Security Researcher // mir4vel

Vikram
Prasad.

Penetration tester & GRC consultant at PwC Malaysia.
Breaking web apps, chasing CTFs, poking things that shouldn't be poked.

View Work Get In Touch
mir4vel@kali ~
mir4vel@kali:~$ 
01

About

Cybersecurity consultant at PwC Malaysia, delivering end-to-end offensive security engagements for major Malaysian financial institutions. Day job covers web, mobile, API, and WiFi pentesting, red teaming, assumed-breach, and purple team exercises. Also served as L1 SOC analyst and VAPT team lead on selected engagements. Outside of client work: CTF challenges, hardware protocol research, and building AI-assisted pentest workflows. Graduated with First Class Honours in Computer Science (Cyber Security) from APU.

Web App VAPT Red Teaming Active Directory Purple Team Burp Suite Nessus BloodHound Metasploit Kali Linux MITRE ATT&CK OWASP Python
Download my resume here
↓ Download Resume
02

Projects & CTF

CTF · HARDWARE
NMEA 2000 / CAN Bus Spoof
Fuel level & autopilot manipulation on a Simrad marine network. PGN injection via socketcan impersonating a Lowrance device. Targeted PGN 127505 and 127250.
can-utilssocketcanNMEA 2000Kali
RED TEAM · FINANCIAL
External Red Team — Large Bank
End-to-end external threat scenario on internet-facing assets. Identified exploitable weaknesses across web and API surface, delivered risk-based remediation to stakeholders.
OSINTBurp SuiteNmapMITRE ATT&CK
PURPLE TEAM · AD
Assumed Breach — Active Directory
Assumed-breach and purple team engagements inside AD environments. Collaborated with Blue Teams to assess detection visibility, incident response, and attack path exposure.
BloodHoundMimikatzCrackMapExecPowerView
TOOLING · AI
AI-Assisted Pentest Workflow
Built a white-box web testing pipeline using Claude API on Kali Linux with n8n automation. Four-phase recon-to-report workflow for faster VAPT cycles and report generation.
PythonClaude APIn8nKali
03

Posts

Coming soon
Spoofing Fuel Levels on a Marine CAN Bus Network
How I used socketcan and PGN injection to manipulate a Simrad marine network during a CTF — and what it taught me about ICS/OT attack surfaces.
HARDWARECTFICS
Coming soon
Building an AI-Assisted Pentest Workflow on Kali
How I integrated Claude API and n8n to automate parts of a web application VAPT — from recon to report generation.
TOOLINGAIAUTOMATION
Coming soon
Purple Teaming in Malaysian Financial Institutions
Lessons learned from running assumed-breach and purple team engagements in heavily regulated financial environments — what detection looks like from the attacker's side.
RED TEAMPURPLE TEAMAD

// Posts coming soon — writeups and research dropping here.

04

Certifications

Certified Red Team Professional (CRTP)
Altered Security
eLearnSecurity Web Application Penetration Tester (eWPT)
INE Security
eLearnSecurity Junior Penetration Tester (eJPT)
INE Security
Microsoft Azure Fundamentals (AZ-900)
Microsoft
05

Contact

EMAIL
vikramprasad249@gmail.com
LINKEDIN
/in/vikramprasad
GITHUB
vikram249