βββ(HEAVENγΏkali-offensive)-[~]
ββ$ sudo cat /root/.profile
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β ββββ ββββββββββββββ ββββββ βββββββ βββββββ β
β βββββ ββββββββββββββββββββββββββββββββββββββ β
β ββββββ βββββββββββββββββββββββββββββββββ ββββ β
β ββββββββββββββββββββββββββββββββββββββββ βββ β
β βββ ββββββββββββββββββββ ββββββ ββββββββββββ β
β βββ βββββββββββββββββββ ββββββ βββ βββββββ β
β β
β >> ALIAS : HEAVEN β
β >> IDENTITY : Nisarg Chasmawala β
β >> ROLE : Offensive Security Engineer | Penetration Tester β
β >> LOCATION : England, United Kingdom β
β >> EDUCATION : MSc Cyber Security β Birmingham City University β
β (Expected Graduation: March 2027) β
β β
β >> CERTS : CPENT | CEH Master | CHFI | ISO 27001 Lead Auditor β
β CEH v13 | EHE (96%) | CRTOM | CTIGA | CCEP | CCPP β
β Foundations of Log Analysis | TOEFL iBT 91/120 β
β β
β >> WEAPONS : Metasploit Β· Burp Suite Β· Nessus Β· Maltego β
β Wireshark Β· Autopsy Β· FTK Imager Β· MITRE ATT&CK β
β TensorFlow Β· XGBoost Β· NetworkX Β· AWS IAM β
β β
β >> ML WINS : DDoS Detection β 99.99% Accuracy | 1.0000 Precision β
β Malware Engine β 98.47% F1-Score | Near-Perfect AUC β
β CVSS Prediction β RΒ² = 0.9988 | MAE = 0.0400 β
β IoT Flow Predict β RΒ² = 0.9999 | MAE = 0.0010 β
β β
β >> HACKATHON : π₯ 1st Place β BCU Cyber Security Society Hackathon β
β Project: Aegis-IAM Dashboard | STEAMhouse, UK β
β β
β >> MISSION : Uncover vulnerabilities. Secure critical systems. β
β Shape international cyberspace policy. β
β Build a safer digital world β one exploit at a time. β
β β
β [STATUS] ββββββββββββββββββββββββββββββββ ACTIVE β ALWAYS HUNTING β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[HEAVEN@offensive-sec ~]$ _
β CORE LANGUAGES & PLATFORMS β
β AI & MACHINE LEARNING ARSENAL β
β OPERATING SYSTEMS β
βββ(HEAVENγΏkali-offensive)-[~/os-arsenal]
ββ$ uname -a --all-platforms
[+] macOS ............... Daily Driver
[+] Kali Linux ............... Primary Offensive Platform
[+] Parrot OS ............... Alternate Offensive Platform
[+] Ubuntu / Debian ............... Server & Dev Environments
[+] Windows 10 / 11 ............... Target Simulation & Forensics
[+] iOS / Android ............... Mobile Security Researchβ CYBERSECURITY TOOLS MATRIX β
| βοΈ Exploitation | π Recon & OSINT | π§ͺ Digital Forensics | βοΈ Vuln Management |
|---|---|---|---|
Metasploit Advanced |
Nmap / Netcat Advanced |
Autopsy Advanced |
Nessus Advanced |
Burp Suite Advanced |
OSINT Framework Advanced |
FTK Imager Advanced |
OpenVAS Advanced |
SQLmap Advanced |
Maltego Advanced |
Magnet AXIOM Advanced |
AWS IAM Advanced |
Hydra Advanced |
Wireshark Advanced |
Magnet DVR Examiner Advanced |
MITRE ATT&CK Advanced |
John the Ripper Advanced |
Shodan Advanced |
MOBILeadit Advanced |
NetworkX Advanced |
Aircrack-ng Advanced |
Nikto / Acunetix Advanced |
Passware Kit Advanced |
CVSS Scoring Advanced |
Ghidra (RE) Very Good |
Snort Very Good |
Volatility Advanced |
ISO 27001 Audit Certified |
ββ MISSION BRIEF ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Β THREAT VECTOR : Automated Vulnerability Discovery, Exploit Simulation & Risk Scoring
Β TECH STACK : Python 3.11+ Β· FastAPI Β· React Β· ExtraTreesRegressor Β· SQLite
Β KEY RESULT : 29 Live Modules Β· 112 E2E Tests Β· CVSS ML Predictor (RΒ²=0.9925)
Β COMPLIANCE : AES-256-GCM Vault Β· HMAC Audit Logs Β· JWT RBAC Β· OWASP/NIST Mapping
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architected a production-grade autonomous penetration testing platform using Python and FastAPI, automating complex reconnaissance, vulnerability detection, and false-positive suppression workflows. Engineered a multi-layered risk scoring pipeline featuring an ExtraTreesRegressor ML model trained on NVD data to predict CVSS v3.1 base scores (RΒ²=0.9925), augmented by real-time EPSS probabilities and CISA KEV enrichments. Integrated 29 live offensive security modules mapping directly to the MITRE ATT&CK framework, executing deep evaluations including time-based blind SQLi, SSRF, IDOR, and Active Directory Kerberoasting. Hardened the platform's execution engine with an AES-256-GCM credential vault and HMAC-signed append-only audit logs, surfacing verified attack paths via a React-based WebSocket dashboard and automated HTML/PDF compliance reporting.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Β THREAT VECTOR : OSINT Target Analysis, Identity Enrichment & Breach Correlation
Β TECH STACK : Next.js 14 Β· TypeScript Β· Tailwind CSS Β· libphonenumber-js
Β KEY RESULT : 110 OSINT pivots Γ 64 Google dorks Β· 1000+ Breach DBs mapped
Β COMPLIANCE : API Key Isolation Β· Token-Bucket Rate Limits Β· Strict CSP Headers
