Who I Am
I'm Aditya Kumar Sharma, known in the cybersecurity community as assassin_marcos. I'm a Senior Cybersecurity Consultant, ethical hacker, penetration tester, and bug bounty hunter based in New Delhi, India. With over 8 years of hands-on experience in offensive security, I've dedicated my career to making the digital world safer by finding and responsibly disclosing vulnerabilities before malicious actors can exploit them.
My journey into cybersecurity began with a deep curiosity about how systems work — and more importantly, how they can be broken. What started as experimenting with security tools as a teenager evolved into a full-time career that has taken me across industries, from Fortune 500 companies to government agencies, from startups to critical infrastructure providers.
Professional Journey
My professional career started in 2016 when I joined the HackerOne platform as an independent security researcher. The bug bounty world taught me discipline, creativity, and the art of thinking like an attacker. Over the years, I expanded to Bugcrowd and private programs, consistently finding critical vulnerabilities in enterprise-grade targets.
In 2021, I joined SpyderAuth Security Pvt. Ltd. as a Cyber Security Analyst, where I performed penetration testing and vulnerability assessments on complex systems and networks. I conducted security audits for compliance with industry standards and created comprehensive reports that helped organizations reduce security incidents by 30%.
Currently, I serve as a Senior Cyber Security Consultant at REOFT Technologies Pvt. Ltd., where I lead a team performing penetration testing across the hospitality industry, manage client engagements, and collaborate with global organizations to strengthen their security posture. I also continue active participation in bug bounty programs, keeping my skills sharp and staying current with the latest attack techniques.
Methodologies & Approach
I follow industry-recognized methodologies to ensure thorough and structured security assessments. My testing approach is guided by:
OWASP Testing Guide
The definitive framework for web application security testing. I follow the OWASP Testing Guide v4.2 for comprehensive coverage of all web application attack vectors, including the OWASP Top 10 and beyond.
PTES (Penetration Testing Execution Standard)
A structured methodology covering the entire penetration testing lifecycle — from pre-engagement interactions and intelligence gathering through threat modeling, vulnerability analysis, exploitation, and reporting.
OSSTMM
The Open Source Security Testing Methodology Manual provides a scientific methodology for characterizing operational security. I use OSSTMM for network and infrastructure assessments to ensure measurable and repeatable results.
NIST Cybersecurity Framework
For clients requiring compliance-oriented assessments, I align my testing and recommendations with the NIST CSF framework, covering Identify, Protect, Detect, Respond, and Recover functions.
Conferences & Community
I believe in giving back to the cybersecurity community through knowledge sharing and collaboration. I regularly attend and participate in industry conferences:
These conferences are invaluable for staying connected with the security community, learning about emerging threats and techniques, and networking with fellow researchers and practitioners. I was part of the core organizing team for the United Conference on Cyber Space in 2020, helping bring together cybersecurity professionals from across India.
Philosophy
I believe that every system has vulnerabilities — the question is whether they're found by defenders or attackers. My approach to ethical hacking is rooted in the principle that breaking things responsibly makes them stronger. Every vulnerability I find is an opportunity to help an organization improve its security posture before a real attacker exploits it.
Responsible disclosure is at the core of everything I do. Over the years, I've reported vulnerabilities to more than 200 organizations, earning Hall of Fame recognitions from industry giants like Google, Microsoft, Adobe, Intel, Sony, Dell, and many more. Each disclosure represents hours of research, careful documentation, and professional communication with security teams.
I approach every engagement with the same mindset — whether it's a bug bounty program or a contracted penetration test — with thoroughness, creativity, and an unwavering commitment to ethical standards.
Connect With Me
Interested in working together? Get in touch to discuss your security needs.