Year in Review - 2025

2025 redefined cybersecurity through the integration of AI, surfacing new opportunities as well as pitfalls in our approach to cybersecurity. It exposed us to changes that demand more than just surface-level fixes.

Team bi0s remains committed to technical grit, moving beyond “vibe coding” to set new benchmarks in excellence. From prevailing across global stages like DFC and DFRF to extending our presence at conferences like GCC to uncovering critical vulnerabilities in AI platforms, our legacy remains unchanged.

We, team bi0s, are a collective of like minds from the student community of Amrita Vishwa Vidyapeetham, Amritapuri, invested in all things cybersecurity. Our efforts go towards the betterment of tomorrow’s cyberspace. With over a decade of fruitful efforts and a chain of skillful mentees, mentors, faculty, and alumni, we proudly lead the nation in cybersecurity; this is reflected by our position as the No. 1 ranked CTF team nationally and 29th worldwide as acknowledged by CTFtime.

CTFs Organized

bi0s CTF 2025

bi0s CTF 2025 was one of our best efforts yet to give back to the international community that enriched us, with a premier Jeopardy-style CTF crafted for passionate ethical hackers. Challenges were created meticulously with novel vulnerabilities and research frontiers put together in an engaging and fun format.

This third edition of the CTF marked another successful run, with top teams from around the world participating and showcasing their skills, exchanging cybersecurity insights on our platform. We also had the highest rating yet of 95.79 for the CTF.

image

CTF highlights

Digital Forensics Challenge (DFC)

DFC

The Digital Forensics Challenge (DFC) 2025 is a world-renowned competition for digital forensics players. It is hosted by the Korean Institute of Information Security and Cryptology (KIISC). In this competition, participants ranging from working professionals to researchers compete to build tools and solve forensic challenges.

Team bi0s takes it a great deal to continue excelling in the challenge, year after year. We once again emerged as International Rank 1 this year, continuing a three-year legacy and 4th place overall. We also bagged a cash prize of ₩3,000,000 for the same. Along with DFC, we were also invited to the Digital Forensics Research Forum (DFRF) workshop, where they were asked to present their findings and work.

Blackhat Conferences

Blackhat is a cybersecurity conference which happens all around the world every year. The conference brings together cybersecurity people and provides them with trainings, sessions, and exposure to oppurtunities and more. Team bi0s also took great pleasure in being a part of this year’s Blackhat conferences.

Blackhat Middle East & Africa (MEA)

blackhat

Beyond the conferences, one of our members, Johith Lal, went on to display his excellence in a CTF event at Blackhat Asia Singapore by successfully solving a SaaS-related threat incident response scenarios organized by Obsidian Security. The competition was a test on the participants’ real-time threat detection and response skills, and he was awarded a drone as a prize for placing first in the CTF.

drone(1)

Blackhat Asia (Singapore)

basia(4)

At Blackhat Asia, our members Anikait Panigrahi and Aparna Balaji presented their tool R0fuzz, a collaborative fuzzing framework designed specifically for Industrial Control Systems (ICS). This tool combines generation-based and mutation-based fuzzing strategies, integrates Radamsa for stress-testing protocol implementations, and introduces AI-driven packet generation and mutation to improve protocol coverage. It supports a wide range of critical ICS protocols, including Modbus, Profinet, DNP3, OPC, and BACnet.

newww

CyberQ

CyberQ

CyberQ is a one-of-a-kind summit on quantum cybersecurity, AI defense, and post-quantum cryptography. It is held at Abu Dhabi and is hosted by the UAE Cyber Security Council.

Three of our members, Abel S John, Ankith Abhayan and Mohith L. S., qualified for CyberQ CTF 2025 finals at ADNEC, Abu Dhabi among the total of 12 qualified teams out of 250+ teams. They got a fully sponsored invitation for accommodation and travel. The conference focused on presenting and testing modern cryptography with a 2-day on-site final CTF round focusing on post-quantum cryptography attacks and hardware badge hacking.