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architected a production-ready OSINT intelligence platform using Next.js 14 and TypeScript, processing phone and email variants to instantly map geographic context, threat intelligence, and identity footprints. Engineered a resilient, zero-API offline analysis engine via libphonenumber-js and bundled 400+ US/CA NPA databases to geolocate targets without triggering third-party surveillance thresholds. Integrated automated fan-out parallel queries against 1000+ breach databases (XposedOrNot) and credential hashes, visualising exposure through a matrix-themed dashboard equipped with 110 tactical OSINT pivot links and 64 pre-built Google Dorks. Hardened the application's operational security with token-bucket rate limiting (10 req/min/IP), complete server-side API key isolation, and strict anti-tracking security headers to protect investigator integrity.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : AWS Cloud IAM Over-Privilege & Privilege Escalation
TECH STACK : Python Β· Flask Β· NetworkX Β· MITRE ATT&CK Β· AWS JSON Β· OWASP
KEY RESULT : 57 IAM verbs Γ 10 enterprise tactics Β· 38 E2E security tests
COMPLIANCE : XSS Β· CSRF Β· JSON depth-bomb protections Β· SoD conflict detection
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architected a stateless IAM risk analysis platform using Python and Flask, processing complex AWS JSON exports to instantly detect over-privileged cloud identities and separation-of-duties conflicts. Engineered a graph-traversal detection engine via NetworkX to map multi-tiered IAM relationships, automating the discovery and severity-scoring of critical privilege escalation paths. Integrated the MITRE ATT&CK framework to map 57 dangerous IAM verbs across 10 enterprise tactics, visualising exposure through a live heatmap and deterministic posture scoring engine. Hardened the application to pass 38 E2E security tests (including XSS, CSRF, and JSON depth-bomb protections) with a dynamic CLI patch command pipeline and automated vector-based risk intelligence reporting.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : Android APK Permissions & API Call Static Analysis
TECH STACK : Python Β· Scikit-Learn Β· XGBoost Β· Drebin (15,000+ records)
KEY RESULT : 98.47% F1-Score Β· Near-perfect ROC-AUC
INNOVATION : Behaviour-based detection replacing signature scanning
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Engineered enterprise-grade Android malware pipeline evaluating L1 Regularisation, Chi-Square extraction and Random Forest feature importance on the Drebin dataset. Trained XGBoost, RF, Logistic Regression & KNN to transition from signature-based to behaviour-based threat identification at production scale.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : Volumetric DDoS Network Intrusion Classification
TECH STACK : Python Β· TensorFlow Β· XGBoost Β· CIC-DDoS2019 (225K+ rows)
KEY RESULT : 1.0000 Precision Β· 99.99% Accuracy Β· ZERO false positives
MODELS TESTED : 1D-CNNs Β· MLPs Β· XGBoost Β· Random Forest
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Built an AI-driven NIDS on the CIC-DDoS2019 dataset with robust preprocessing handling severe class imbalance. XGBoost achieved a flawless 1.0000 precision β zero false-positive alerts for security analysts while maintaining near-perfect recall for all active volumetric attack vectors.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : Automated NVD Severity Assessment via ML & Deep Learning
TECH STACK : Python Β· Scikit-Learn Β· Extra Trees Β· LSTM Β· GRU Β· NVD Dataset
DATASET : 337,705 historical CVE records (National Vuln. Database)
KEY RESULT : RΒ² = 0.9988 Β· MAE = 0.0400 Β· CV RΒ² = 0.9990 (Extra Trees)
FEATURE SELECT : Lasso Β· ElasticNet Β· Mutual Information Β· 13 optimal predictors
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Architected a supervised ML + Deep Learning pipeline to automate NVD severity assessments, predicting CVSS Base Scores (0.0β10.0) across 337,705 historical CVE records. Deployed a multi-paradigm feature selection pipeline (Lasso, ElasticNet, Mutual Information) to isolate 13 critical predictors from complex vulnerability metadata. Designed and trained advanced tree-based ensembles (Extra Trees, Gradient Boosting) and recurrent neural networks (LSTM, GRU) to evaluate non-linear attack metadata. Extra Trees Regressor achieved near-perfect RΒ² = 0.9988 Β· MAE = 0.0400 with a highly stable cross-validated CV RΒ² = 0.9990, validated through MAE, RMSE, RΒ² and 5-fold cross-validation for enterprise patch prioritisation.
