Aaditya Purani is an Independent Security Researcher. Aaditya’s primary areas of expertise are web application penetration testing, mobile application penetration testing, product security reviews, and source code review including reverse engineering.
He actively contributes to responsible disclosure programs and is included in the hall of fames for Google, Apple, and AT&T. Aaditya also participates in capture the flag (CTF) challenges and is one of the core team members of DCUA (DefCon-UA), which was the world’s leading white hat CTF team in 2016. As a researcher, his most famous findings include Brave Browser Address Bar Spoofing, WordPress Mobile Detector Code Execution, and Apple Beats Account Takeover. As a writer, Aaditya has authored articles for InfoSec Institute, Buzzfeed, Hackin9, and DailyO.
As a CTF player, he has successfully played more than 150+ CTFs overall from team dcua and emerged out as winner in BSides DFW, BSides SF and GCCS 2017 where he was also awarded by Prime Minister of India Hon. Narendra Modi & Prime Minister of Srilanka Hon. Ranil Wickremesinghe.
Aaditya worked as an iOS and PHP developer intern with Space-O Technologies. During this time, he developed TwitterMasher, an application that helps enterprises manage their social media presences. He was also a lead penetration tester at HackerLedge, where he consulted organizations on potential vulnerabilities. In 2017, he interned at Bishop Fox as security analyst & in 2018 summer he interned at Palo Alto Networks as a Threat Research Engineer. Apart from that, he is currently independently researching on blockchain security such as Ethereum Smart contract.
In his free time, you can find him either exploring new places, practicing photography, writing articles for magazine or hearing songs.