Sentinel
Real-time API abuse detection
A middleware gateway that fingerprints and rate-limits abusive API clients using behavioral heuristics, request entropy, and reputation scoring. Ships as a drop-in reverse proxy.
// software_engineer && ethical_hacker
I build fast, secure software — and stress-test it before anyone else gets the chance.
A developer who treats security as a first-class feature, not an afterthought.
I'm Sachin Amrev — a software engineer and ethical hacker who lives at the intersection of building and breaking things. I design full-stack applications with security baked in from line one, then try to crack them before anyone else does.
My stack spans frontend to infrastructure, with a dedicated lane for application security: hardened APIs, encrypted pipelines, rate-limiting middleware, and zero-trust access patterns. I care about measurable performance and systems that stay up under pressure.
When I'm not shipping code, I'm solving CTFs, hunting bugs on bounty programs, and open-sourcing tooling that makes security work faster for everyone.
The stack I reach for — across engineering, infrastructure, and security.
Selected work across security tooling, full-stack apps, and developer infrastructure.
Real-time API abuse detection
A middleware gateway that fingerprints and rate-limits abusive API clients using behavioral heuristics, request entropy, and reputation scoring. Ships as a drop-in reverse proxy.
Zero-knowledge secrets manager
Client-side encrypted secrets vault with per-entry access policies, audit trail, and a CLI for CI pipelines. Keys never leave the browser.
Modular recon framework
A plugin-driven reconnaissance framework for authorized pentests. Orchestrates subdomain enumeration, port scanning, and fingerprinting into a single graph.
Distributed uptime & latency monitor
Multi-region probe system that pings endpoints, aggregates latency percentiles, and alerts via webhooks. Dashboard built with real-time WebSockets.
End-to-end encrypted messaging
Self-hostable chat platform with Signal-protocol-style double ratchet, forward secrecy, and per-device keys. No phone number required.
Coverage-guided network fuzzer
A lightweight fuzzer that mutates network protocol payloads and tracks code coverage via instrumentation hooks. Built for research on proprietary parsers.
Open-source activity, language distribution, and contribution rhythm.
// consistent open-source activity across security tooling and full-stack projects
Roles, research, and the work that shaped how I build and break software.
Independent / Open Source
Building security-focused developer tooling and shipping full-stack applications end to end.
Freelance
Delivered web platforms for clients with a focus on performance and security defaults.
CTFs & Bug Bounty
Participating in capture-the-flag events and hunting bugs on public bounty programs.
Have a project, a vulnerability to disclose, or just want to talk shop? Send a message.
I usually reply within a couple of days. For responsible disclosure of security issues, please email directly with details and I'll acknowledge receipt.