BIPIN JITIYA

ABOUT ME

Welcome to my personal website!
I am Bipin Jitiya and I am a security enthusiast, penetration tester, web & mobile application developer, and reverse engineer. I am also an entrepreneur and the founder of Cuberk Solutions. Since college time, I have devoted my time to learning and exploring information security.

I love to make new computer programs and read about the latest technology and entrepreneurship. I have worked on projects for top domestic and international clients of the banking industry. I spend my off-hours watching movies and traveling to historical sites & natural places. As a security professional, I am dedicated to leading my field and always providing the highest level of service to my clients.

EXPERIENCE

Cuberk Solutions Pvt. Ltd.

CEO & Founder (Aug 2022 - Present)

• Developing and maintaining company culture, vision, and mission
• Developing and implementing long-term business plan and goals
• Managing business operations and service delivery
• Ensuring accuracy and integrity of financial information
• Engaging in strategic planning and supervising/evaluating testing methods
• Partnering with global IT security leaders to expand business

Net Square Solutions Pvt. Ltd.

Manager - Professional Services (Jul 2021 - Jul 2022 · 1 year 1 month)

• Conducting risk analysis to identify and prioritize appropriate security countermeasures
• Verifying the security of third-party vendors and working with them to meet security requirements
• Developing and managing a testing methodology for security upgrades and improvements
• Leading and managing a team of security analysts
• Providing training on security testing to team members and other stakeholders
• Reviewing and evaluating security assessment reports to identify areas for improvement.

Information Security Analyst (Mar 2018 - Jun 2021 · 3 years 3 months)

• Identifying and evaluating vulnerabilities through penetration testing
• Performing security audits (both internal and external) to identify weaknesses
• Testing web applications, networks, and code for vulnerabilities
• Assisting clients in patching identified issues and securing their IT assets.

EDUCATION

Completed Master of Science (Information Technology) from GLS University, Ahmedabad. 2016 - 2018
Award: Gold medal for best student of the batch

CERTIFICATIONS

November 2012: Jetking Certified Hardware and Networking Professional

TECHNICAL

• Proficient in HTML, JavaScript, and Java; Intermediate knowledge of C, PHP, C++, ShellScript, JSP, and ASP
• Experience with MySQL and MS Access databases
• Familiar with Linux including Kali, Ubuntu, Puppy, and Parrot Security OS, as well as Microsoft Windows and Windows Server
• Skilled in using tools such as Nmap, Burp Suite Professional, Nessus, SQLmap, Metasploit, and Jadx.

ACTIVITIES AND ACHIEVEMENTS

• Acknowledged and rewarded for discovering and responsibly reporting several vulnerabilities on Facebook (Meta Platforms, Inc.). Recognized under Top 10 Facebook Security Researcher.
• Acknowledged by European Union Computer Emergency Response Team (CERT-EU) for finding a critical glitch on their website. Link to Recognition page.
• Acknowledged by Nokia Corporation, a multinational telecommunications company, for discovering multiple high-severity vulnerabilities on their web environment. Link to Hall of Fame
• Received appreciation from the UK government for discovering a critical SQL injection vulnerability on their department's website.
• Acknowledged and rewarded by MicroStrategy, the world's leading business intelligence (BI) and mobile software company. I found multiple vulnerabilities in their major business intelligence software, including SSRF.
• Acknowledged by Visma, a leading European supplier of business-critical software company. I found a SSRF vulnerability on their production server.
• Acknowledged by Tata Consultancy Services (TCS) on behalf of the Government of Gujarat for finding RCE on the AMC website and portal (developed by TCS).
• Acknowledged by GLS University for finding multiple vulnerabilities in students and faculty portal, including RCE and Insecure Direct Object Reference.
• Acknowledged by Yum! Brands, Inc. and KFC for finding a vulnerability on their website.
• Acknowledged by Avaya, a cloud communications service provider, for finding multiple high-severity vulnerabilities on their customer demo lab environment.
• Developed multiple well-known websites including Ahmedabad Express (Newspaper), Sahjanand Telecom (Broadband ISP), Ram Temple, Hotel Shree Krishna Inn (business hotel) and GLS Institute of technology (glsmscit.org). Currently I'm not maintaining any of them. Please contact to the respective owners for any concerns.
• Summer Internship 2017: Collaborated in a cross-functional team of 8 interns (incl. software engineers, graphic designer, and program manager) on a Start-up Village Entrepreneurship Project (SVEP) of Entrepreneurship Development Institute of India (EDII). Delivered an Android application and a PHP-based web admin panel after 4 weeks of collaboration.

SECURITY RESEARCH BLOGS

• Inside the Router: How I Accessed Industrial Routers and Reported the Flaws (Oct 1, 2023)
• Internet security: The cyber risk we can't afford to ignore (Mar 31, 2023)
• Facebook bug: A Journey from Code Execution to S3 Data Leak (Feb 16, 2023)
• Cracking Online Test/Quiz Software: Attack and Defense (Dec 25, 2022)
• Remote Command Execution in a Bank Server (Nov 18, 2022)
• NSConclave CTF Write-up: Web challenge (Aug 12, 2020)
• Simple story of some complicated XSS on Facebook (Jun 21, 2020)
• How I made $31500 by submitting a bug to Facebook (May 31, 2020)

SECURITY ADVISORIES

• CVE-2023-43261
  • Exploit Database (ExploitDB)
  • Packet Storm Security
• CVE-2023-43260
• CVE-2020-22983
• CVE-2020-22984
• CVE-2020-22985
• CVE-2020-22986
• CVE-2020-22987

MEDIA RECOGNITION

• The Hacker News (thehackernews.com) - Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers (archive)
• SecurityWeek (www.securityweek.com) - Milesight Industrial Router Vulnerability Possibly Exploited in Attacks (archive)
• Hindustan Times (tech.hindustantimes.com) - Facebook pays ₹23.8 lakh bounty to Indian researcher (archive)
• Zee News (zeenews.india.com) - Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert (archive)
• ABP News (news.abplive.com) - Ahmedabad Security Researcher Paid Rs 23.8 Lakh By Facebook For Identifying Security Bug (archive)
• Business Standard (www.business-standard.com) - Facebook awards $10000 for finding bug in its Android app (archive)
• Insider Inc. (www.businessinsider.in) - Facebook pays ₹23.8 lakh to Indian security researcher for finding a bug (archive)
• Gulf News (gulfnews.com) - Facebook pays $31,500 to Indian security researcher for bug alert (archive)
• The Daily Swig (portswigger.net) - Facebook security: Researcher scoops $31k bug bounty for flagging SSRF vulnerabilities (archive)
• The Tribune (www.tribuneindia.com) - Facebook awards $10K for finding bug in its Android app (archive)
• The Quint (www.thequint.com) - Indian Hackers Gets Rs 23 Lakh Bug Bounty From Facebook (archive)

PERSONAL INFORMATION

• Date of Birth: December 17, 1994
• Place of Birth: Ahmedabad, India
• Nationality: Indian 🇮🇳
• Languages: Gujarati, Hindi and English