Noida, Uttar Pradesh, India
As a Security Researcher II at Microsoft (MSTIC), I focus on advanced vulnerability research, detection engineering, and threat intelligence. I specialize in discovering high-impact vulnerabilities, developing scalable detections, and collaborating across teams to enhance response to emerging cyber threats. 🔍 500+ recognized vulnerability disclosures – acknowledged by organizations like Bank of Scotland, Appcelerator, and Pega, etc. 🛡️ Multiple CVEs published, including: • CVE-2020-13093 – Directory Traversal in iSpyConnect Agent DVR • CVE-2020-12273/12274 – Exposed credentials & URL injection in TestLink • CVE-2020-24933/24934/24935 – XSS & Python code injection in ERPNext • CVE-2021-27512 – SQL Injection in ERPNext • CVE-2021-41349 – Spoofing in Microsoft Exchange Server • Also contributed to issues in Gifsicle (null deref), GNU nano (memory leak), and Erlang/OTP (buffer overflow) https://foss.heptapod.net/tryton/python-sql/-/issues/92 📰 Featured in major media: • Forbes – John Deere Security Research https://www.forbes.com/sites/paulfroberts/2021/06/20/under-scrutiny-big-ag-scrambles-to-address-cyber-risk • TechNadu – AgTech Server-side Vulnerabilities https://www.technadu.com/researchers-multiple-server-side-flaws-agricultural-equipment-giant-john-deere/293979 🎤 Talks & Panels: • DEF CON 29 – Speaker on John Deere/AgTech https://defcon.org/html/defcon-29/dc-29-speakers.html • CornCon VII – IoT & Ag Cybersecurity Panel https://www.youtube.com/watch?v=oaVLTXPYIq0 • Hackers Meetup Conference – SSRF, RCE, Elasticsearch Takeovers https://www.facebook.com/photo.php?fbid=2796621447288690&id=2050200718597437&set=a.2114055168878658 • InfoSec Bug Bounty AMA – Research Q&A https://www.sillydaddy.me/infosec-bugbounty-ama/2020/10/06/Infosec-Bugbounty-AMA-Ashish-Kunwar.html 🎓 B.Tech in Computer Science – GD Goenka University 📜 Certifications – CNSS, CISSP, Burp Suite Pro I’m passionate about bridging offensive research with proactive defense, pushing boundaries in threat detection, and giving back to the security community through research, tools, and talks.