About Security Research Infrastructure Projects Competitive Education Endorsements Community

Karan Kurani

Security Research • Offensive Security • SRC • ICS & OT • Vulnerability Disclosure

About

Security researcher with responsible vulnerability disclosures across Microsoft, Apple, NASA, OpenAI, JPMorgan Chase, and Infosys (CERT-In acknowledged). Discovered CVE-2025-55182 affecting production sites including The Economic Times. Contributed security findings to open-source projects Metabase and Uptime Kuma (80K+ GitHub stars). Conducted red team adversarial simulations on ICS/SCADA infrastructure for critical energy systems at Con Edison. MS in Cybersecurity from Pace University (3.9 GPA, Summa Cum Laude). I find real vulnerabilities in real systems — and I document how to fix them.

Me

Security Research & Disclosure

Active researcher conducting structured security assessments across enterprise, open-source, and public-sector environments.

1 CVEs Assigned
16 Advisories Filed
14 Organizations
5 Critical + High
Disclosed to
+8 more
Critical 1
React / Next.js
Remote Code Execution via exposed RSC endpoints
CVE Discovered
IDCVE-2025-55182
CWECWE-94

Discovered on admin portal page via FOFA & Shodan recon. Affected production sites including The Economic Times (Times Internet) and multiple AWS-hosted apps. CERT-In acknowledged.

High 4
Apple swift
HTTP/2 → HTTP/1 request smuggling
Triaged
IDGHSA-4px2-pw77-vc85
CWECWE-113

Remote protocol-level request smuggling affecting reverse proxy patterns.

Apple swift
CRLF injection
CVE Discussion
IDGHSA-cq87-8r7h-962v
CWECWE-113

Maintainer acknowledged. Patch discussion ongoing.

Directus
Blind data exfiltration via RBAC bypass in filter queries
Advisory Draft
IDGHSA-2xcm-7h22-3m66
CWECWE-200 / 284 / 863

Discovered during source-code review of query execution flow.

n8n
Authorization bypass enabling credential operations via IDOR
Closed (Duplicate)
IDGHSA-9wq9-2r74-4vc8
CWECWE-639 / 862

Merged into primary advisory. Also identified credential metadata disclosure (GHSA-vh2p-7mqh-wwhw).

Medium 6
Microsoft OneDrive
Cross-origin XS-Search timing side-channel for document keyword inference
Closed
IDMSRC Case 104177
CWECWE-208

Timing attack via response-time analysis. Microsoft was unable to reproduce.

MB
Metabase ★ 46K+
Public sharing disabled bypass exposing dataset values
Fix In Progress
IDResponsible Disclosure
CWECWE-284

Vendor reproduced. Patches rolling out for impacted versions.

Uptime Kuma ★ 83K+
Missing authorization check leaking private monitor ping response times
CVE Published
CVECVE-2026-32230
CWECWE-862

Patch created and published by maintainers.

PX
Pretix OIDC
PKCE values printed to stdout during token exchange
Fixed
IDResponsible Disclosure
CWECWE-532

Vendor removed logging in subsequent release.

IN
Infosys Career Portal
OAuth 2.0 ROPC grant enabled on production Keycloak IAM
Investigating
IDResponsible Disclosure
CWECWE-522 / 287

Acknowledged by Infosys CERT / CERT-In.

JP
JPMorgan Chase
Internal QA/UAT hostnames exposed in production JS bundle
Fix Pending · Hall of Fame
IDSynack RD #690
CWECWE-200

Infrastructure reconnaissance exposure via Synack Red Team.

Low / Informational 5
PX
Pretix
Log injection via request_id_header configuration parsing
Closed
CWECWE-117

Maintainers accepted patch. Acknowledgment

Mercedes-Benz Xentry Update Service
Public OTA update directories exposing update manifests
Reported
IDResponsible Disclosure
CWECWE-200

Passive endpoint discovery.

NASA
Internal system data exposure via passive reconnaissance
Reported
IDResponsible Disclosure
CWECWE-200

Discovered via endpoint analysis.

OpenAI ChatGPT Atlas
World-readable debug logs exposing renderer console output
Submitted
IDBugcrowd
CWECWE-532

macOS Atlas browser. 644-permission logs persisted OAuth tokens. Informational hardening recommendation.

n8n SSRF
Server-Side Request Forgery via workflows/from-url endpoint
Under Review
IDGHSA-4239-f84r-mmhj
CWECWE-918

Unfiltered axios.get() call enabling internal port-state differentiation. Authenticated-only access.

All findings responsibly disclosed per coordinated vulnerability disclosure practices.

CVE-2026-32230
Uptime Kuma · Authorization Bypass

Critical Infrastructure & ICS

Adversarial simulation within SCADA-controlled energy environments at the Pace Cyber Range.

Pace University – Con Edison Critical Infrastructure Collaboration

Simulated adversarial attacks against OT environments, performing Modbus protocol exploitation using mbpoll to manipulate PLC registers and coils.