ββ MISSION BRIEF ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : IoT Network Flow Lifetime Forecasting & Anomaly Detection
TECH STACK : Python Β· TensorFlow Β· Scikit-Learn Β· RT-IoT2022 Dataset
DATASET : 117,000+ unique records Β· 50 raw features β optimal subsets
KEY RESULT : RΒ² = 0.9999 Β· MAE = 0.0010 (Gradient Boosting, 39 features)
MODELS TESTED : Gradient Boosting Β· Extra Trees Β· AdaBoost Β· Huber Β· GRU Β· Transformer
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Engineered a regression-based predictive model using Python, TensorFlow, and Scikit-Learn to accurately forecast the continuous wall-clock lifetime of IoT network flows for enhanced network telemetry and anomaly detection. Processed and normalised the RT-IoT2022 dataset (117,000+ unique records), designing a comprehensive multi-stage feature selection pipeline (variance filtering, correlation pruning, and Gradient-Boosting importance) to reduce 50 raw features to optimal subsets while addressing extreme right-skewness via log1p transformations. Developed and evaluated 24 experimental configurations spanning classical tree ensembles (Gradient Boosting, Extra Trees, AdaBoost), robust linear estimators (Huber), and deep sequence architectures (Gated Recurrent Units and Transformer encoders). Gradient Boosting achieved a near-perfect RΒ² = 0.9999 Β· MAE = 0.0010 on a 39-feature baseline, while Extra Trees maintained RΒ² = 0.9996 even after 87% dimensionality reduction.
ββ MISSION BRIEF βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
THREAT VECTOR : Dynamic CVSS Replacement β Context-Aware Risk Scoring
TECH STACK : Python Β· Scikit-Learn Β· XGBoost Β· Feature Engineering
KEY RESULT : Real-time 0β10 context risk scores Β· MSE/RMSE/MAE/RΒ² val.
INNOVATION : TCP flags Β· port categories Β· protocol features as inputs
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Engineered an adaptive ML framework transitioning vulnerability assessments from static CVSS to real-time, context-aware scoring. Processed raw network traffic features (TCP flags, port categories, protocols) via One-Hot Encoding and feature engineering. Evaluated XGBoost, RF, Decision Tree & KNN; validated with MSE, RMSE, MAE and RΒ² for enterprise threat response prioritisation at scale.
