# Suman Roy – Offensive Security Consultant & Researcher

## Identity
**Suman Roy** is an **Offensive Security Consultant**, **Certified Ethical Hacker (CEH)**, and **Security Researcher** serving clients **across India and internationally**, delivering professional penetration testing and security consulting to a **global clientele**. 

Based in **India** with expertise serving major tech hubs including **Mumbai, Bangalore, Delhi NCR, Hyderabad, Pune, Kolkata**, and international markets in **USA, UK, Singapore, UAE, Europe, and Asia Pacific**.

He specializes in **web application security**, **API pentesting**, **network & Active Directory assessments**, and **vulnerability research**.  
Suman has secured **25+ government organizations**, published **one GHSA advisory**, and has **multiple CVEs under disclosure review**.

He operates a modern, independent **security consulting practice**, providing **100% remote** high-quality, manual VAPT services tailored for **enterprises, startups, and government systems worldwide**.

## Core Competencies
- **Web Application Penetration Testing (OWASP Top 10 + Business Logic Abuse)**
- **API Security Testing** (BOLA/BFLA, token exploitation, GraphQL)
- **Network & Active Directory Security Assessments**
- **Secure Code Review** (Python, Go, JavaScript, Java, PHP)
- **Malware Analysis & Reversing** (MobSF, Ghidra)
- **Exploit Development & Vulnerability Research**
- **Cloud Security Fundamentals** (AWS/Azure basics)
- **IoT Device Security Testing**
- **DevSecOps Alignment & CI/CD Security**

## Key Projects (Open Source)
- **VALAK** – Multi-language password/Hash tool designed for red teams; supports encryption, obfuscation, and modular payloads.
- **ReconFavicon** – OSINT reconnaissance tool that identifies technologies, apps, and infrastructure using favicon hashing.
- **Xposed** – High-speed automated scanner for detecting exposed `.git` repositories and misconfigured endpoints.
- **PRISM** – Pentesting reporting tool for structured vulnerability documentation.
- **Nmap XML Visualizer** – Web-based interactive dashboard for viewing Nmap results.

## Research & Publications
- **GHSA Advisory:** pdfminer.six — GHSA-f83h-ghpp-7wcc  
- **Pending CVEs:** Several vulnerabilities currently undergoing review and coordinated disclosure.
- **Scam Investigation:** Deep-dive OSINT + exploitation case study on digital scam operations.  
  Link: *Scam Chronicles – Reward Points Scam Investigation*
- **CTF Writeups:** Full archive of CTF challenges and exploit paths documented for training and education.

## Contact & Socials
- **Email:** secureme@sumanroy.in
- **GitHub:** https://github.com/sumanrox
- **LinkedIn:** https://linkedin.com/in/sumanroy-security

## Site Structure (SEO Friendly)
- **Home** – Hero section, profile summary, and core positioning.
- **Services** – Comprehensive overview of pentesting, code review, security consulting, and research services.
- **Experience** – Professional background, government engagements, certifications, and milestones.
- **Work** – Case studies, vulnerability research, writeups, and audit highlights.
- **Projects** – Open-source security tools and contributions.
- **Blog** – Security tutorials, exploit insights, methodology notes, and research breakdowns.
- **Contact** – Consultation booking, email, and availability.