Home About Experience Hall of Fame Certifications Talks & Sessions Content Creation Education Blogs Contact
Pratik Dabhi

> Hello, World!

I'm Pratik
Dabhi

Security Consultant @ Deloitte USI  ·  Penetration Tester  ·  Bug Bounty Hunter  ·  Synack Red Teamer  ·  YouTuber (26K)  ·  Instagram (52K)  ·  Speaker

PNPT eWPTXv2 eCPPTv2 CEH Master Burp Suite CP 100+ Companies Secured 5+ Years Experience

// 02. about

About Me

I'm a passionate Cyber Security professional with 5+ years of professional experience as a Security Consultant at Deloitte USI. I specialise in Web Application, API, Mobile (Android & iOS), Network, and Thick Client penetration testing — delivering end-to-end security assessments for global enterprise clients.

I conduct Architectural Reviews and Secure Code Reviews, and produce clear, risk-rated vulnerability reports (CVSS/OWASP) for executive and technical audiences. My toolkit includes Burp Suite, Metasploit, Nmap, Nessus, Fortify, WebInspect, HCL AppScan, Frida, MobSF, and Kali Linux.

As an active Bug Bounty Hunter, I'm a member of the elite Synack Red Team, ranked Top 250 on Bugcrowd, Top 50 on Yogosha, and Top 100 on YesWeHack. I've responsibly disclosed vulnerabilities across 100+ organisations and earned Hall of Fame recognitions from Microsoft, Apple, Google, Nokia, Intel, Pinterest, and more.

Download Resume
5+
Years Professional Experience
100+
Companies Secured
Top 250
Bugcrowd All-Time
78K+
Social Media Followers

// 02b. skills

Core Skills

Penetration Testing

Web Application API Mobile (Android/iOS) Network Thick Client

Security Tools

Burp Suite Metasploit Nmap Nessus Fortify WebInspect HCL AppScan Frida MobSF Kali Linux

Competencies

VAPT Code Review Threat Modelling Bug Bounty Risk Assessment Client Reporting

// 03. experience

Experience

Deloitte USI Current
Security Consultant — Solution Delivery Associate
May 2023 – Present · Pune

Lead end-to-end penetration testing engagements across Web Applications, APIs, Mobile (Android/iOS), Network, and Thick Client environments for global enterprise clients. Conduct Architectural & Secure Code Reviews. Deliver risk-rated reports (CVSS/OWASP) for executive and technical audiences; drive remediation verification and client engagement throughout the lifecycle.

Deloitte USI
Security Analyst — Cyber & Strategic Risk Advisory
Jul 2021 – May 2023 · Pune

Performed manual & automated penetration tests on Web Applications and APIs; identified injection flaws, authentication bypasses, and business logic vulnerabilities. Conducted Secure Code Reviews; collaborated closely with client teams on risk prioritisation and remediation.

Deloitte USI
Technology Analyst
Jan 2021 – Jun 2021 · Hyderabad

Web Application & API Penetration Testing with structured vulnerability reporting and PoC documentation.

Synack Red Team Elite
Red Team Member
Apr 2020 – Present

Selected member of Synack's elite private programme — conducting high-impact security assessments across curated enterprise targets worldwide.

Bug Bounty Platforms
Bugcrowd · YesWeHack · HackerOne · Yogosha
2018 – Present

Top 250 Bugcrowd Top 50 Yogosha Top 100 YesWeHack

Responsibly disclosed critical vulnerabilities (Account Takeover, IDOR, Privilege Escalation, XSS, LFI) across 100+ organisations globally. Hall of Fame recognitions from Microsoft, Apple, Google, Nokia, Intel, Pinterest, Dell Technologies, and more.

Gurugram Police — Cyber Security Internship
Security Intern
Jun 2018 – Jul 2018

Cyber security summer internship under Mr. Rakshit Tandon — Cyber Security Expert & Consultant, Internet and Mobile Association of India.

HackersEra Cyber Security Consultancy, Pune
Security Intern
Jun 2019 – Jul 2019

Web Application Penetration Testing under guidance of Mr. Vikas Choudhary.