| π | Certification | Issuer | Date | Score / Credential |
|---|---|---|---|---|
| CPENT β Certified Penetration Tester Professional | EC-Council | 2024-11 |
ECC6970842153 |
|
| CEH Master β Certified Ethical Hacker Master | EC-Council | 2024-04 |
ECC1382059467 |
|
| CEH Practical | EC-Council | 2024-04 |
180/200 Β· ECC7804965321 |
|
| CEH v13 β Certified Ethical Hacker | EC-Council | 2025-12 |
ID 776964 |
|
| CEH β Certified Ethical Hacker | EC-Council | 2024-01 |
91.2% Β· ECC5081642397 |
|
| CHFI β Computer Hacking Forensic Investigator | EC-Council | 2023-12 |
90.7% Β· ECC4925367081 |
|
 |
ISO/IEC 27001:2022 Lead Auditor | Mastermind | 2026-01 |
ttuf1fci7e |
| EHE β Ethical Hacker Essentials | EC-Council | 2026-01 |
96% Β· ECC8416329075 |
|
| CRTOM β Certified Red Team Operations Management | Red Team Leaders | 2026-01 |
β | |
| CTIGA β Threat Intelligence & Governance Analyst | Red Team Leaders | 2026-01 |
β | |
| CCEP β Certified Cybersecurity Educator Professional | Red Team Leaders | 2026-01 |
β | |
| CCPP β Certified C++ Practitioner | Red Team Leaders | 2026-01 |
β | |
| Foundations of Log Analysis for Cyber Defense | Red Team Leaders | 2026-01 |
β | |
| TOEFL iBT | ETS | 2024-07 |
91 / 120 |
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TIMELINE β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β β
β [2025-03 β 2025-09] IT HARDWARE SUPPORT ENGINEER β
β NIVA TECHNO TRANSITION, Surat, India β
β βΈ Enterprise system installation & maintenance β
β βΈ Hardware, software & network diagnostics β
β βΈ LAN/Wi-Fi & peripheral management β
β βΈ Regular security checks & offsite support β
β β
β [2024-02 β 2025-02] VULNERABILITY ASSESSMENT & PENETRATION TESTER β
β SYSAP TECHNOLOGIES, Pune, India (Remote) β
β βΈ Full-scope enterprise penetration tests β
β βΈ Executive + technical risk report delivery β
β βΈ Vulnerability remediation & hardening β
β βΈ Maintained currency with emerging threats β
β β
β [2023-07 β 2024-01] VULNERABILITY SCANNING & PEN TEST INTERN β
β SYSAP TECHNOLOGIES, Pune, India β
β βΈ Security & vulnerability scanning β
β βΈ Exploitation, threat intel & compliance docs β
β βΈ Security research & record keeping β
β β
β [2023-01 β 2023-04] NETWORK SPECIALIST INTERN β
β AIRLINK COMMUNICATION PVT. LTD, Surat β
β βΈ Network troubleshooting & monitoring β
β βΈ Network configuration & documentation β
β β
β [2022-06 β 2022-07] NETWORK ENGINEER INTERN β
β NIVA TECHNO TRANSITION, Surat β
β βΈ Network infrastructure & structured cabling β
β βΈ Documentation, reporting & customer support β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π΄ [CLASSIFIED] Consolidated Pentesting & RCE Assessment
Conducted end-to-end penetration testing across Redis, Openfire, and Gitea environments. Achieved system-level access via Redis replication abuse, Openfire admin console exploitation, and Git Hooks weaponization. CVSS scores up to 10.0 Critical.
Nmap Β· Metasploit Β· Redis Exploit Β· Git Hooks Β· Reverse Shells Β· CVSS
π΅ [CLASSIFIED] Digital Forensic Strategy β Missing Person Investigation
Designed an ISO-aligned forensic investigation plan covering corporate systems, mobile devices, IoT, cloud platforms & CCTV. Applied ISO 27037/27035/27042/27043/17025 with full UK GDPR, NPCC & FSR compliance and chain-of-custody management.
FTK Imager Β· Magnet AXIOM Β· Magnet DVR Examiner Β· MOBILeadit Β· Autopsy Β· Passware Kit
π‘ [CLASSIFIED] Strategic Security Audit β Cyberzone AI Ltd.
Led ISO/IEC 27001:2023 audit of AI-driven healthcare & fintech systems. Identified identity gaps, patching weaknesses & source code exposure. Evaluated compliance with UK GDPR, Data Protection Act 2018, and US HIPAA. Proposed FIDO2 MFA, immutable backups, automated patching & Purple Team exercises. Delivered full risk-scored audit report + phased mitigation roadmap.
π£ [CLASSIFIED] AI & Autonomous Pentesting Frameworks β Research
Systematic literature review evaluating Deep Reinforcement Learning & LLMs for autonomous offensive cybersecurity. Synthesized quantitative performance metrics assessing architectural evolution from single-agent LLMs to collaborative Multi-Agent Systems (MAS). Identified the "Sim2Real" transfer gap, algorithmic hallucination risks and dual-use ethical concerns. Formulated a Neuro-Symbolic AI + HITL architecture for EU AI Act & GDPR compliance.
