Hello & Welcome
I Am Piyush Paliwal
Download CVAbout Me
*
I'm an independent security researcher and bug bounty hunter who loves breaking things — and an embedded & robotics tinkerer who loves building them. I go after impactful, logic-driven vulnerabilities, not checklist findings.
Piyush Paliwal
Hello! I'M Piyush Paliwal.
I’ve been hunting bugs since 2019 — 300+ vulnerabilities reported across bug bounty programs and security engagements, spanning web apps, APIs, networks and Windows Active Directory. Recently I discovered and disclosed CVE-2026-43935, a pre-authentication account takeover in the e107 CMS (CVSS 8.1). I’m OSCP, CNPen and TryHackMe PT1 certified. When I’m not breaking software, I’m tinkering with embedded electronics and building robots.
90%
85%
80%
70%
80%
70%
My Projects
*
Security tooling & scripts I’ve built — all open source on GitHub.
SeBackup-Privilege
Tooling to abuse the Windows SeBackupPrivilege for privilege escalation / sensitive file extraction.
Subhunt
Subdomain enumeration helper for recon during pentests and bug bounty.
Mass-XSS
Script to test a large list of URLs for cross-site scripting at scale.
prototype-polluter
Utility for detecting and exploiting prototype pollution.
Achievements & Certifications
*
Disclosed vulnerabilities, talks and credentials.
Achievements
CVE-2026-43935
Host header injection in the e107 CMS password-reset flow → pre-auth account takeover. CVSS 8.1 (High), patched in e107 2.3.4 with attribution.
May 2026
Speaker @ The Hackers Meetup
Surat Chapter — spoke on offensive security.
Apr 2024
Certifications
OSCP
Offensive Security Certified Professional — OffSec
Jul 2024
CNPen
Certified Network Pentester — The SecOps Group
Mar 2024
Junior Penetration Tester (PT1)
TryHackMe
Aug 2025
Recent Blogs
*
Write-ups and notes from my security & dev journey on Medium.
Get in TOUCH
*
Hola! I’m from India. Feel free to use the contact form below to reach out to me, or drop me an email.
Email me at
piyushthepal@gmail.com