Cyber Background

STATUS: SEC_RESEARCH // ACTIVE

Viral
Vaghela

I

Senior Security Researcher at Zscaler. Specializing in offensive operations, red teaming, and architecting resilient cloud infrastructure. Converting vulnerabilities into strategic defense assets.

View Operations Read Source

Featured & Recognized In

TechCrunch India Today MoneyControl BOOM Live Times Now Varindia & Many Others
135M+ Taxpayer Records Protected
100K+ Developers Mentored
10+ Critical Disclosures
50+ Security Acknowledgements

01. Discovery _

I’m a Senior Security Researcher at Zscaler based in Bangalore, but my roots are in the terminal. I don't just scan for vulnerabilities; I think like an attacker to build defenses that actually hold up. Most of my day is spent leading AI/LLM Red Teaming engagements—simulating everything from prompt injections to model poisoning.

Beyond the security research, I’m a technical content creator helping a community of 100K+ learners at @Viral_Codes navigate programming, Open Source, and cybersecurity. My goal is to bridge the gap between complex offensive security and the developers building the next generation of tech.

3+

Years Industry Exp

50+

Global Acknowledge

Viral Vaghela Profile

Viral Vaghela

Senior Security Researcher

02. Laboratory _

OS & Environment

Kali Linux Custom Zsh WSL2

Offensive Sec

Burp Suite Pro Metasploit Nuclei SQLMap Wireshark Nmap

Infrastructure

AWS GCP Docker Github Action

Hardware Ops

Learning Pipeline

Exploring RF security and hardware-based attack vectors as an active research focus.

Flipper Zero Proxmark3 Raspberry Pi 5 Rubber Ducky

Development

Python Golang Node.js Dart / Flutter C/C++

AI & GenAI Sec

Prompt Injection Adversarial Input MITRE ATLAS Model Auditing RAG Security

2020 — 2023

BE in Computer Science

Gujarat Technological University // CGPA: 8.06

2016 — 2019

Diploma in Computer Engineering

Government Polytechnic Bhuj // CGPA: 9.42

03. Zero-Days _

A curated ledger of published CVEs, critical infrastructure disclosures, and independent security research. Each entry represents a verified threat identified through deep offensive analysis and responsible disclosure protocols.

Advisory ID Target / Product Attack Vector Severity Action
GOV-IN-TAX-IDOR Exclusive Discovery
Income Tax e-Filing Portal
#IDOR #DATA_LEAK
9.8 CRITICAL
MED-IN-APOLLO-PII Vulnerability Disclosure
Apollo Hospitals (Group)
#PII_LEAK #HEALTHCARE
9.0 CRITICAL
CVE-2026-21892 Released: Jan 2026
Parsl Framework
#SQL_INJECTION
CRITICAL
CVE-2025-66401 Released: Dec 2025
MCP-Watch Monitor
#RCE #CMDI
CRITICAL
GSA-INTERNAL-04 In Progress
Enterprise SSO Gateway
#AUTH_BYPASS
HIGH RISK

04. Operations _

SEPT 2024 — PRESENT

Zscaler

Senior Security Researcher

AI/LLM RED TEAMING / GENAI DEFENSE

  • Leading AI/LLM Red Teaming engagements simulating prompt injection, data exfiltration, and adversarial input attacks on internal GenAI products.
  • Developing automated attack simulations to improve security of critical infrastructure and AI-integrated systems.
  • Optimized custom OSINT frameworks to accelerate threat detection and refine risk assessment workflows.

JAN 2024 — SEPT 2024

Zscaler

Security Researcher

VAPT / OFFENSIVE OPS

  • Disclosed 15+ critical risk reports to AppSec teams, directly influencing patch rollout priorities and architecture hardening.
  • Performed deep VAPT on Web, Mobile, APIs, and Infrastructure targeting high-value enterprise assets.

2022 — PRESENT

Independent

Bug Bounty Hunter

VULNERABILITY DISCOVERY & DISCLOSURE

Recognized by 50+ organizations for responsible disclosure of critical flaws. Special focus on large-scale data breaches and AI vulnerabilities.

DATA DISCLOSURE // GOVT OF INDIA

Exposed critical data breach in the IT Dept exposing 135M+ citizen records. Covered by TechCrunch & India Today.

PII LEAK // APOLLO HOSPITALS

Identified major breach exposing medical records/PII; featured in BoomLive for cybersecurity impact.

Official Hall of Fame Acknowledgements

Google
Cambridge
Vodafone
Groww
Airtel
Shaadi.com

2022 SEPT — DEC

Finlegal

Security Intern

PENETRATION TESTING

Conducting security audits on fintech applications. Identified core logic flaws in payment gateways using manual exploitation and proxy interception.

05. Open Source _

Flutter Insta

A powerful Dart package for gathering account data from Instagram. Fetches profile details, image URLs, and complex metadata without the need for scrapers or official API keys.

#DART #OSINT #PUB_DEV
140+ LIKES

CyberCop

A specialized OSINT mobile app developed for police and cyber crime investigators. Enables precise geolocation tracking via short-URLs, device forensics, and car/IMEI lookups.

#FLUTTER #POLICE_TECH #OSINT
1000+ DOWNLOADS

Secret Finder

Python-based engine for detecting hardcoded API keys, tokens, and PII in Android APKs. Leverages advanced pattern matching and entropy analysis.

#PYTHON #REVERSING
100+ RESEARCHERS

Netguard

Network monitoring utility designed to analyze outgoing traffic behavior. Integrates VirusTotal API for real-time malicious activity detection, cross-referencing outbound IP destinations against global threat intelligence.

#PYTHON #THREAT_INTEL #NETWORK_SEC
[ VIEW ALL DIRECTORIES AT GITHUB ]

06. Intelligence _

15 Creative & Advanced XSS Exploits

An in-depth exploration of sophisticated Cross-Site Scripting techniques that bypass modern filters and security headers.

#WEB_SEC #XSS #RESEARCH

ADB & Android Multi-user

Analyzing the security implications of Android's multi-user feature when accessed via ADB and potential data leakage points.

#ANDROID #ADB #MOBILE_SEC

Exploiting Personal Setups

A case study on how individual developer environments can be used as a pivot point to compromise enterprise infrastructure.

#RED_TEAM #OSINT #OPS
[ VIEW ALL FIELD REPORTS AT MEDIUM ]