DRL Β· LLMs Β· Multi-Agent Systems Β· Neuro-Symbolic AI Β· EU AI Act Β· GDPR
π’ [CLASSIFIED] IT Project Management: Autonomous AI-Driven Pentesting
Orchestrated a 7-week Hybrid Agile-PRINCE2 project for an autonomous AI cybersecurity system using Monday.com as the Work OS. Managed a 5-phase WBS, sprint execution, capacity planning & automated approvals. Led EU AI Act compliance deliverables under crisis resource reallocation with HITL + Neuro-Symbolic safety guardrails.
Monday.com Β· Agile-PRINCE2 Β· WBS Β· Risk Management Β· Regulatory Compliance
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β π₯ 1ST PLACE β CYBER SECURITY SOCIETY HACKATHON β
β Birmingham City University Β· STEAMhouse, UK β
β β
β PROJECT : Aegis-IAM Dashboard β
β Privilege Escalation & Risk Analysis Platform β
β β
β βΈ Rapidly prototyped a working MVP of an enterprise-grade IAM β
β risk analysis platform under strict time constraints. β
β βΈ Engineered a graph-based detection engine to model access β
β relationships, automating discovery of complex privilege β
β escalation chains and "toxic" role combinations. β
β βΈ Developed a real-time risk dashboard mapping over-privileged β
β cloud identities to MITRE ATT&CK, with automated remediation β
β playbooks and actionable posture scoring. β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| π’ Organisation | π― Operation | π Skills Demonstrated |
|---|---|---|
| Deloitte | Cyber Job Simulation | Threat Analysis Β· Incident Reports Β· Mitigation |
| MasterCard | Cybersecurity Job Simulation | Payment Security Β· Fraud Detection Β· Risk Response |
| Commonwealth Bank | Intro to Cybersecurity | Risk Management Β· Access Control Β· Data Protection |
| Telstra | Cybersecurity Job Simulation | Network Security Β· Vulnerability Identification |
| Datacom | Cyber Security Operations | SOC Β· Log Analysis Β· Anomaly Detection |
| TATA | Cybersecurity Analyst Simulation | System Scanning Β· Vuln Prioritisation |
| AIG | Shields Up: Cybersecurity | Cyber Defence Β· Attack Scenarios Β· Safeguards |
| π Degree | ποΈ Institution | π | π |
|---|---|---|---|
| MSc Cyber Security with Professional Placement | Birmingham City University, UK | Exp. 2027 |
β |
| BE β Computer Science & Engineering | SN Patel Institute of Technology (GTU), India | 2024 |
7.86 CGPA |
| Diploma β Computer Engineering | N.G. Patel Polytechnic College (GTU), India | 2021 |
7.80 CGPA |
| Class 10 β SSC (CBSE) | Kendriya Vidyalaya No.1, Surat | 2017 |
β |
Β
Β
βββ(HEAVENγΏkali-offensive)-[~/hobbies]
ββ$ cat interests.txt
[+] CTF CHALLENGES ............... Ethical Hacking Research & Capture-the-Flag
[+] APPLE ECOSYSTEM ............... Hardware/Software Troubleshooting & Emerging Tech
[+] MOBILE SECURITY ............... iOS & Android Security Research
[+] CULINARY HACKS ............... Experimenting with Varied Cuisines & Cooking
#!/usr/bin/env python3
# CLASSIFICATION: TOP SECRET β CAREER INTELLIGENCE BRIEF
class NisargChasmawala_MissionPlan:
short_term_objectives = [
"Earn OSEP, CISSP β push elite certification stack further",
"Build AI-augmented security pipelines for enterprise defence",
"Deepen red team operations experience with real engagements",
]
mid_term_objectives = [
"Publish peer-reviewed research at intersection of AI + Cyber",
"Lead offensive security teams & mentor the next generation",
"Pioneer autonomous penetration testing methodologies",
]
long_term_objectives = [
"Become a globally recognised cybersecurity adviser",
"Lead development of next-generation security tools & frameworks",
"Shape international cyberspace policy & best practices",
]
ultimate_mission: str = """
Uncover every vulnerability. Secure every critical system.
Build a demonstrably safer digital world β for everyone.
"""
def execute(self) -> None:
while True:
hunt(); learn(); build(); secure(); repeat()
SELECT * FROM elite_security_engineers
WHERE alias = 'HEAVEN'
AND name = 'Nisarg Chasmawala'
AND certs IN ('CPENT','CEH_Master','CHFI','ISO_27001','CEH_v13')
AND location = 'Birmingham, England, United Kingdom'
AND status = 'ACTIVE'
AND mission = 'MAKING_DIGITAL_WORLD_SAFER';
-- 1 row returned. Target identified. β
[ ALL SYSTEMS SECURED β CONNECTION TERMINATED β β ]