// 04. hall of fame

Hall of Fame & Responsible Disclosure

Recognised by the following organisations for responsibly disclosing security vulnerabilities:

Microsoft Apple Google Nokia Intel Pinterest Dell Technologies Hotstar MasterCard NCIIPC (Indian Govt.) Blackberry Adobe Red Hat Canva Oneplus Udacity EDx Practo HackerRank HackerEarth Techgig GeeksForGeeks Flock Pusher Transifex Airmap Edmodo Health Unlocked FindFriendSocial 50+ Private Programmes

// 05. certifications

Certifications & Achievements

Practical Network Penetration Tester (PNPT) NEW
TCM Security
eWPTXv2 — Web Application Penetration Tester eXtreme
eLearnSecurity
bac70cec-cb3e-489f-a0d4-01f246947768
eCPPTv2 — Certified Professional Penetration Tester NEW
eLearnSecurity
Burp Suite Certified Practitioner NEW
PortSwigger
Certified Ethical Hacker Master (CEH Master)
EC-Council
ECC8691573204
eJPT — Junior Penetration Tester
eLearnSecurity
7008916
Certified Network Security Practitioner (CNSP)
The SecOps Group
Certified Cloud Security Practitioner — AWS (CCSP-AWS)
The SecOps Group
Red Hat Certified System Administrator (RHCSA)
Red Hat
150-078-095
Bugcrowd P1 Warrior — Q4 2019 & Q1 2020
Bugcrowd
CompTIA Strata IT Fundamentals
CompTIA
OMP001020799537
Certified Secure Computer User (CSCU)
EC-Council
ECC21294888609

// 06. talks & sessions

Talks & Sessions

Ganpat University — Feb 2019

Delivered a talk on Penetration Testing and Bug Bounty Hunting to students and faculty.

Hackers Meetup — April 2020

Delivered a talk on Penetration Testing and Bug Bounty at the Hackers Meetup organised by Comexpo Cyber Security.

Bitten Tech — Bug Bounties for Beginners

Online talk on getting started in Bug Bounty Hunting for the security community.

Watch Talk

Technical Navigator — Bug Bounties for Beginners

Online session on Bug Bounty Hunting fundamentals for aspiring security researchers.

Watch Talk

// 07. content creation

Content Creation

📺
YouTube
26K
Subscribers · Since 2015
Penetration Testing tutorials, Bug Bounty writeups, CTF walkthroughs, and Cyber Security concepts explained simply.
Visit Channel ↗
📸
Instagram
52K
Followers · @i.m.pratikdabhi
Daily Cyber Security tips, tool highlights, security news, and behind-the-scenes of Bug Bounty hunting.
Follow ↗
✍️
Medium
Blogs
@impratikdabhi
In-depth Bug Bounty writeups, vulnerability walkthroughs, and beginner guides for ethical hacking.
Read Blogs ↗

// 08. education

Education

M.Sc. Digital Forensics & Information Security

National Forensic Sciences University (NFSU)
2019 – 2021

Bachelor's in Computer Science

Ahmedabad University — School of Computer Studies
2016 – 2019

Senior Secondary (High School)

St. Xavier's High School
2009 – 2014

// 09. blogs

Blogs & Writeups

Read all writeups on Medium ↗

XSS Microsoft

Reflected XSS on Microsoft.com via Angular JS Template Injection

Read on Medium ↗
Open Redirection

Open Redirection Leads to a Bounty

Read on Medium ↗
IP Theft

A Picture That Steals Your Data — A Tale of IP Theft

Read on Medium ↗
CTF Guide

How to Get Started in CTF | Complete Beginner Guide

Read on Medium ↗
Ethical Hacking

How to Get Started in Ethical Hacking

Read on Medium ↗
Bug Bounty

How to Get Started into Bug Bounty

Read on Medium ↗

// 10. contact

Get in Touch

Website

pratikdabhi.com
Find me on
Twitter / X Instagram LinkedIn YouTube Medium Bugcrowd YesWeHack