Engineered sensor spoofing techniques to alter SCADA logic states and evaluate resilience of energy control workflows.

Deployed and configured Wazuh agents with firewall telemetry ingestion from pfSense, enabling centralized OT/IT log correlation and threat detection.

Contributed to NYMEGA AI-SCADA visualization modeling, mapping control flow and entity interactions to enhance red team training realism.

Live Modbus register manipulation and PLC coil forcing conducted in an authorized academic cyber range.

Projects & Applied Research

Hands-on security engineering, adversarial experimentation, and research-driven system analysis across DFIR, malware, network security, wireless exploitation, and applied machine learning.

Advanced Persistence Threat Detection Tool

Designed and developed a Windows-based persistence detection framework to identify malicious services and startup artifacts through executable hashing and threat intelligence correlation. • Enumerates services and startup entries using system-level inspection • Validates executables against VirusTotal intelligence feeds • Automates structured PDF threat reporting • Integrates AI-assisted malware context summarization

Advanced Malware Analysis & Reverse Engineering

Conducted deep static and dynamic analysis of real-world ransomware and banking trojans including WannaCry, Ryuk, and Shylock to understand infection chains, crypto routines, persistence mechanisms, and C2 behavior. • Reverse engineered binaries using IDA and Ghidra • Traced encryption workflows and execution logic • Extracted IOCs and monitored DNS/HTTP command-and-control traffic • Developed custom YARA rules for detection and hunting

Wireless Network Attacks & 802.11 Security Research

Performed hands-on exploitation and protocol-level analysis across IEEE 802.11 wireless environments to replicate enterprise attack paths and evaluate detection strategies. Captured and cracked WPA/WPA2 authentication handshakes • Executed deauthentication and rogue access point attacks • Analyzed WPA-Enterprise authentication flows • Inspected raw wireless frames and client association behavior

Team About About About

Competition & Leadership

Competitive exposure across national security challenges and hackathons.

National Cyber League (NCL)
• Top 7% nationally (Rank 356 / 4,898 teams) - Fall 2024
• Secured #1 position at Pace University
• Team Lead across OSINT, Cryptography, Web Exploitation, Network Analysis challenges

ISC2 CTF – Saint Peter's University, NJ
• Team Lead • Placed 7th out of 40 teams

NSA Codebreaker Challenge
• Completed advanced reverse engineering and exploitation-based security challenges.

Hackathons
• ShellHacks 2024 – Florida International University
• VTHacks 2024 - Virginia Tech - Developed "FinShield" cyber risk modeling solution

Leadership
• Regional Moderator - Northeast Collegiate Cyber Defense League (Pace University)
• Graduate Project Team Lead - CVSS v3 Vulnerability Severity Prediction (ML-based)

National Cyber League


NSA Codebreaker
ShellHacks

Education

Pace University

Seidenberg School of Computer Science & Information Systems
MS – Cybersecurity (2023–2025) GPA: 3.9 / 4.0 - Summa Cum Laude
Relevant Focus: Network Security & Defense • Ethical Hacking • Malware Analysis & Reverse Engineering • Mobile Forensics • Security Automation • Cybersecurity Capstone

Rashtrasant Tukadoji Maharaj Nagpur University

BE – Computer Science & Engineering (2020–2023) GPA: 3.7 / 4.0
Leadership & Involvement: • Vice President - Cortex Forum
Class Representative (3 Years) • Core Member - Coding & Ethical Hacking Club

Pace


NSA Codebreaker


ShellHacks


Professional Endorsements

Danny Dimoski

Information Security Manager at AMD | Associate Professor, Pace University

"Karan has an exceptional talent for cybersecurity. His strengths in penetration testing, vulnerability assessment, and ethical hacking are matched by his strategic thinking about the future of cyber defense. He combines technical depth with professionalism, curiosity, and determination - qualities essential in modern security engineering. I am confident he will be a valuable asset to any organization."

Paul Dantzig

Senior Technical Staff Member, IBM | Stanford University | Professor, Pace University

Karan demonstrated strong analytical rigor and depth in data-driven security research. His statistical modeling work reflected publication-grade structure, clarity in methodology, and thoughtful interpretation of complex datasets.
• Publication-level formatting and structured methodology
• Independent statistical reasoning
• Novel insight extraction from widely studied datasets

Faculty endorsement highlighting my structured security research, statistical depth, and adversarial mindset.

Certifications

CRTA – Red Team Analyst (CWL)
ISC2 – Certified in Cybersecurity (CC)
ISAC – Certified Penetration Tester (NCPT)
Oracle – OCI Architect Associate

Conferences & Community

Engaged in industry conferences and research forums focused on enterprise security, AI, and adversarial defense.

• IBM Security Summit – Wall Street
• Microsoft Cyber Security Conference
• Microsoft AI Tour
• Google Developer Fest
• CSAW Security Conference - NYU
• New York Metro Joint Cyber Security Conference
• Engaged with global institutions including the World Health Organization (WHO)

Team About About About