Hyderabad, Telangana, India
$(whoami) █► Ashish Arun Dhone — Offensive Security Leader | Red Teamer | Bug Hunter | Speaker $(bio) I break things so attackers can't. Over the past decade I've led offensive security programs across banking, telecom, and enterprise tech, finding the flaws that matter before adversaries do. Currently Offensive Security Lead at Mindpool Technologies, where I drive red team operations, advanced penetration testing, and vulnerability research. Previously: ♦ Cyber Security Consultant — Emirates NBD, Dubai ♦ Cyber Security Expert — Entel S.A., Chile ♦ Lead Penetration Tester — Persistent Systems ♦ Independent Security Researcher — Synack, HackerOne, Bugcrowd, Yogosha $(CVEs) Published vulnerability research with assigned CVEs across global vendors: ♦ CVE-2025-49546 — Improper Access Control in Adobe ColdFusion ♦ CVE-2021-37999 — Universal XSS in Google Chrome ♦ CVE-2021-31832 — Stored XSS in McAfee DLP ♦ CVE-2020-35745 — Privilege Escalation / Unauthenticated Admin Access in PHPGurukul ♦ CVE-2020-25925 — Reflected XSS in IceWarp WebClient $(honors_and_awards) Microsoft Security Response Center (MSRC) ♦ Most Valuable Security Researcher — 2025, 2024, 2023 ♦ Quarterly Leaderboard — multiple consecutive quarters across 2023, 2024, 2025 Speaking & Conferences ♦ Speaker — BlackHat MEA 2025, Riyadh ♦ Speaker — Microsoft BlueHat 2025 ♦ Speaker & CTF Finalist — BlackHat MEA 2022 (Captained the only Indian team to reach the finals; research selected in the Call for Papers) ♦ CTF Finalist — BlackHat MEA 2023, Riyadh Recognition ♦ CCTNS Bug Bounty Winner — National Crime Records Bureau, Ministry of Home Affairs, Government of India ♦ Top 120 globally — Google Hacker Ranking ♦ Selected for BountyCon by Facebook & Google — Facebook HQ, Singapore (across all of Asia) Hall of Fame acknowledgements from 500+ Fortune-class companies, including: ✔ Google ✔ Apple ✔ Microsoft ✔ Facebook ✔ Shopify ✔ GitLab ✔ AT&T ✔ Western Union ✔ Paytm ✔ Swiggy $(certifications) ♦ CRTP — Certified Red Team Professional (Altered Security) ♦ LPT (Master) — Licensed Penetration Tester (EC-Council) ♦ CPENT — Certified Penetration Testing Professional (EC-Council) ♦ eWPTX v2 — Web Application Penetration Tester eXtreme (INE) ♦ ECSA — Certified Security Analyst (EC-Council) ♦ CHFI — Computer Hacking Forensic Investigator (EC-Council) ♦ CEH Master — Certified Ethical Hacker (Practical) ♦ CEH v10, DFE, EHE — EC-Council $(connect) Always open to conversations on red teaming, vulnerability research, and building stronger offensive security programs. Reach out --> let's talk security.