  • Active bug bounty researcher on Bugcrowd platform, identifying critical vulnerabilities across enterprise targets
  • Excellent communication in reporting vulnerabilities and collaborating with security teams
Mar 2016 — Present

Cybersecurity Researcher Bug Bounty

HackerOne
  • Utilized ethical hacking techniques to simulate cyber threats via penetration testing and code reviews
  • Followed responsible disclosure practices, collaborating with organizations to ethically resolve vulnerabilities
  • Prepared clear vulnerability reports, translating technical details for diverse audiences
  • Worked closely with clients to assess security needs, delivering customized solutions
Sep 2021 — Sep 2022

Cyber Security Analyst Remote

SpyderAuth Security Pvt. Ltd. — Jaipur, India
  • Performed penetration testing and vulnerability assessments on systems and networks
  • Conducted security audits to ensure compliance with industry standards and regulatory frameworks
  • Created comprehensive security reports with actionable recommendations for management
  • Consulted for global enterprises, improving cybersecurity measures resulting in 30% decrease in incidents
// 04

Pentest Services

Web Application Pentest

Comprehensive OWASP Top 10 assessment, business logic testing, authentication bypass, privilege escalation, and API security review.

  • OWASP Top 10 coverage
  • Business logic flaws
  • Auth & session management
  • Detailed remediation report

Network Penetration Testing

External and internal network assessments. Active Directory exploitation, lateral movement, and privilege escalation chains.

  • External / internal scope
  • Active Directory attacks
  • Lateral movement chains
  • Firewall & segmentation review
📱

Mobile Security Testing

Android and iOS application security assessment. Static & dynamic analysis, API hooking, SSL pinning bypass, and data storage review.

  • Android & iOS apps
  • Static & dynamic analysis
  • API hooking & tampering
  • Data leakage review
🔎

Vulnerability Research

Deep vulnerability research, CVE discovery, and responsible disclosure. Reverse engineering and exploit development.

  • CVE discovery & disclosure
  • Reverse engineering
  • Exploit development
  • Zero-day research
💻

API Security Testing

REST, GraphQL, and gRPC API assessments. Broken object-level authorization, rate limiting, injection, and data exposure testing.

  • REST / GraphQL / gRPC
  • BOLA & BFLA testing
  • Rate limit & injection
  • Data exposure review

Cloud Security Assessment

AWS, GCP, and Azure security posture review. IAM misconfigurations, S3 bucket exposure, serverless function abuse.

  • AWS / GCP / Azure
  • IAM & policy review
  • Storage exposure audit
  • Container & serverless security
// 05

Get in Touch

Need a penetration test? Have a security concern? Let's talk.

𝕏
Response time: Usually within 24 hours.
NDA: Available upon request before engagement.