Back to Portfolio

REGAAN

Security Researcher • Offensive Security • Full-Stack & AI Engineer

Chennai, Tamil Nadu, India
regaan48@gmail.comlinkedin.com/in/regaangithub.com/noobforanonymousrothackers.com

Summary

Security Researcher and Full-Stack Engineer specializing in Offensive Security, Systems Programming, and Mobile Application Security. From building custom compilers like RedLang to architecting secure learning platforms like Rothackers, I bridge the gap between low-level exploitation and scalable software engineering. 4+ years of experience across penetration testing, secure backend design, real-time systems, and AI/LLM integrations.

Core Skills

Offensive Security:

WebSocket Security, Penetration Testing, OWASP Top 10, OAST, Session Hijacking, XSS, SQLi, SSRF/XXE, WAF Bypass

Programming:

Python, JavaScript/TypeScript, Go, Java, SQL

Frameworks/Tools:

Playwright, AsyncIO, React, Node.js, Express, WebSockets, MongoDB, MySQL, PostgreSQL

Security Tools:

Burp Suite, OWASP ZAP, Custom Scanners, Git Forensics

DevOps:

Docker, GitHub Actions, PM2, CI/CD Pipelines

AI/LLM:

Gemini Integration, Prompt Engineering, AI-Driven Automation

Experience

Full Stack Developer & Security Engineer

Mar 2020 – Jan 2024
ROT Hackers — Chennai, India
  • Built and maintained full-stack applications using React, Node.js, and real-time WebSocket systems.
  • Implemented authentication hardening, API security controls, and session-management defenses across platforms.
  • Deployed backend services using Docker, PM2, and CI/CD workflows.
  • Designed MySQL/PostgreSQL databases for analytics, real-time features, and scale.
  • Developed internal automation tools for vulnerability testing and diagnostics.
  • Supported high-availability healthcare systems across production workflows.

Major Projects

Maya — Esports Tournament Platform

Lead Developer
play.google.com/store/apps/details?id=com.mayaislive.app
  • Published a production-grade esports tournament management app on Google Play Store.
  • Implemented real-time room management and live updates using WebSockets.
  • Integrated AdMob for monetization with Interstitial and Rewarded video ads.
  • Built a robust team verification system and secure authentication flow.

WSHawk v2.0 — WebSocket Security Scanner (Open Source)

Creator & Lead Developer
github.com/noobforanonymous/wshawk
  • A modern exploitation-driven WebSocket vulnerability scanner used by pentesters and security learners.
  • Presented at eHackify after gaining community traction.
  • Designed modular scanning engine detecting 10+ WebSocket vulnerability classes.
  • Implemented 22,000+ attack payloads with mutation logic and WAF detection.
  • Added Playwright-based browser verification for XSS (near-zero false positives).
  • Integrated OAST for blind SSRF/XXE, session hijacking tests, and server fingerprinting.
  • Published to PyPI with automated CI/CD pipelines and reporting output (HTML, CVSS, logs).

Rothackers Mobile & Backend

Full-Stack & AI Engineer
  • Developed a React Native/Expo mobile platform with 90+ screens featuring End-to-End Encryption (E2EE).
  • Built Node.js + MySQL backend with Redis caching, Socket.io for real-time features, and WebRTC for video calls.
  • Integrated Gemini-powered study assistant for hints, flashcards, and guided learning.

Rothackers Admin Dashboard

Frontend Engineer
  • Built a modern admin dashboard using Next.js 15, Tailwind CSS, and Recharts for data visualization.
  • Implemented comprehensive user management, content CMS, and real-time analytics monitoring for the mobile app.

Rothackers Masterclass Website

Full-Stack Developer
rothackers.com
  • Developed a separate educational platform using Next.js 14, Three.js for 3D elements, and Clerk for authentication.
  • Implemented PWA capabilities and interactive course content delivery.

Rothackers Academy (SaaS)

Lead Engineer
  • Architected a modern SaaS platform using Next.js 15, Neon DB (Postgres), and Drizzle ORM.
  • Integrated Google Gemini AI for personalized learning paths and automated content generation.
  • Implemented Stripe payment processing and Inngest for reliable background job orchestration.

Rothackers Red Team C2 Framework

Security Researcher
  • Developed a high-performance Windows RAT in Go with direct syscalls and 95% AV evasion rate.
  • Engineered a macOS Supply Chain Implant that bypasses Gatekeeper mechanisms.
  • Created a Python-based "VM-Compatible" payload generator using novel string obfuscation and entropy seeding.
  • Built a Redis-based Command & Control (C2) infrastructure for low-latency, scalable botnet management.

Android Malware Framework

Mobile Security Researcher
  • Developed a fully functional Android 15 malware framework using direct Smali bytecode injection.
  • Implemented multi-threaded data exfiltration for SMS, Contacts, and Media to a Redis-backed C2 server.
  • Created a real-time Python GUI dashboard for monitoring infected devices and stolen data.
  • Reverse-engineered legitimate APKs to inject malicious payloads while maintaining original functionality.

RedLang — Systems Programming Language

Creator & Lead Developer
github.com/redlang/redlang
  • Designed and implemented a custom systems programming language using C++ and LLVM.
  • Built a full compiler toolchain including Lexer, Parser (ANTLR4), Semantic Analyzer, and Code Generator.
  • Developed a Language Server Protocol (LSP) implementation for IDE support and a standard library focused on offensive security primitives.

SQLMap Tamper Collection

Security Researcher
github.com/noobforanonymous/sqlmap-tamper-collection
  • Developed a comprehensive framework of custom tamper scripts for SQLMap.
  • Created bypass techniques for modern WAFs and filters to enable successful SQL injection testing.

OffSec Echo Response — CTF Challenge Writeups

CTF Participant & Writeup Author
  • Completed 9 weeks of challenges covering malware analysis, Git forensics, cloud exploitation, cryptanalysis, and packet analysis.
  • Authored detailed technical writeups demonstrating proficiency in Postgres credential extraction, AWS misconfig exploitation, and incident reporting.

Workshop Instructor — Modern Cyber Attack Engineering

Nov 2025
eHackify, Kochi
  • Delivered a 2.5-hour workshop covering malware development concepts, reverse engineering, exploitation flows, C2 frameworks, OPSEC, and red-team methodology.

Certifications & Education

Certifications

  • Certified Ethical Hacker (CEH) — EC-Council (Apr 2025 - May 2026)
  • Go (Intermediate) — HackerRank
  • SQL (Intermediate) — HackerRank
  • React (Frontend) — HackerRank
  • JavaScript / Java / Angular — HackerRank

Education

Independent Study — Cybersecurity & Software Engineering
2020 – 2024

Focused on offensive security, secure full-stack engineering, AI systems, and tool development through structured hands-on learning.

Community

  • Participant — TryHackMe Advent of Cyber
  • Open-source contributor (WSHawk + security utilities)

Languages

  • English (Professional)
  • Tamil (Native)