// about

A focused team.
A serious mission.

Xyron is a penetration testing team of three security professionals. Between us we have responsibly disclosed vulnerabilities to more than 75 organizations — including Fortune 500 companies, government platforms, payment processors and high-growth startups.

Expert Team

Meet Our Security Experts

Our team combines deep expertise in offensive security, application testing, and responsible disclosure — guiding you from gaps to hardened systems, fast and flawlessly.

Ankit Singh

Ankit Singh

Team Lead · Red Team Specialist

Yogi Atram

Yogi Atram

Security Analyst · API & Mobile

Aditya Kumar

Aditya Kumar

Security Researcher · OSINT

75+
Organizations responsibly disclosed
3
Senior security professionals
US / EU / IN
International client base
100%
Manually verified findings

Companies we've reported to

Through responsible disclosure programs and coordinated reports, our team has helped secure platforms used by billions of people:

Dell
Meta
Adobe
Google
Apple
Amazon
Audible
Linktree
Bajaj Finance
Pine Labs
Govt. platforms
Payment processors

// team

Meet the operators.

Three senior researchers. Hands-on offensive testing, manual verification, and a deep bench of responsible disclosures across Fortune 500.

Ankit Singh

Ankit Singh

Team Lead

Security Analyst · Penetration Tester · Red Team Specialist

certifications
  • Certified Ethical Hacker (CEH v13) — EC-Council
  • GRC Fundamentals — CyberExam (CE-2026-036384)
experience
Project Trainee & Cybersecurity Intern — Softsense Technoserve Pvt. Ltd.
Jun 2025 – Apr 2026
  • VAPT across 5+ web applications targeting OWASP Top 10 — identified & validated 20+ flaws (IDOR, auth bypass, broken access control, session issues) using Burp Suite Pro.
  • Privilege escalation & post-exploitation across 5+ Windows enterprise environments — uncovered 15+ critical misconfigurations.
  • Authored 15+ formal VAPT reports with PoCs, CVSS ratings, and remediation guidance for client delivery.
  • Simulated 10+ phishing & client-side attacks, including VBA-based phishing with documented vectors and mitigation.
  • Bug bounty disclosures across Dell, Meesho, Frontegg, Poorvika, Napkin AI, and Audible (Amazon) — Stored XSS, OTP bypass, payment bypass, IDOR, CORS, and hardcoded credentials.
Yogi Atram

Yogi Atram

Security Analyst

Penetration Tester · Bug Bounty Researcher · Mobile & API Security

certifications
  • Certified Ethical Hacker (CEH v13) — EC-Council
experience
Security Analyst Intern — FORnSEC Solutions, Nagpur
2025 – 2026
  • VAPT, WAPT, and API security assessments with Burp Suite & Postman following OWASP Top 10 methodology.
  • Discovered hardcoded AWS Cognito Identity Pool IDs in the Audible Android APK — unauthenticated write access to production Kinesis across 4 AWS accounts.
  • Identified SSO login bypass on Swayam (Govt. of India) via unverified Firebase token acceptance for arbitrary government email accounts.
  • Disclosures: one-click ATO via Stored XSS on Kimi AI, CORS + credential exfil on Frontegg/DevRev, payment callback tampering on Poorvika.com, Sensitive Info Disclosure in NASA, ATO via Stored XSS in Skispace, Firebase misconfig in Napkin AI.
core skills
  • WAPT
  • API Testing
  • MobSF
  • JADX
  • Network Auditing
  • OWASP Top 10
  • Burp Suite
  • Postman
Aditya Kumar

Aditya Kumar

Security Researcher

OSINT Specialist · Independent Bug Bounty Hunter · Web App Tester

certifications
  • Diploma — Information Technology & Systems Management
  • HackerOne: adityasunny_06
  • Bugcrowd: adityasunny06
experience
Independent Security Researcher
Ongoing
  • Responsibly disclosed vulnerabilities across 75+ organizations worldwide — consistently locating high-impact weaknesses without institutional support.
  • Notable: Dell, Meta, Adobe, Google, Apple, Linktree, Bajaj Finance, Audible (Amazon), Pine Labs, Red Pharmacy, ABB Information Systems Ltd.
  • Collaborates with Xyron on multi-vector assessments — deep OSINT-driven recon and manual testing.
core skills
  • OSINT
  • Passive & Active Recon
  • Web App Testing
  • Business Logic
  • Responsible Disclosure

Our positioning

US/EU-grade penetration testing at offshore rates. We deliver the same quality, methodology and documentation as top-tier security firms — at a price point that lets startups and mid-market companies actually afford serious offensive testing.

Get in touch