IDX / 00

● INTRO

IN · JPR

Aditya Soni/ hetroublehacker breaks things, responsibly.

ROLEProduct Security Analyst · HackerOne

FOCUSWeb / API / Mobile VAPT

CVE2020‑28726 · 2020‑2872

TALKSBSides · PHDays · HackWithIndia

SPEC / 01Web & API

SPEC / 02VAPT

SPEC / 03CVE Research

SPEC / 04Threat Modeling

SPEC / 05Program Triage

SPEC / 06Disclosure

01 / ABOUT

Profile —
six years, deep in the stack.

From triage queues to conference stages. From CVEs to curriculum.

Product Security Analyst with 6+ years across application security, bug bounty operations and vulnerability research on global platforms.

Specialised in identifying high‑impact web and API vulnerabilities, validating real‑world exploitability, and driving structured remediation using CVSS and risk‑based models.

Recognised CVE contributor and conference speaker — actively contributing to the community through research, workshops, and a 50,000+ strong audience under the HeTroubleHacker brand.

Now: Product Security Analyst, HackerOne (Dec 2021 → present)
Prev: Security Analyst, Safe Security (2019 → 2021)
Solo: Independent Security Researcher (2019 → present)

HoF: Google · Apple · Microsoft · Adobe · Ford · Synology · RedBus · UN Women
Edu: BCA — University of Rajasthan, 2022
Role: Official HackerOne Brand Ambassador, North‑India

Tools: Burp Suite · Nmap · Metasploit · SQLmap · ZAP · Wireshark
Lang: Go · Python · Bash · JavaScript
Frmw: CVSS v3.1 / v4.0 · OWASP Top 10 · MITRE ATT&CK

02 / TALKS

Selected talks —
stage & community.

A working bibliography of research shared in public.

T / 01

Cache CuisineWeb cache poisoning, exploited end‑to‑end.

BSides Jaipur

2024

T / 02

Triager's BTSHow hackers can improve their next bug bounty report.

HackWithIndia

2026

T / 03

Real‑world vulnerability researchApplication‑layer threats & responsible disclosure.

Positive Hack Talks

2024

T / 04

Bug Bounty & Application SecurityUniversity workshop on end‑to‑end hunting workflows.

Poornima University

2023

03 / WRITING

Notes & write‑ups.

Long‑form research on Medium, video breakdowns on YouTube.

● ORIGINAL RESEARCH

04 / COMMUNITY

HeTroubleHacker —
a public notebook.

50,000+ across platforms. Research · workshops · behind‑the‑scenes.

50K+Audience across platforms

Medium@hetroublehacker · research & write‑ups

READ →

YouTubeHeTroubleHacker · hacks & talks

WATCH →

Instagram@HeTroubleHacker · bounty content, BTS

FOLLOW →

HackerOnehetroublehacker · community researcher

VIEW →

Bugcrowdhetroublehacker · community researcher

VIEW →

Intigritihetroublemak3r · community researcher

VIEW →

05 / CONTACT

Let's talk —
[email protected]

EMAIL[email protected]

LINKEDIN/adtyasoni

GITHUB@hetroublehacker

BASEDJaipur, India · IN

● PORTFOLIO 2026 PRODUCT SECURITY · RESEARCH · DISCLOSURE JAIPUR · IN IDX / 00 — 05

Aditya
Soni.

HANDLEhetroublehacker

ROLEProduct Security Analyst

SINCE2019 · 6+ yrs

CONTACT[email protected]

01 / ABOUT

Profile.

INDEX — RESEARCH & DISCLOSURE

Product Security Analyst with 6+ years across application security, bug bounty operations and vulnerability research. Specialised in high‑impact web and API vulnerabilities, real‑world exploitability, and structured remediation using CVSS. Recognised CVE contributor, conference speaker, and community builder under HeTroubleHacker.

NowHackerOne · Product Security

PrevSafe Security · 2019–2021

CVE2020‑28726 · 2020‑2872

HoFGoogle · Apple · Microsoft · Adobe · Ford

02 / TALKS

Stage index.

4 ENTRIES · 2023 → 2026