┌──(HEAVEN㉿kali-offensive)-[~]
└─$ sudo cat /root/.profile
╔══════════════════════════════════════════════════════════════════════════╗
║ ║
║ ███╗ ██╗██╗███████╗ █████╗ ██████╗ ██████╗ ║
║ ████╗ ██║██║██╔════╝██╔══██╗██╔══██╗██╔════╝ ║
║ ██╔██╗ ██║██║███████╗███████║██████╔╝██║ ███╗ ║
║ ██║╚██╗██║██║╚════██║██╔══██║██╔══██╗██║ ██║ ║
║ ██║ ╚████║██║███████║██║ ██║██║ ██║╚██████╔╝ ║
║ ╚═╝ ╚═══╝╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ║
║ ║
║ >> ALIAS : HEAVEN ║
║ >> IDENTITY : Nisarg Chasmawala ║
║ >> ROLE : Offensive Security Engineer | Penetration Tester ║
║ >> LOCATION : England, United Kingdom ║
║ >> EDUCATION : MSc Cyber Security — Birmingham City University ║
║ (Expected Graduation: March 2027) ║
║ ║
║ >> CERTS : CPENT | CEH Master | CHFI | ISO 27001 Lead Auditor ║
║ CEH v13 | EHE (96%) | CRTOM | CTIGA | CCEP | CCPP ║
║ Foundations of Log Analysis | TOEFL iBT 91/120 ║
║ ║
║ >> WEAPONS : Metasploit · Burp Suite · Nessus · Maltego ║
║ Wireshark · Autopsy · FTK Imager · MITRE ATT&CK ║
║ TensorFlow · XGBoost · NetworkX · AWS IAM ║
║ ║
║ >> ML WINS : DDoS Detection — 99.99% Accuracy | 1.0000 Precision ║
║ Malware Engine — 98.47% F1-Score | Near-Perfect AUC ║
║ CVSS Prediction — R² = 0.9989 | 337,705 CVEs ║
║ ║
║ >> MISSION : Uncover vulnerabilities. Secure critical systems. ║
║ Shape international cyberspace policy. ║
║ Build a safer digital world — one exploit at a time. ║
║ ║
║ [STATUS] ████████████████████████████████ ACTIVE — ALWAYS HUNTING ║
╚══════════════════════════════════════════════════════════════════════════╝
[HEAVEN@offensive-sec ~]$ _— CORE LANGUAGES & PLATFORMS —
— AI & MACHINE LEARNING ARSENAL —
— OPERATING SYSTEMS —
┌──(HEAVEN㉿kali-offensive)-[~/os-arsenal]
└─$ uname -a --all-platforms
[+] macOS ............... Daily Driver
[+] Kali Linux ............... Primary Offensive Platform
[+] Parrot OS ............... Alternate Offensive Platform
[+] Ubuntu / Debian ............... Server & Dev Environments
[+] Windows 10 / 11 ............... Target Simulation & Forensics
[+] iOS / Android ............... Mobile Security Research— CYBERSECURITY TOOLS MATRIX —
| ⚔️ Exploitation | 🔍 Recon & OSINT | 🧪 Digital Forensics | ☁️ Vuln Management |
|---|---|---|---|
Metasploit Advanced |
Nmap / Netcat Advanced |
Autopsy Advanced |
Nessus Advanced |
Burp Suite Advanced |
OSINT Framework Advanced |
FTK Imager Advanced |
OpenVAS Advanced |
SQLmap Advanced |
Maltego Advanced |
Magnet AXIOM Advanced |
AWS IAM Advanced |
Hydra Advanced |
Wireshark Advanced |
Magnet DVR Examiner Advanced |
MITRE ATT&CK Advanced |
John the Ripper Advanced |
Shodan Advanced |
MOBILeadit Advanced |
NetworkX Advanced |
Aircrack-ng Advanced |
Nikto / Acunetix Advanced |
Passware Kit Advanced |
CVSS Scoring Advanced |
Ghidra (RE) Very Good |
Snort Very Good |
Volatility Advanced |
ISO 27001 Audit Certified |
╔─ MISSION BRIEF ──────────────────────────────────────────────────────────╗
THREAT VECTOR : AWS Cloud IAM Over-Privilege & Privilege Escalation
TECH STACK : Python · NetworkX · MITRE ATT&CK · AWS JSON · OWASP
KEY RESULT : Automated detection of assume-role chaining & SoD conflicts
COMPLIANCE : OWASP-compliant data validation + vector-based risk reports
╚──────────────────────────────────────────────────────────────────────────╝
Architected a Python IAM risk analysis platform ingesting AWS JSON exports, auto-detecting over-privileged cloud identities and mapping privilege escalation paths via graph-based detection (NetworkX). Integrated MITRE ATT&CK tactic/technique categorisation with a dynamic CLI patch command pipeline and automated, vector-based risk intelligence reporting.
