transmitting from the moon

Sachin Amrev

// software_engineer && ethical_hacker

I build fast, secure software — and stress-test it before anyone else gets the chance.

Sachin Amrev@moon:~
Sachin OS v13.37 — SECURE BOOT OK
Loading modules: security... crypto... fullstack... done
Sachin Amrev@moon:~$
Pen TestingACTIVE
Dev ModeON
EncryptedYES
scroll
01section

About

A developer who treats security as a first-class feature, not an afterthought.

🌙 Transmitting from the Moon

I'm Sachin Amrev — a software engineer and ethical hacker who lives at the intersection of building and breaking things. I design full-stack applications with security baked in from line one, then try to crack them before anyone else does.

My stack spans frontend to infrastructure, with a dedicated lane for application security: hardened APIs, encrypted pipelines, rate-limiting middleware, and zero-trust access patterns. I care about measurable performance and systems that stay up under pressure.

When I'm not shipping code, I'm solving CTFs, hunting bugs on bounty programs, and open-sourcing tooling that makes security work faster for everyone.

OWASP Top 10Zero TrustDevSecOpsThreat ModelingCTF SolverBug Bounty
0+
Years coding
0
Public repos
0+
CTF challenges
0
Disclosures
02section

Skills

The stack I reach for — across engineering, infrastructure, and security.

Languages

7
TypeScriptJavaScriptPythonGoSQLCBash

Frontend

6
ReactNext.jsTailwind CSSHTML/CSSShadcn UIThree.js

Backend

7
Node.jsExpressFastAPIPostgreSQLRedisGraphQLPrisma

DevOps & Infra

7
DockerKubernetesAWSGitHub ActionsVercelLinuxNginx

Security

7
Burp SuiteNmapMetasploitWiresharkOWASP ZAPNiktoGhidra
// proficiency
Application Security88%
Full-Stack Development92%
Systems & Tooling80%
Cloud & DevOps78%
03section

Projects

Selected work across security tooling, full-stack apps, and developer infrastructure.

Security

Sentinel

Real-time API abuse detection

A middleware gateway that fingerprints and rate-limits abusive API clients using behavioral heuristics, request entropy, and reputation scoring. Ships as a drop-in reverse proxy.

GoRedisgRPCRate Limiting
Security

VaultGuard

Zero-knowledge secrets manager

Client-side encrypted secrets vault with per-entry access policies, audit trail, and a CLI for CI pipelines. Keys never leave the browser.

TypeScriptWebCryptoNext.jsCLI
Tooling

ReconKit

Modular recon framework

A plugin-driven reconnaissance framework for authorized pentests. Orchestrates subdomain enumeration, port scanning, and fingerprinting into a single graph.

PythonasyncioPluginsCLI
Full-Stack

Pulse

Distributed uptime & latency monitor

Multi-region probe system that pings endpoints, aggregates latency percentiles, and alerts via webhooks. Dashboard built with real-time WebSockets.

Node.jsPostgreSQLWebSocketsDocker
Full-Stack

CipherChat

End-to-end encrypted messaging

Self-hostable chat platform with Signal-protocol-style double ratchet, forward secrecy, and per-device keys. No phone number required.

ReactFastAPIWebRTCE2EE
Tooling

FuzzNet

Coverage-guided network fuzzer

A lightweight fuzzer that mutates network protocol payloads and tracks code coverage via instrumentation hooks. Built for research on proprietary parsers.

GolibFuzzerProtocolsResearch
04section

GitHub Stats

Open-source activity, language distribution, and contribution rhythm.

48
Repositories
1,240
Total Stars
3,200
Commits
1,850
Contributions

Contribution Activity

1850 contributions in the last year
lessmore

// consistent open-source activity across security tooling and full-stack projects

05section

Experience

Roles, research, and the work that shaped how I build and break software.

2023 — Present Remote · Moon

Software Engineer

Independent / Open Source

Building security-focused developer tooling and shipping full-stack applications end to end.

  • Designed and shipped a reverse-proxy abuse-detection gateway handling 10k+ req/s in benchmarks.
  • Maintained open-source security tooling with contributors across timezones.
  • Reported and responsibly disclosed vulnerabilities in third-party libraries.
GoTypeScriptNext.jsPostgreSQLDocker
2021 — 2023 Remote

Full-Stack Developer

Freelance

Delivered web platforms for clients with a focus on performance and security defaults.

  • Built production dashboards with real-time data and sub-100ms TTFB targets.
  • Hardened auth flows, input validation, and CSP headers across client projects.
  • Automated CI/CD pipelines cutting deploy time from hours to minutes.
ReactNode.jsAWSGitHub Actions
2020 — Present Worldwide

Security Researcher

CTFs & Bug Bounty

Participating in capture-the-flag events and hunting bugs on public bounty programs.

  • Solved challenges across web, crypto, pwn, and forensics categories.
  • Identified OWASP Top 10 issues in real applications during authorized testing.
  • Published writeups and tooling for the community.
Burp SuitePythonGhidraLinux
06section

Contact

Have a project, a vulnerability to disclose, or just want to talk shop? Send a message.

Email
contact.sachinamrev@gmail.com
Location
🌙 Moon
// response time

I usually reply within a couple of days. For responsible disclosure of security issues, please email directly with details and I'll acknowledge receipt.