About

I'm Tushal Padsala - security enthusiast, and open-source contributor with a passion for building and breaking systems. I specialize in application and API security, combining manual testing, automation, and engineering to improve software resilience and reduce risk.

Through hands-on experience in VAPT, I've discovered and helped remediate critical vulnerabilities across SaaS platforms using OWASP-based testing, threat modeling, and CI/CD security integration. I work closely with development and DevOps teams to improve security workflows, implement proactive controls, and ensure secure software development from design to deployment.

My journey in offensive security and research has naturally led me to build systems focused on exposure management identifying attack surfaces, reducing unnecessary risk, and engineering tools that scale with modern threats. I've helped many companies secure their assets through responsible disclosure in bug bounty programs, earning multiple rewards and being recognized in several Hall of Fames.

I love building complex things. Whether it's developing automation tools, optimizing CI/CD pipelines for security, or streamlining data flows for threat analysis I enjoy the challenge. Tools like SubHunter, a platform that collected over 2.4 billion subdomains, are born from this mindset.

Outside of client work, I actively contribute to open-source projects like Winutil and maintain a minimalist, performance-focused workflow using dwm, neovim, zsh, and scripting in Python, Bash, and PowerShell. I'm most in my element when I'm researching a new attack vector, writing PoCs, or quietly coding something powerful from scratch.

If you're into hacking, exposure reduction, building, or just tweaking your terminal setup. we'll get along great.