~/psykick

Penetration Tester & Security Researcher

CRT, OSCP & CPSA-certified penetration tester delivering web, API, internal, cloud and Active Directory assessments for enterprise clients across the UK, EU and US — with a focus on full attack-chain exploitation, domain compromise and adversary simulation.

About MeView Writeups
$whoami

Dilip Prasad aka psykick

CRT, OSCP and CPSA-certified Penetration Tester with experience delivering web, API, internal, cloud and Active Directory assessments for enterprise clients across UK, EU and US sectors. Achieved 25+ full domain compromises and reported 20+ critical vulnerabilities (RCE, SSRF, auth bypass, IDOR), supported by recon automation, AD exploitation and high-impact reporting tailored to both engineering and leadership.

Learn more about me →
$ls writeups/

Latest Writeups

Image Upload Gone Wild: Blind SQLi to Superadmin

CRITICAL

Discovered blind SQL injection hidden in a filename through file upload, leveraged via second-order logic to escalate privileges to superadmin...

#Blind SQLi#Privilege Escalation
View all writeups →
$cat experience.txt

Experience & Skills

Professional Experience

  • • Penetration Tester — Securin Inc (2021–2023)
  • • Bug Bounty Hunter — Private Programs (2023–Present)
  • • Freelance Penetration Tester (2021)
  • • 25+ full domain compromises across enterprise AD environments
  • • 20+ critical vulnerabilities (RCE, SSRF, auth bypass, IDOR)

Certifications & Education

  • • CRT — CREST Registered Tester
  • • OSCP — Offensive Security Certified Professional
  • • CPSA — CREST Practitioner Security Analyst
  • • MSc Cybersecurity — University of Birmingham
  • • BSc Computer Science — SRM University
View full resume →
$cat stats.txt
25+
Domain Compromises
20+
Critical Vulnerabilities
3+
Years Experience
CRT • OSCP • CPSA
Certified