Back to Portfolio

REGAAN

Security Researcher • Offensive Security • Full-Stack & AI Engineer

Chennai, Tamil Nadu, India
regaan48@gmail.comlinkedin.com/in/regaangithub.com/noobforanonymousrothackers.comregaan.rothackers.com

Summary

Security Researcher and Full-Stack Engineer specializing in Offensive Security, Systems Programming, and Mobile Application Security. From building custom compilers like RedLang to architecting secure learning platforms like Rothackers, I bridge the gap between low-level exploitation and scalable software engineering. 4+ years of experience across penetration testing, secure backend design, real-time systems, and AI/LLM integrations.

Core Skills

Offensive Security:

WebSocket Security, Penetration Testing, OWASP Top 10, OAST, Session Hijacking, XSS, SQLi, SSRF/XXE, WAF Bypass

Programming:

Assembly, C, C++, Python, JavaScript/TypeScript, Go, Java, SQL

Frameworks/Tools:

Playwright, AsyncIO, React, Node.js, Express, WebSockets, MongoDB, MySQL, PostgreSQL

Security Tools:

Burp Suite, OWASP ZAP, Custom Scanners, Git Forensics

DevOps:

Docker, GitHub Actions, PM2, CI/CD Pipelines

AI/LLM:

Gemini Integration, Prompt Engineering, AI-Driven Automation

Experience

Full Stack Developer & Security Engineer

Mar 2020 – Jan 2024
ROT Hackers — Chennai, India
  • Built and maintained full-stack applications using React, Node.js, and real-time WebSocket systems.
  • Implemented authentication hardening, API security controls, and session-management defenses across platforms.
  • Deployed backend services using Docker, PM2, and CI/CD workflows.
  • Designed MySQL/PostgreSQL databases for analytics, real-time features, and scale.
  • Developed internal automation tools for vulnerability testing and diagnostics.
  • Supported high-availability healthcare systems across production workflows.

Major Projects

Keikaku (計画) — Programming Language

Creator & Lead Architect
keikaku.rothackers.com
  • Architected a dynamic, interpreted programming language featuring deterministic control flow and advanced generators.
  • Implemented a custom Bytecode VM in C for performance, with native async/await concurrency primitives.
  • Designed a comprehensive toolchain including a recursive descent parser, semantic analyzer, and cross-platform build system.

Maya — Esports Tournament Platform

Lead Developer
play.google.com/store/apps/details?id=com.mayaislive.app
  • Published a production-grade esports tournament management app on Google Play Store.
  • Implemented real-time room management and live updates using WebSockets.
  • Integrated AdMob for monetization with Interstitial and Rewarded video ads.
  • Built a robust team verification system and secure authentication flow.

WSHawk v2.0 — WebSocket Security Scanner (Open Source)

Creator & Lead Developer
github.com/noobforanonymous/wshawk
  • Modern WebSocket vulnerability scanner with 22,000+ payloads and modular engine detecting 10+ vulnerability classes.
  • Presented at eHackify. Added Playwright-based browser verification for XSS (near-zero false positives).
  • Integrated OAST for blind SSRF/XXE, session hijacking tests. Published to PyPI with automated CI/CD.

ProtoCrash — Protocol Fuzzer (Open Source)

Creator & Lead Developer
github.com/noobforanonymous/ProtoCrash
  • Developed a coverage-guided protocol fuzzer with smart mutation strategies for HTTP, DNS, and SMTP.
  • Implemented distributed fuzzing architecture scaling to 350k execs/sec across 8 workers.
  • Built automated crash analysis and deduplication system with detailed HTML reporting.
  • Achieved 96% code coverage with 850+ unit tests and automated PyPI publishing workflow.

PoCSmith — AI-Powered Security Research Tool

Creator & Lead Developer
github.com/noobforanonymous/PoCSmith
  • Fine-tuned CodeLlama-7B on 1,472 exploits achieving 78.4% accuracy. QLoRA 4-bit quantization for consumer GPUs.
  • Published to Hugging Face Hub and PyPI. Built CLI with CVE parsing, shellcode generation, NVD API integration.
  • Complete pipeline: NVD/Exploit-DB scraping, training, deployment. Reduced loss by 30% across 3 epochs.

