Devansh Batham
Security Researcher / Builder / Breaker
I break things for a living and help others understand why they broke.
I got pulled into security sometime around 2016. I don't remember exactly how, probably a CTF challenge that made me feel stupid in exactly the right way. That feeling of being completely lost, then slowly not, has been the engine behind nearly everything I've done since. Starting with web application testing and chasing bugs in the wild, I have been going deeper into the rabbithole ever since.
Growing up, I was drawn to people who refused to stay in one lane. Da Vinci painting and dissecting cadavers in the same afternoon. Feynman cracking safes at Los Alamos between physics sessions. Ibn al-Haytham inventing the scientific method while also writing about optics, astronomy, and mathematics. There's something deeply appealing about the polymath impulse, the idea that knowledge doesn't respect the boundaries we draw around it, and that the most interesting things happen at the edges where disciplines bleed into each other. I've always had an unmanageable urge to learn everything. Security just happened to be the rabbithole that went the deepest.
I grew up reading Phrack issues and The Conscience of a Hacker, thumbing through 2600 quarterlies, and lurking on forums where people dissected systems with a reverence that bordered on devotion. The old hacker ethos, curiosity over credentials, understanding over authority, the belief that information wants to be examined, shaped how I think about security more than any certification ever could. I soon realized that security was never really about computers. It's about systems, incentives, trust, and the assumptions people forget they're making.
Over the years, I have reported hundreds of vulnerabilities to over a hundred companies, built a handful of open-source tools — ParamSpider, FavFreak, OpenRedireX, Rayder, among others, that people in the security community seem to find useful. They have collectively gathered over 10,000 stars on GitHub, which still surprises me.
I've seen security from nearly every angle, bug hunter, vulnerability researcher, triager, blockchain security auditor, open-source toolsmith, penetration tester, and a leader. Currently, I lead the Technical Services (Triage) team at HackerOne, where I review vulnerability reports and help bridge the gap between researchers and the organizations they report to.
My technical writings are at writings, and my non-tech ramblings live at ramblings.
I can be reached at devanshbatham009@gmail.com.
GitHub · X(formerly Twitter) · LinkedIn · devanshbatham009@gmail.com