╔─ MISSION BRIEF ──────────────────────────────────────────────────────────╗
THREAT VECTOR : Android APK Permissions & API Call Static Analysis
TECH STACK : Python · Scikit-Learn · XGBoost · Drebin (15,000+ records)
KEY RESULT : 98.47% F1-Score · Near-perfect ROC-AUC
INNOVATION : Behaviour-based detection replacing signature scanning
╚──────────────────────────────────────────────────────────────────────────╝
Engineered enterprise-grade Android malware pipeline evaluating L1 Regularisation, Chi-Square extraction and Random Forest feature importance on the Drebin dataset. Trained XGBoost, RF, Logistic Regression & KNN to transition from signature-based to behaviour-based threat identification at production scale.
╔─ MISSION BRIEF ──────────────────────────────────────────────────────────╗
THREAT VECTOR : Volumetric DDoS Network Intrusion Classification
TECH STACK : Python · TensorFlow · XGBoost · CIC-DDoS2019 (225K+ rows)
KEY RESULT : 1.0000 Precision · 99.99% Accuracy · ZERO false positives
MODELS TESTED : 1D-CNNs · MLPs · XGBoost · Random Forest
╚──────────────────────────────────────────────────────────────────────────╝
Built an AI-driven NIDS on the CIC-DDoS2019 dataset with robust preprocessing handling severe class imbalance. XGBoost achieved a flawless 1.0000 precision — zero false-positive alerts for security analysts while maintaining near-perfect recall for all active volumetric attack vectors.
╔─ MISSION BRIEF ──────────────────────────────────────────────────────────╗
THREAT VECTOR : Automated NVD Severity Assessment via ML Regression
TECH STACK : Python · Scikit-Learn · Gradient Boosting · NVD Dataset
DATASET : 337,705 historical CVE records (National Vuln. Database)
KEY RESULT : R² = 0.9989 (Gradient Boosting) · Near-perfect accuracy
FEATURE SELECT : Pearson · Mutual Info · Chi-Square · F-Regression · RFE
╚──────────────────────────────────────────────────────────────────────────╝
Engineered a supervised ML pipeline to automate NVD severity assessments, predicting CVSS Base Scores across 337,705 historical CVE records. Processed vulnerability metadata features (attack-type flags, impact, exploitability scores) via 5 feature selection methods isolating 13 optimal predictors. Trained Gradient Boosting, Random Forest, Decision Tree & Linear Regression models — Gradient Boosting achieved near-perfect R² = 0.9989 validated through MAE, RMSE, R² and 5-fold cross-validation for enterprise patch prioritisation.
╔─ MISSION BRIEF ──────────────────────────────────────────────────────────╗
THREAT VECTOR : Dynamic CVSS Replacement — Context-Aware Risk Scoring
TECH STACK : Python · Scikit-Learn · XGBoost · Feature Engineering
KEY RESULT : Real-time 0–10 context risk scores · MSE/RMSE/MAE/R² val.
INNOVATION : TCP flags · port categories · protocol features as inputs
╚──────────────────────────────────────────────────────────────────────────╝
Designed an adaptive ML framework transitioning vulnerability assessments from static CVSS to real-time, context-aware scoring. Processed raw network traffic features (TCP flags, port categories, protocols) via One-Hot Encoding and feature engineering. Evaluated XGBoost, RF, Decision Tree & KNN; validated with MSE, RMSE, MAE and R² for enterprise threat response prioritisation at scale.
