Om
Barot
Integrated M.Sc. in Cybersecurity & Forensics | Penetration Testing | Digital Forensics | Cyber Threat (EC-Council) | Passionate About Secure Tech Solutions
About Me
A proactive and detail-oriented cybersecurity professional with an Integrated Master's degree in Cybersecurity and Digital Forensics. I am deeply passionate about both offensive and defensive security, driven by a curiosity to understand, identify, and mitigate complex cyber threats. Through numerous intensive internships, I have cultivated hands-on experience across a broad spectrum of security domains. My expertise includes web and mobile application penetration testing, where I've identified and exploited vulnerabilities like SQL Injection and XSS , and network security, where I've analyzed traffic with Wireshark and configured firewalls. I also have practical skills in digital forensics, malware analysis , and OSINT investigations. I am proficient with a suite of industry-standard tools such as Burp Suite, Nmap, Metasploit, and Kali Linux, and I leverage my skills in Python and Java for security scripting and development. My academic journey at Gujarat University, where I graduated with First Class with Distinction, was enriched by my active involvement in the Malware and Digital Forensics clubs, allowing me to apply theoretical knowledge in practical CTF challenges. I am currently seeking a full-time role as a Cybersecurity Analyst, Penetration Tester, or Digital Forensics Investigator where I can apply my diverse skill set to protect critical information assets. I am always open to connecting with fellow security professionals!
Experience
Lexions Community
VAPT and Malware Associate
I volunteer as a VAPT and Malware Admin at Lexions Community, leading vulnerability assessments and targeted penetration tests to uncover security gaps, document risk, and recommend fixes aligned to best‑practice VAPT workflows from scoping through remediation validation. Responsibilities include running automated scans and manual exploitation where in‑scope, triaging and prioritizing findings, and publishing clear remediation guidance with measurable impact on risk reduction. On the malware side, duties cover tracking emerging threats, performing basic static/dynamic analysis, creating detection notes/signatures, and collaborating with incident response to validate indicators and harden defenses. The role emphasizes quantifying outcomes, knowledge sharing, and continuous learning to keep pace with evolving vulnerabilities and malware tactics while supporting the community’s secure operations.
Skill Horizon
Cyber Security Intern
Gained hands-on experience with: • Installing & configuring Kali Linux, Burp Suite, and security browser add-ons. • Practicing Linux commands and scripting for automation. • Networking basics & practical labs. • Conducting information gathering and scanning using tools like Nmap, Nikto, Dirb. • Practicing content discovery and vulnerability scanning. • Exploiting web applications using Burp Suite. • Performing SQL Injection (SQLi) and Cross-Site Scripting (XSS) attacks. • Automating SQL injection with SQLMap. • Executing brute-force login attacks with Hydra. • Learned and applied OWASP Top 10 vulnerabilities with a focus on mitigation techniques. • Developed skills in offensive security testing, vulnerability assessment, and exploitation techniques.
JD INFOTECH
Cyber security Intern
• Conducted OSINT investigations using tools like Sherlock, WhatsMyName, and ExifTool to identify exposed digital footprints and metadata leaks. • Performed technology fingerprinting and subdomain enumeration using WhatWeb, Wappalyzer, Nmap, Amass, and Subfinder to analyze target infrastructure. • Practiced manual and automated SQL Injection exploitation using Burp Suite and SQLMap to understand database-level vulnerabilities. • Gained hands-on experience in reconnaissance, enumeration, and web vulnerability assessment techniques. • Documented findings and proposed mitigation strategies aligned with OWASP Top 10 security principles. • Strengthened technical proficiency in ethical hacking, secure web development, and information gathering.
Intern Intelligence
Cyber Security Intern
• Gained practical experience in identifying, exploiting, and mitigating common web and mobile application vulnerabilities. • Conducted vulnerability assessments on insecure-by-design applications using ethical hacking techniques in a controlled lab environment. • Applied OWASP Top 10 principles to detect and patch issues such as injection flaws, insecure authentication, and improper access controls. • Reviewed and analyzed insecure source code to identify logic flaws and hardcoded secrets in Android applications. • Strengthened skills in secure coding, input validation, and secure data storage across both client-side and server-side environments. • Developed documentation and proof-of-concept reports to demonstrate exploit scenarios and provide remediation strategies.
JAGSPIRE
Cyber Security Intern
• Conducted hands-on exploitation and analysis of vulnerable web applications to understand common web-based attack vectors and secure coding practices. • Configured Windows Defender Firewall with custom rules to filter traffic based on specific ports and IP addresses, enhancing endpoint security. • Captured and analyzed network traffic using Wireshark to detect suspicious activities and understand protocol behaviors. • Gained practical skills in system hardening, traffic monitoring, and rule-based access control. • Developed a better understanding of web security, network defense, and packet-level inspection aligned with real-world cyber threat scenarios.
Education
Gujarat University
Integrated Masters of Science in Information Technology
Cyber security and Forensics
Languages
Projects
Image Malware Forensics Tool
Built a Python-based forensic tool to detect embedded malicious scripts and hidden artifacts within image files, applicable to both local images and scraped web content. Implemented web scraping capabilities using Playwright and BeautifulSoup to fetch images from target websites; also supported local file analysis through a dedicated scanning module. Incorporated multiple detection mechanisms, including: Metadata & binary analysis for hidden payloads (e.g., webshells, XSS, shellcode) Regex-based pattern matching via a configurable Patterns.json Entropy filtering using Shannon entropy to identify obfuscated content MITRE ATT&CK mapping, aligning detected threats to techniques such as T1059.007 (JavaScript execution) and T1027 (obfuscated files and information) Leveraged an AI-powered explanation layer (using Gemini API) to interpret and explain suspicious findings in plain language. Designed with forensic best practices in mind: Linux-only deployment, safe sandboxed operation, and ethical usage warnings clearly outlined. Tools & Techniques: Python, Playwright, BeautifulSoup, regex, Shannon entropy, Gemini API, MITRE ATT&CK frameworks.
Certifications
Certified Associate Penetration Tester (CAPT)
Hackviser
AWS Security Fundamentals Second Edition
Amazon Web Services (AWS)