Cyber Security Researcher | Android Pentester | Vulnerability Researcher

SOYAM ARYA

Independent Security Researcher focusing on Android Security, Web Security and Vulnerability Research.

About Me

I discover security vulnerabilities, perform responsible disclosure and research application security. My work includes Android reverse engineering, API testing, web security testing and CVE research.

CVE Research
CVE-2025-5154
Android security vulnerability research involving sensitive data exposure.
CVE-2025-6748
Android application security weakness discovered through responsible disclosure.
CVE-2026-5682
Cryptographic security issue research.
CVE-2026-12065
Application authorization security research.
CVE-2026-12189
WebView and mobile security research.
Skills
Android Pentesting
JADX
MobSF
Frida
Burp Suite
API Security
XSS
IDOR
Web3 Security
Research Blog

Thursday, 29 May 2025

Portfolio

 

💻 My Cybersecurity & Ethical Hacking Portfolio

Hey there! I’m Soyam Arya (aka honest_corrupt) – an ethical hacker, bug bounty hunter, and cybersecurity specialist dedicated to identifying, understanding, and responsibly reporting security vulnerabilities across web, mobile, and network platforms. With a relentless curiosity and a hacker mindset, I’ve not only explored vulnerabilities but have actively contributed to the global security community, ensuring that the digital world becomes safer with every bug discovered and reported.

🛠️ Key Projects & Vulnerability Research

📱 MobileHackingJourney

🔗 View Repo

This is my flagship repository, a reflection of my deep dive into mobile application security. It highlights:

  • In-depth case studies of real mobile vulnerabilities

  • Use of advanced tools like Frida, Objection, MobSF, ADB, JADX

  • Techniques such as insecure storage testing, dynamic & static analysis, and root detection bypass

  • Custom scripts and automation for efficient testing

  • Insight into my evolving methodology for Android and iOS app pentesting

If you want to understand how I approach mobile pentesting, this is a must-read.

🔑 Google Mobile Services (GMS) Local Database Sensitive Key Exposure – CVE Request

🔗 View Repo
A critical vulnerability I discovered in Google Mobile Services, where sensitive keys were exposed in the local database:

  • Deep technical analysis showing the flaw and its implications

  • A well-documented proof of concept (PoC)

  • A formal CVE request submission showing my commitment to responsible disclosure

🔐 Insecure Local Storage of Sensitive User Data in PhonePe Android App (Unpatched)

🔗 View Repo
In this project, I:

  • Identified a critical data storage vulnerability in PhonePe’s Android App

  • Showcased how attackers could exploit this flaw to extract sensitive user data

  • Provided remediation suggestions for securing storage mechanisms

🕸️ SQL Injection in John XXIII College Website (gallary.php)

🔗 View Repo
This project highlights:

  • My hands-on approach in identifying and exploiting a SQLi vulnerability

  • Real-world proof showing database exploitation risks

  • Recommendations for secure coding practices

🌐 Dark Web Site Hosting Demo

🔗 View Repo
This repo illustrates:

  • A technical walkthrough of setting up dark web hosting

  • My understanding of privacy tools like Tor and secure hosting configurations

  • My capacity to simulate real-world scenarios for research and learning

📶 Wi-Fi Jammer (wifi-jammerhc4)

🔗 View Repo
A demonstration of my wireless network exploitation skills, including:

  • Custom scripts to perform Wi-Fi deauthentication attacks

  • Knowledge of 802.11 protocols and network manipulation

  • Emphasis on ethical testing in controlled environments

🗝️ CVE Submission: CampCodes Project Management System – Hardcoded Credentials & Info Disclosure

🔗 View Repo
A case study of:

  • Hardcoded credential vulnerabilities and info disclosure issues in CampCodes

  • A detailed vulnerability report, PoC, and CVE request submission

  • My role in enhancing the security posture of an open-source platform

  🌟 Skills & Expertise

  • Web Application Security: SQL Injection (SQLi), Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR)

  • Mobile App Security: Android/iOS pentesting, dynamic/static analysis, insecure storage, API testing

  • Network Security: Wi-Fi attacks, protocol analysis, packet crafting

  • Tools Mastery: Burp Suite, OWASP ZAP, Frida, MobSF, Nmap, Metasploit, ADB, Wireshark

  • Vulnerability Discovery & Responsible Disclosure: CVE submissions, coordinated disclosure with companies like Google and Snapchat

  • Custom Tool Development: Python, Bash, automation scripts

  • Deep Understanding of dark web & anonymity technologies (Tor, hidden services)

     

    Compromised Web Ecosystem Analysis & Recovery

    Ethical Hacking Journey: From Recovering a Defaced Website to Uncovering a Network of Compromised Sites 🔍🛡️

    As a Certified Ethical Hacker and cybersecurity expert, every day presents new challenges and opportunities to learn. Recently, I embarked on an intense project that started with the goal of recovering a single defaced website. What I discovered, however, was much larger — a vast network of websites compromised and controlled through a single vulnerable backend system.

    Key Discoveries 🚨

  • Successfully exploited SQL Injection vulnerabilities to bypass the login page and gain admin access. 🔓

  • Found that the backend system managed hundreds of compromised websites across multiple domains. 🌐

  • Injected persistent Cross-Site Scripting (XSS) payloads, enabling control over content and user sessions on these sites. 💥

  • Demonstrated how a single vulnerability can lead to the mass compromise of an entire ecosystem of websites. ⚠️

Skills Demonstrated 🛠️

  • Advanced SQL Injection exploitation

  • Crafting and deploying persistent XSS attacks

  • Navigating complex web backend systems managing multi-domain infrastructures

  • Ethical hacking and responsible vulnerability disclosure

     

     




     

Reflections & Learnings 💭

This project reinforced a critical lesson in cybersecurity: a single unpatched vulnerability can become a gateway to massive breaches affecting hundreds of websites. It emphasizes the importance of regular security audits, timely patching, and educating organizations on the cascading effects of vulnerabilities.

I am proud to share this experience as part of my ongoing commitment to making the internet a safer place, one vulnerability at a time.

 


 











If you are interested in ethical hacking, penetration testing, or cybersecurity consulting, feel free to reach out! Let’s work together to build stronger defenses.

#CyberSecurity #EthicalHacking #SQLInjection #XSS #BugBounty #Pentesting #InfoSec #WebSecurity

  •  




     

🌐 About Me – Beyond the Code

  • Certified Ethical Hacker (CEH) with a strong passion for continuous learning, teaching, and contributing to the global cybersecurity community.

  • Holder of multiple EC-Council certifications, including SQL Injection Attacks, Mobile Bug Bounty Hunting, and Raspberry Pi Hardware Projects.

  • Bug bounty hunter recognized by top platforms such as Google and Snapchat for high-impact vulnerability discoveries and official CVE submissions (CVE-2025-5154).

  • Actively building and refining my personal penetration testing lab, focusing on real-world Capture The Flag (CTF) challenges and live security assessments.

  • Constantly exploring new attack vectors and sharing knowledge through my public repositories and contributions.

  • Open to collaborations, mentorship opportunities, and exciting security projects with like-minded professionals.

🌐 Connect with Me

🔸 LinkedIn: Soyam Arya
🔸 GitHub: honestcorrupt
🔸 📧 Email: soyamarya96ethical@gmail.com




at 1 comment:
Location: India
Subscribe to: Posts (Atom)
Contact

Email: soyam@soyamcybersec.xyz

GitHub: github.com/honestcorrupt

Portfolio: honestcorrupt.github.io/my-website