Security Researcher // mir4vel

Vikram
Prasad.

Pentester @ PwC Malaysia. Into red teaming, hardware, CAN bus, radio, and whatever looks interesting enough to break.

View Work Get In Touch
mir4vel@kali ~
mir4vel@kali:~$ 
01

About

I work at PwC Malaysia breaking stuff for a living — web apps, APIs, Active Directory, the whole thing. Done red teaming, purple team, assumed breach, SOC work. Led a few engagements too. Outside of work I'm into CTFs, hardware hacking, CAN bus, radio protocols, and building tools that make pentesting less painful. First Class in Cyber Security from APU, not that it matters much when you're elbow deep in a CAN frame.

Web App VAPT Red Teaming Active Directory Purple Team Burp Suite Nessus BloodHound Metasploit Kali Linux MITRE ATT&CK OWASP Python
Resume Full work history, skills & certifications
↓ Download Resume
02

Posts

Coming soon
Spoofing Fuel Levels on a Marine CAN Bus Network
How I used socketcan and PGN injection to manipulate a Simrad marine network during a CTF — and what it taught me about ICS/OT attack surfaces.
HARDWARECTFICS
Coming soon
Building an AI-Assisted Pentest Workflow on Kali
How I integrated Claude API and n8n to automate parts of a web application VAPT — from recon to report generation.
TOOLINGAIAUTOMATION
Coming soon
Purple Teaming in Malaysian Financial Institutions
Lessons learned from running assumed-breach and purple team engagements in heavily regulated financial environments — what detection looks like from the attacker's side.
RED TEAMPURPLE TEAMAD

// Posts coming soon — writeups and research dropping here.

03

Projects & CTF

CTF · HARDWARE
NMEA 2000 / CAN Bus Spoof
Fuel level & autopilot manipulation on a Simrad marine network. PGN injection via socketcan impersonating a Lowrance device. Targeted PGN 127505 and 127250.
can-utilssocketcanNMEA 2000Kali
RED TEAM · FINANCIAL
External Red Team — Large Bank
End-to-end external threat scenario on internet-facing assets. Identified exploitable weaknesses across web and API surface, delivered risk-based remediation to stakeholders.
OSINTBurp SuiteNmapMITRE ATT&CK
PURPLE TEAM · AD
Assumed Breach — Active Directory
Assumed-breach and purple team engagements inside AD environments. Collaborated with Blue Teams to assess detection visibility, incident response, and attack path exposure.
BloodHoundMimikatzCrackMapExecPowerView
TOOLING · AI
AI-Assisted Pentest Workflow
Built a white-box web testing pipeline using Claude API on Kali Linux with n8n automation. Four-phase recon-to-report workflow for faster VAPT cycles and report generation.
PythonClaude APIn8nKali
04

Talks

Jan 2024
Mobile Security & Red Team Strategies — APU
Delivered a sharing session at APU covering the mobile penetration testing process, Android security architecture, APK analysis, and advanced techniques including SSL pinning bypass.
MOBILERED TEAMANDROID
Coming soon
More talks dropping here
Future speaking engagements, conference talks, and community sessions will be listed here.
UPCOMING
05

Certifications

Certified Red Team Professional (CRTP)
Altered Security
eLearnSecurity Web Application Penetration Tester (eWPT)
INE Security
eLearnSecurity Junior Penetration Tester (eJPT)
INE Security
Microsoft Azure Fundamentals (AZ-900)
Microsoft
06

Contact

EMAIL
vikramprasad249@gmail.com
LINKEDIN
/in/vikramprasad
GITHUB
vikram249