Skip to content
View tombstoneghost's full-sized avatar
💪
Training at fsociety
💪
Training at fsociety
46 followers · 64 following

Achievements

Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx2Achievement: Arctic Code Vault Contributor

Block or report tombstoneghost

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tombstoneghost/README.md

Hi there, I'm Simardeep Singh 👋

Penetration Tester · Red Team · Security Engineer · Conference Speaker

🛡️ About Me

  • 🔴 Specialising in Web App Pentesting, Network Pentesting, Active Directory Exploitation, and Red Team Operations
  • 🔬 Experienced in Mobile Security, Android Malware Analysis, Reverse Engineering, and Automotive Security
  • 🧠 3+ years delivering offensive security engagements — reported 15+ high-impact findings across web, network, and mobile platforms
  • 🛠️ Builder of AegisScan and Cyber-Arsenal47 — community tools for automated security testing
  • 🎤 Conference Speaker at BlackHat SecTor (2024 & 2025), BlackHat MEA 2024, PwnEd7 2025, BSides Kent & Birmingham 2026, Warsaw IT Days 2026
  • 🏫 MSc Cyber Security Engineering candidate — University of Warwick (2025–26)
  • 📝 Publishes security research and CTF write-ups on Medium

🚀 Projects & Tools

Tool Description Status
🔒 AegisScan Full-stack AI-enhanced web vulnerability scanner (React, Flask, MySQL, OWASP ZAP) with AI-driven result prioritisation BlackHat MEA 2024
🧰 Cyber-Arsenal47 High-performance network scanning & orchestration toolkit in Go and Python for comprehensive vulnerability assessments BlackHat SecTor 2024

📜 Certifications

Certification Provider Date
✅ Web Application Penetration Tester eXtreme (eWPTX) INE January 2026
✅ Cybersecurity Analyst (CySA+) CompTIA June 2025
✅ Practical Junior Mobile Tester (PJMT) TCM Security August 2024
✅ Practical Network Penetration Tester (PNPT) TCM Security August 2023

🎤 Speaking Engagements

  • BSides Birmingham 2026 · BSides Kent 2026 · Warsaw IT Days 2026
  • PwnEd7 2026 (University of Edinburgh)
  • BlackHat SecTor (Toronto) 2025SwitchWatch: Unified Threat Detection and Compliance Auditing for Cisco Networks
  • BlackHat MEA (Riyadh) 2024AegisScan – Advanced Web Vulnerability Analysis Tool
  • BlackHat SecTor (Toronto) 2024Cyber-Arsenal47 – An Automated Network Assessment Toolkit

🏆 Achievements

  • 🥈 2nd Place — University of Warwick TryHackMe CTF
  • 🥈 2nd Place — Hack The Box University Rankings
  • 🏅 Top 10 — CyberSOC Intake CTF
  • 🏆 Youngest Achiever Award — Hughes Systique (2024), recognised for automation and security contributions
  • 🛡️ Technical Team Member — BSides Dehradun (2024); CTF design, website development, and speaker coordination

🔧 Tech Stack

⚔️  Offensive:  Burp Suite · Metasploit · Nmap · SQLMap · Frida · JADX · IDA Pro · Ghidra · Volatility
🔍  Recon:      Nikto · Hashcat · John the Ripper · Wireshark · ADB · Netmiko
📐  Frameworks: OWASP Top 10 · MITRE ATT&CK · NIST CSF · SANS Top 25
💻  Languages:  Python · Go · Bash · PowerShell · JavaScript · C++ · Java · MySQL
☁️  Infra:      AWS · GitLab CI/CD · GitHub · Flask · React · Next.js · Kali Linux · Windows Server

📈 GitHub Stats

📫 Contact

🕒 Last Updated: May 2026

Pinned Loading

  1. TIWAP TIWAP Public

    Totally Insecure Web Application Project (TIWAP)

    HTML 176 69

  2. AegisScan AegisScan Public

    JavaScript 1

  3. cyber-arsenal47 cyber-arsenal47 Public

    An automated network assessment toolkit built using Python and Go

    Go 1