| 🏅 | Certification | Issuer | Date | Score / Credential |
|---|---|---|---|---|
| ☠️ | CPENT — Certified Penetration Tester Professional | EC-Council | 2024-11 |
ECC6970842153 |
| ☠️ | CEH Master — Certified Ethical Hacker Master | EC-Council | 2024-04 |
ECC1382059467 |
| ☠️ | CEH Practical | EC-Council | 2024-04 |
180/200 · ECC7804965321 |
| ☠️ | CEH v13 — Certified Ethical Hacker | EC-Council | 2025-12 |
ID 776964 |
| ☠️ | CEH — Certified Ethical Hacker | EC-Council | 2024-01 |
91.2% · ECC5081642397 |
| ☠️ | CHFI — Computer Hacking Forensic Investigator | EC-Council | 2023-12 |
90.7% · ECC4925367081 |
| 🔒 | ISO/IEC 27001:2022 Lead Auditor | Mastermind | 2026-01 |
ttuf1fci7e |
| 🔒 | EHE — Ethical Hacker Essentials | EC-Council | 2026-01 |
96% · ECC8416329075 |
| 🔴 | CRTOM — Certified Red Team Operations Management | Red Team Leaders | 2026-01 |
— |
| 🔴 | CTIGA — Threat Intelligence & Governance Analyst | Red Team Leaders | 2026-01 |
— |
| 🔴 | CCEP — Certified Cybersecurity Educator Professional | Red Team Leaders | 2026-01 |
— |
| 🔴 | CCPP — Certified C++ Practitioner | Red Team Leaders | 2026-01 |
— |
| 🔴 | Foundations of Log Analysis for Cyber Defense | Red Team Leaders | 2026-01 |
— |
| 📄 | TOEFL iBT | ETS | 2024-07 |
91 / 120 |
╔════════════════════════════════════════════════════════════════════════╗
║ TIMELINE ║
╠════════════════════════════════════════════════════════════════════════╣
║ ║
║ [2025-03 → 2025-09] IT HARDWARE SUPPORT ENGINEER ║
║ NIVA TECHNO TRANSITION, Surat, India ║
║ ▸ Enterprise system installation & maintenance ║
║ ▸ Hardware, software & network diagnostics ║
║ ▸ LAN/Wi-Fi & peripheral management ║
║ ▸ Regular security checks & offsite support ║
║ ║
║ [2024-02 → 2025-02] VULNERABILITY ASSESSMENT & PENETRATION TESTER ║
║ SYSAP TECHNOLOGIES, Pune, India (Remote) ║
║ ▸ Full-scope enterprise penetration tests ║
║ ▸ Executive + technical risk report delivery ║
║ ▸ Vulnerability remediation & hardening ║
║ ▸ Maintained currency with emerging threats ║
║ ║
║ [2023-07 → 2024-01] VULNERABILITY SCANNING & PEN TEST INTERN ║
║ SYSAP TECHNOLOGIES, Pune, India ║
║ ▸ Security & vulnerability scanning ║
║ ▸ Exploitation, threat intel & compliance docs ║
║ ▸ Security research & record keeping ║
║ ║
║ [2023-01 → 2023-04] NETWORK SPECIALIST INTERN ║
║ AIRLINK COMMUNICATION PVT. LTD, Surat ║
║ ▸ Network troubleshooting & monitoring ║
║ ▸ Network configuration & documentation ║
║ ║
║ [2022-06 → 2022-07] NETWORK ENGINEER INTERN ║
║ NIVA TECHNO TRANSITION, Surat ║
║ ▸ Network infrastructure & structured cabling ║
║ ▸ Documentation, reporting & customer support ║
║ ║
╚════════════════════════════════════════════════════════════════════════╝
🔴 [CLASSIFIED-10] Consolidated Pentesting & RCE Assessment
Conducted end-to-end penetration testing across Redis, Openfire, and Gitea environments. Achieved system-level access via Redis replication abuse, Openfire admin console exploitation, and Git Hooks weaponization. CVSS scores up to 10.0 Critical.
Nmap · Metasploit · Redis Exploit · Git Hooks · Reverse Shells · CVSS
🔵 [CLASSIFIED-10] Digital Forensic Strategy — Missing Person Investigation
Designed an ISO-aligned forensic investigation plan covering corporate systems, mobile devices, IoT, cloud platforms & CCTV. Applied ISO 27037/27035/27042/27043/17025 with full UK GDPR, NPCC & FSR compliance and chain-of-custody management.
FTK Imager · Magnet AXIOM · Magnet DVR Examiner · MOBILeadit · Autopsy · Passware Kit
🟡 [CLASSIFIED-10] Strategic Security Audit — Cyberzone AI Ltd.
Led ISO/IEC 27001:2023 audit of AI-driven healthcare & fintech systems. Identified identity gaps, patching weaknesses & source code exposure. Evaluated compliance with UK GDPR, Data Protection Act 2018, and US HIPAA. Proposed FIDO2 MFA, immutable backups, automated patching & Purple Team exercises. Delivered full risk-scored audit report + phased mitigation roadmap.
