Available for Internships & Jobs

Rohit
Nikam

offensive security ∙ ai/ml engineering

Building at the intersection of offensive security and applied AI — autonomous attack frameworks, vulnerability intelligence engines, and LLM systems trained on adversarial security data.

View Projects → GitHub
rohit@phantom ~
$ cat profile.json
{
"name": "Rohit Nikam",
"role": "Security Researcher & AI Engineer",
"location": "Nashik, India",
"education": "B.Tech CSE — Sandip University",
"cgpa": 8.47,
"focus": ["Offensive Security", "AI/ML"],
"platforms": ["HackerOne", "CTFtime", "HackTheBox"]
}
$
0
Vuln Classes Automated
0
Bug Bounty Programs
0
Production Projects
0
CVEs / Findings
About

Who I Am

3rd year Computer Science student building autonomous security systems and AI-powered vulnerability research tools.

Offensive Security

MOD::SEC-01

Authorized bug bounty researcher on HackerOne. Active CTF competitor. Focused on web application penetration testing and exploit development across OWASP Top 10 and MITRE ATT&CK frameworks.

HACKERONE ACTIVE

AI / ML Engineering

MOD::AI-02

Designing LLM systems trained on adversarial security data. Building RAG pipelines, fine-tuning models with QLoRA/LoRA/DPO, and engineering autonomous attack selection frameworks.

TRAINING MODELS

Full-Stack Engineering

MOD::DEV-03

Python-first developer building clean, testable architectures. Flask REST APIs, JavaScript frontends, Docker containers, and Git-managed workflows for production deployments.

SHIPPING CODE

Education

MOD::EDU-04

B.Tech Computer Science Engineering at Sandip University, Nashik. Expected May 2027. CGPA: 8.47/10. Coursework in ML, Computer Security, DSA, and Software Engineering.

CGPA 8.47 / 10
Skills

Technical Arsenal

Tools and technologies I wield across security research and AI engineering.

AI / ML Engineering

Python Large Language Models RAG Systems QLoRA / LoRA DPO Fine-tuning Transformer Architecture Prompt Engineering Qwen2.5-Coder-7B

Offensive Security

Web App Pentesting OWASP Top 10 MITRE ATT&CK Bug Bounty Research Vulnerability Assessment CTF Competitions

Security Tools

Nuclei Subfinder HTTPX FFuf Dalfox Burp Suite Ghidra Kali Linux GAU Waybackurls

Engineering

Python Bash JavaScript Flask Next.js REST APIs Docker Git System Architecture
Projects

What I've Built

Open-source security tools and AI-powered platforms for offensive security research.

Phantom v3.0

SYS::PHANTOM-V3.0 ACTIVE_ENGAGEMENT
2025

AI-Powered Penetration Testing Automation Framework

Modular Python framework with LLM-driven, context-aware attack selection across 15+ vulnerability classes. Implements a RAG pipeline indexing MITRE ATT&CK, OWASP, and ExploitDB for intelligent exploit chaining.

  • 15+ vulnerability classes: HTTP Request Smuggling, Cache Poisoning, Race Conditions, SSTI, JWT Algorithm Confusion, GraphQL injection, and more
  • RAG pipeline over MITRE ATT&CK + OWASP Top 10 + ExploitDB for vulnerability fingerprinting
  • Fingerprint-driven context-aware exploit selection and automated chain generation
  • CLI architecture with Claude Code integration, Git-tracked codebase
Python LLMs RAG REST APIs Git
View on GitHub

VulnPrioritizer

SYS::PRIORITIZER STABLE_INTEGRATED
2025

AI-Driven Vulnerability Risk Scoring Engine

Asset-based vulnerability risk scoring engine using a custom EARS formula (Exploitability, Asset criticality, Risk, Severity) to prioritize vulnerabilities at scale across enterprise asset inventories.

  • Custom EARS formula for enterprise-scale asset-based prioritization
  • Live CVE/NVD API integration for automated threat intelligence enrichment
  • Modular, testable Python/Flask backend with clean system architecture
  • RESTful API design with proper separation of concerns
Python Flask REST API CVE/NVD
View on GitHub

ThreatMap

SYS::OSINT-RADAR LIVE_MONITORING
2024

Real-Time Threat Intelligence Dashboard

Full-stack threat intelligence aggregation platform with modular Python backend, live OSINT feed integration, and real-time visualization. Version-controlled, extensible architecture with configurable alerting rules.

  • Live OSINT feed aggregation with real-time updates
  • Modular backend with extensible data source plugin system
  • REST API + JavaScript frontend visualization layer
  • Configurable threat alerting rules engine
Python JavaScript Flask OSINT APIs
View on GitHub
Experience

Where I've Worked

Bug Bounty Security Researcher

HackerOne — Authorized Researcher
2024 – Present

Conducting authorized web application security assessments across multiple programs. Exploitation-first reporting methodology — only report after confirmed exploitation.

  • Next.js __NEXT_DATA__ secrets disclosure — Acorns program
  • Staging endpoint credential exposure — Luno program
  • Python-based automated reconnaissance pipelines
  • LLM-assisted vulnerability detection and triage
  • Manual testing with Burp Suite, Nuclei, FFuf, Dalfox

Freelance Web Developer

Independent
2023 – Present

Full-stack web solutions for clients using JavaScript, REST APIs, and Git-managed version-controlled workflows.

Achievements

Platforms & Activity

HackerOne

Authorized Researcher — Active

CTFtime

Active Competitor

TryHackMe

Security Labs — Active

HackTheBox

Active

Sandip University

B.Tech CSE — May 2027

Contact

Get In Touch

Available for internships, jobs, and remote opportunities. Response time under 24 hours.

Email

rohitnikam195@gmail.com

GitHub

github.com/phantombyte06

HackerOne

hackerone.com/ox3sec

Location

Nashik, Maharashtra, India

Let's Build
Something Dangerous

Open to internships, full-time positions, and remote collaboration on security & AI projects.

Send Email →