Security Researcher · Educator · Builder

Think Like an Attacker. Secure Like a Pro.

Security Research Professional specializing in enterprise networks, web apps, Active Directory, cloud, and mobile security. Built to find what others miss — and document every step so the community stays ahead of the threat.

Enterprise Network Pentesting Web App VAPT Active Directory Cloud Security Auditing Mobile Pentesting Vulnerability Assessment
Read My Research ZeroDayLearn → Store →
Kavin Kumar
Kavin Kumar
Security Researcher · Enterprise Security
Open to collab
Enterprise Network Pentesting
Web Application VAPT
Active Directory Assume Breach
Cloud Security Auditing
Mobile Pentesting (Android & iOS)
GitHub LinkedIn X
100+
Projects Worked
500+
Bugs Identified
75+
P1 Findings
Let's Collab!
Awareness Sessions
Latest Writeups
All writeups →
★ FEATURED
Java Deserialization RCE via Excel Import — NT AUTHORITY\SYSTEM
An Import/Export feature accepting XML files led to a Java deserialization vulnerability. By crafting a malicious XML payload using ProcessBuilder, I achieved remote code execution as NT AUTHORITY\SYSTEM.
Web Application Nov 14, 2025 · 10 min read
Code Review Apr 21, 2026
Code Review: Insecure Direct Object Reference — Accessing Any User's Data
A profile endpoint that fetched user data by ID from the request parameter — with no ownership check — allowed any authenticated user to read any other user's private information.
idorbroken-access-controlnodejscode-reviewweb
6 min read
Code Review Apr 20, 2026
Code Review: Server-Side Request Forgery via Unvalidated URL Fetch
A webhook testing feature that fetched user-supplied URLs with no validation allowed an attacker to proxy requests through the server — reaching internal services, cloud metadata endpoints, and sensitive infrastructure.
ssrfnodejswebhookcloudcode-review
7 min read
Ecosystem
Education
ZeroDayLearn.com
Cybersecurity & AI training built by someone who actually does the work. Practical, hands-on, no fluff.
zerodaylearn.com ↗
Merch
Kav1n Store
Hacker-culture apparel and gear. Tees, hoodies, and gear that means something if you know, you know.
store.kav1n.com ↗
Open Source
Tools & Research
Scripts, PoC exploits, and analysis tools from active research. Free to use, built to learn from.
github.com/kav1n ↗
Stay in the Loop

New writeup? New tool?
You'll hear about it first.

No noise. Just a short email when I publish something worth reading — new research, writeups, and courses on ZeroDayLearn.

No spam. Unsubscribe anytime.
About
Kavin Kumar
Kavin Kumar
Security Researcher · Enterprise Security
Security Researcher with hands-on expertise in VAPT across enterprise networks, web applications, Active Directory, cloud infrastructure, and mobile platforms. Founder of ZeroDayLearn.com, a cybersecurity and AI training platform built on real-world research, not textbooks. The research funds the teaching. The teaching sharpens the research. Because real skills aren't built in classrooms. They're built in the field, by people who've actually broken things.
X GitHub LinkedIn Email