🟣 [CLASSIFIED-10] AI & Autonomous Pentesting Frameworks — Research
Systematic literature review evaluating Deep Reinforcement Learning & LLMs for autonomous offensive cybersecurity. Synthesized quantitative performance metrics assessing architectural evolution from single-agent LLMs to collaborative Multi-Agent Systems (MAS). Identified the "Sim2Real" transfer gap, algorithmic hallucination risks and dual-use ethical concerns. Formulated a Neuro-Symbolic AI + HITL architecture for EU AI Act & GDPR compliance.
DRL · LLMs · Multi-Agent Systems · Neuro-Symbolic AI · EU AI Act · GDPR
🟢 [CLASSIFIED-10] IT Project Management: Autonomous AI-Driven Pentesting
Orchestrated a 7-week Hybrid Agile-PRINCE2 project for an autonomous AI cybersecurity system using Monday.com as the Work OS. Managed a 5-phase WBS, sprint execution, capacity planning & automated approvals. Led EU AI Act compliance deliverables under crisis resource reallocation with HITL + Neuro-Symbolic safety guardrails.
Monday.com · Agile-PRINCE2 · WBS · Risk Management · Regulatory Compliance
| 🏢 Organisation | 🎯 Operation | 🔑 Skills Demonstrated |
|---|---|---|
| Deloitte | Cyber Job Simulation | Threat Analysis · Incident Reports · Mitigation |
| MasterCard | Cybersecurity Job Simulation | Payment Security · Fraud Detection · Risk Response |
| Commonwealth Bank | Intro to Cybersecurity | Risk Management · Access Control · Data Protection |
| Telstra | Cybersecurity Job Simulation | Network Security · Vulnerability Identification |
| Datacom | Cyber Security Operations | SOC · Log Analysis · Anomaly Detection |
| TATA | Cybersecurity Analyst Simulation | System Scanning · Vuln Prioritisation |
| AIG | Shields Up: Cybersecurity | Cyber Defence · Attack Scenarios · Safeguards |
| 🎓 Degree | 🏛️ Institution | 📅 | 📊 |
|---|---|---|---|
| MSc Cyber Security with Professional Placement | Birmingham City University, UK | Exp. 2027 |
— |
| BE — Computer Science & Engineering | SN Patel Institute of Technology (GTU), India | 2024 |
7.86 CGPA |
| Diploma — Computer Engineering | N.G. Patel Polytechnic College (GTU), India | 2021 |
7.80 CGPA |
| Class 10 — SSC (CBSE) | Kendriya Vidyalaya No.1, Surat | 2017 |
— |
┌──(HEAVEN㉿kali-offensive)-[~/hobbies]
└─$ cat interests.txt
[+] CTF CHALLENGES ............... Ethical Hacking Research & Capture-the-Flag
[+] APPLE ECOSYSTEM ............... Hardware/Software Troubleshooting & Emerging Tech
[+] MOBILE SECURITY ............... iOS & Android Security Research
[+] CULINARY HACKS ............... Experimenting with Varied Cuisines & Cooking#!/usr/bin/env python3
# CLASSIFICATION: TOP SECRET — CAREER INTELLIGENCE BRIEF
class NisargChasmawala_MissionPlan:
short_term_objectives = [
"Earn OSCP, CISSP — push elite certification stack further",
"Build AI-augmented security pipelines for enterprise defence",
"Deepen red team operations experience with real engagements",
]
mid_term_objectives = [
"Publish peer-reviewed research at intersection of AI + Cyber",
"Lead offensive security teams & mentor the next generation",
"Pioneer autonomous penetration testing methodologies",
]
long_term_objectives = [
"Become a globally recognised cybersecurity adviser",
"Lead development of next-generation security tools & frameworks",
"Shape international cyberspace policy & best practices",
]
ultimate_mission: str = """
Uncover every vulnerability. Secure every critical system.
Build a demonstrably safer digital world — for everyone.
"""
def execute(self) -> None:
while True:
hunt(); learn(); build(); secure(); repeat()
SELECT * FROM elite_security_engineers
WHERE alias = 'HEAVEN'
AND name = 'Nisarg Chasmawala'
AND certs IN ('CPENT','CEH_Master','CHFI','ISO_27001','CEH_v13')
AND location = 'Birmingham, England, United Kingdom'
AND status = 'ACTIVE'
AND mission = 'MAKING_DIGITAL_WORLD_SAFER';
-- 1 row returned. Target identified. ☠
[ ALL SYSTEMS SECURED — CONNECTION TERMINATED — ☠ ]