Home Services Pricing About Blog Get Assessment
ABOUT

The researcher behind the reports.

CC

Young, hungry, and already finding what others miss.

I started Amity Cyber Resolved because the vulnerability assessment industry had become too comfortable. Teams buried finding counts under noise, compliance officers signed off on reports they couldn't actually read, and real attackers laughed at static scanner output. There had to be a better way—one where rigor and clarity weren't optional.

Today, I spend my time in two places: either deep in a target's environment finding logic flaws no scanner will touch, or sitting with a client's engineering team explaining exactly how we broke their system and what a real exploit chain looks like. I report findings I can defend, skip the vibes, and make sure retests actually matter. Every engagement includes responsible disclosure coordination—if we find something in the wild, it gets routed properly and quietly.

How we work.

01

Manual over automated.

Scanners find known patterns. Attackers find logic. Our work is what happens after the scan finishes.

02

Verify or it didn't happen.

Every finding has reproduction steps a developer can run locally. If we can't demo it, it's not a finding.

03

Report writing is half the job.

A report an engineer will actually read is worth ten a compliance officer will skim. We write for both.

04

No noise.

You get findings, not vibes. If there's no exploit chain, we don't ship a 'suggestion for hardening' — we ship signal.

05

Retest included.

Fixes get retested. Compliance evidence gets attached. You get a report you can hand to a board without editing.

06

Coordinated disclosure.

If we find something in the wild during recon that's not in scope, we route through your channel — or theirs — quietly.

The stack.

A focused set of tools paired with deep manual expertise. Nothing fancy; just the instruments that cut through the noise.

burp · request tampering & repeater
nmap · port scanning & scripts
ffuf · content discovery
amass · subdomain enumeration
dnsx · dns brute force
sqlmap · injection when justified
httpx · alive host filtering
custom py · one-offs, chained exploits

Have something worth testing?

Book a Consult →

See our responsible disclosure policy.