Aaditya Purani is a Security Engineer at Amazon Web Services (AWS) where he leads collaborative pentesting efforts, develops tooling for fellow testers, and drives shift-left initiatives to scale and enhance security testing. Aaditya’s primary areas of expertise are web/mobile/blockchain application penetration testing, product security reviews, and source code review including reverse engineering. Previously, he was a Senior Security Engineer at Tesla for 3 years.

He actively contributes to responsible disclosure programs and is included in the hall of fames for Google, Apple, and AT&T. Aaditya also participates in security capture the flag (CTF) from Perfect Blue (now: Blue Water)  which is globally ranked top-1 CTF team and is one of the founding members of UTC (United Texas Coalition). As a researcher, his most famous findings include BTCPay Pre-Auth RCE, Mattermost RCE, and Akamai Zero Trust RCE. As a writer, Aaditya has authored articles for InfoSec Institute, Buzzfeed, Hackin9, and DailyO. He also has 22 CVEs attributed to his findings.

He was awarded by Hon. Prime Minister of India Narendra Modi and Hon. Prime Minister of Srilanka Ranil Wickremesinghe in 2017 for winning a global event GCCS 2017 hacking CTF.

Aaditya has 6 years of industry working experience as a senior security engineer with top companies like Bishop Fox, Palo Alto Networks, Tesla and Amazon Web Services (AWS). He has been active in security community since 12 years.

Aaditya enjoys doing research & development into offensive and niche appsec subjects. He has also spoken about his collaborative research (“ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron”) at most prestigious cyber-security conferences:
– Black Hat USA 2022 [Video]
– DEFCON 30 [Video]

Aaditya has also been interviewed by Forbes, Reuters, and Vice. As an SME in cybersecurity, Aaditya has built a following of 7,000 on X (formerly Twitter), where he shares insights and developments in the field.