Abbytes delivers professional-grade cybersecurity services — from deep penetration testing to cloud hardening — for startups, enterprises, and organisations across the globe. CEH v12 certified. ISO 27001 Lead Auditor. 3+ years of real-world offensive security experience.
End-to-end offensive and defensive security expertise — delivered with precision, documented to industry standards, and available for remote engagements worldwide.
Web, mobile, API, and network pen tests using black-box, white-box, and grey-box methodologies. Real-world attack simulation to find vulnerabilities before adversaries do.
Comprehensive configuration reviews, compliance assessments, and risk & vulnerability assessments against CERT-IN, ISO 27001, OWASP, and SANS 25 baselines.
Full-scope adversary simulation across people, processes, and technology. Tests your entire security posture including social engineering and OSINT-driven attack paths.
Source code reviews with Fortify and Semgrep, plus dynamic application security testing — standalone or integrated into your CI/CD pipeline for continuous coverage.
AWS security assessments — IAM, network, storage, and logging configuration reviews. Container and CI/CD security reviews including Docker images and Kubernetes setups.
Internal and external network assessments, firewall and segmentation testing using Nmap, Nessus, and Wireshark — with clear, actionable remediation guidance.
Not sure which service fits your need?
Let's TalkI'm an Information Security Consultant with 3+ years of hands-on experience across offensive security, compliance audits, and digital forensics. I hold a CEH v12 certification and am a certified ISO/IEC 27001:2022 Lead Auditor.
I've executed comprehensive web, mobile, API, and network penetration tests — delivering actionable findings across black-box, white-box, and grey-box engagements. I've conducted AWS cloud security assessments (IAM, network, storage, logging), performed container and CI/CD security reviews, and carried out source code reviews for critical applications.
Every engagement comes with clear communication, thorough documentation, and findings prioritised by business impact — not just a wall of CVEs. I work remotely and am open to clients anywhere in the world.
Recognized with "Rising Star of the Year 2024" and "Client Champion 2025" for exceptional performance and seamless client engagement.
Security tools, research, and engagement highlights. More on GitHub.
AI-assisted automated security scanning platform for large-scale national cyber audit operations. Scans government domains for exposed credentials, PII, misconfigurations, and secret leaks using spaCy NER, OCR, and heuristic detection pipelines.
Authorized penetration test of a Flutter-based government mobile application. Overcame advanced SSL pinning through binary patching of the Flutter engine to disable BoringSSL certificate verification — enabling full traffic interception on ARM64.
Forensic analysis of Android phishing malware targeting electricity utility customers. Produced formal incident reports and APK analysis methodology documentation. Identified full attacker infrastructure and exfiltration mechanisms.
Automated Google Dorking tool for OSINT and reconnaissance — streamlines discovery of exposed files, login panels, sensitive directories, and vulnerable parameters across target domains during security assessments.
Open-source security projects built to educate, demonstrate attack techniques, and give newcomers a safe space to practise hacking legally.
A phishing simulation project that mimics a social platform's login flow — built purely for educational understanding of how credential phishing attacks are constructed, hosted, and detected. A practical reference for blue teamers and security researchers.
Security research, technical writeups, and practical guides on offensive security and emerging threats.
Binary patching libflutter.so to disable BoringSSL certificate verification when Frida gadget injection isn't viable — a deep technical walkthrough.
Read Article →Dissecting a malicious APK impersonating an electricity provider — infrastructure mapping, exfiltration mechanics, and defensive takeaways.
Read Article →Building an NLP and OCR-powered pipeline to automate detection of exposed credentials and PII across thousands of government domains.
Read Article →Looking for a security assessment, audit, or a quick consultation? I work with clients worldwide — reach out and I'll respond within 24 hours.