Rothackers Mobile & Backend

Full-Stack & AI Engineer
  • Developed a React Native/Expo mobile platform with 90+ screens featuring End-to-End Encryption (E2EE).
  • Built Node.js + MySQL backend with Redis caching, Socket.io for real-time features, and WebRTC for video calls.
  • Integrated Gemini-powered study assistant for hints, flashcards, and guided learning.

Rothackers Admin Dashboard

Frontend Engineer
  • Built a modern admin dashboard using Next.js 15, Tailwind CSS, and Recharts for data visualization.
  • Implemented comprehensive user management, content CMS, and real-time analytics monitoring for the mobile app.

Rothackers Cybersecurity Platform

Full-Stack Developer & Security Engineer
rothackers.com
  • Enterprise LMS with Next.js 16, Node.js, MySQL, Redis. OTP 2FA, CSRF protection, brute-force protection, session management.
  • Audit logging tracking admin actions with IP/UA detection. Certificate generation with unique verification codes (ROTH-YEAR-COURSE-ID).
  • Email system with 6+ templates (OTP, password reset, alerts). Real-time features: Socket.io, custom cursor, particle effects.
  • Batch management for students/tasks. Admin dashboard: user management, course CMS, submission reviews, analytics.

Rothackers Academy (SaaS)

Lead Engineer
  • Architected a modern SaaS platform using Next.js 15, Neon DB (Postgres), and Drizzle ORM.
  • Integrated Google Gemini AI for personalized learning paths and automated content generation.
  • Implemented Stripe payment processing and Inngest for reliable background job orchestration.

Rothackers Security C2 Framework

Security Researcher
  • Developed a high-performance Windows Agent in Go with direct syscalls and advanced evasion techniques.
  • Engineered a macOS Supply Chain Implant that analyzes Gatekeeper mechanisms.
  • Created a Python-based "Environment-Aware" payload generator using novel string obfuscation and entropy seeding.
  • Built a Redis-based Command & Control (C2) infrastructure for low-latency, scalable node management.

Android Security Framework

Mobile Security Researcher
  • Developed a fully functional Android 15 security assessment framework using direct Smali bytecode injection.
  • Implemented multi-threaded data analysis for SMS, Contacts, and Media to a Redis-backed C2 server.
  • Created a real-time Python GUI dashboard for monitoring managed devices and analyzed data.
  • Reverse-engineered legitimate APKs to inject assessment payloads while maintaining original functionality.

RedLang — Systems Programming Language

Creator & Lead Developer
github.com/redlang/redlang
  • Designed and implemented a custom systems programming language using C++ and LLVM.
  • Built a full compiler toolchain including Lexer, Parser (ANTLR4), Semantic Analyzer, and Code Generator.
  • Developed a Language Server Protocol (LSP) implementation for IDE support and a standard library focused on security research primitives.

SQL Tamper Framework v2.1.0 (Advanced WAF Evasion)

Security Researcher
github.com/noobforanonymous/sqlmap-tamper-collection
  • Architected an enterprise-grade SQL transformation framework to bypass modern WAFs (AWS, Cloudflare, Akamai).
  • Implemented a custom SQL lexer, AST analysis engine, and deterministic context-aware evasion tactics.
  • Automated build and distribution pipelines for Docker (GHCR) and PyPI using GitHub Actions.

OffSec Echo Response — CTF Challenge Writeups

CTF Participant & Writeup Author
  • Completed 9 weeks of challenges covering malware analysis, Git forensics, cloud exploitation, cryptanalysis, and packet analysis.
  • Authored detailed technical writeups demonstrating proficiency in Postgres credential extraction, AWS misconfig exploitation, and incident reporting.

Workshop Instructor — Modern Cyber Attack Engineering

Nov 2025
eHackify, Kochi
  • Delivered a 2.5-hour workshop covering malware development concepts, reverse engineering, exploitation flows, C2 frameworks, OPSEC, and red-team methodology.

Certifications & Education

Certifications

  • Certified Ethical Hacker (CEH) — EC-Council (Apr 2025 - May 2026)
  • Go (Intermediate) — HackerRank
  • SQL (Intermediate) — HackerRank
  • React (Frontend) — HackerRank
  • JavaScript / Java / Angular — HackerRank

Education

Independent Study — Cybersecurity & Software Engineering
2020 – 2024

Focused on offensive security, secure full-stack engineering, AI systems, and tool development through structured hands-on learning.

Community

  • Participant — TryHackMe Advent of Cyber
  • Open-source contributor (WSHawk + security utilities)

Languages

  • English (Professional)
  • Tamil (Native)