Binary Clash 360 CTF

Coming to domestic events, three of our members, Chandra B. Nair, Sidharth V., and Suraj Kumar, secured 3rd prize in Binary Clash 360 CTF, jointly conducted by IIT Madras and IIT Kancheepuram. Binary Clash is a combination of a bootcamp, a hackathon, and a CTF competition mainly focusing on reverse engineering and cutting-edge obfuscation techniques. It also included a mini CTF, and they won a sum total of ₹1.5 lakh as cash prize.

image0

CyberShield Hackathon

Another domestic victory: our members Mithilesh, Sam MG Harish, Sivadev Smijith, and Yasasri were recognized among the top 35 teams nationwide at the National CyberShield Hackathon. Organized by the Madhya Pradesh Police, this hackathon is part of the lead-up to the Cybercrime Investigation & Intelligence Summit (CIIS 2025).

H7CTF

111(1)

Our members, Aaron Mathews, Mamatha S., Sam MG Harish, and Sneha V. Ajesh, secured first place at H7CTF conducted by SRM Institute of Science and Technology (SRMIST), Chennai, showcasing bi0s’ dominance as a CTF team in the nation.

Global Vehicle Cyber Challenge

In 2025, our hardware team comprising Alwin, Anikait Panigrahi, Aparna Balaji, Gautham, and Saswath successfully solved 6 out of 8 challenges in the Global Vehicle Cyber Challenge. All participants received certificates of completion as well as Continuing Professional Education (CPE) credits for the lectures they attended. (G)VCC, conducted by VicOne and Block Harbor, is a CTF-style event that focuses on vulnerabilities and threats within automotive security.

DEFCON 33 Mobile-Only CTF

Abhiram N., Mithilesh, Sam M.G. Harish, Yasasri, and Sivadev Smijith secured 3rd place in the DEFCON 33 Mobile-Only CTF conducted by the Mobile Hacking Community in DEFCON in association with Hack the Box. The challenges included Android and iOS, along with LLM prompt injection challenges. This stage allowed them to demonstrate strong expertise in mobile application security.

Events & Conferences

Global Cybersecurity Camp (GCC)

gcc(1)

Four of our members, Abhiram N., Anshuman, Rohith Narayanan, and Sarin Krishnan, attended the Global Cybersecurity Camp (GCC) 2025 held in Taiwan. GCC lists their vision as follows: to strengthen the security community across Asia and nurture future global leaders. Annually, at most 50 students from member countries gather in one of the participating countries for a week to exchange knowledge and cybersecurity culture.

Seasides, Goa

Seasides Information Security Conference is a leading conference dedicated to empowering students and professionals in the field of information security and ethical hacking. Three members from Team bi0s, Abhiram N., Komal Rao, and Sam M.G. Harish, represented the community at Seasides 2025, held in Goa.

nullc0n Goa

image

nullc0n 2025 at BITS Goa is one of India’s premier security conferences. Three of our members, Akshika Munshi, Anushree, and Hridhya P. won Winja CTF conducted there. They were also given scholarships to attend Nullcon Goa.

The team also won an iPad as prize for getting 1st rank in the CTF.

Member achievements

image
image

  • Sam MG Harish achieved 1st Place in the Mobile Hacking Lab × IT Harmony CTF (December 2025), showcasing advanced skills in mobile exploitation and reverse engineering.

  • Akshika Munshi contributed to creating network security-based CTF challenges for Adversary Village during DEFCON 33 (October 2025).

  • Komal Rao secured 3rd place in the Albridge Contest on Sherlock (August 18, 2025), demonstrating strong analytical and problem-solving capabilities. He also got rewarded with a bug bounty for auditing the same, demonstrating expertise in blockchain security.

  • Two of our members, Alwin Varghese and Gautham Sai, founded Kaaval, an OT cybersecurity startup focused on protecting industrial control systems in Indian MSME manufacturing units from cyber threats. It got selected under the MeitY Startup Hub GENESIS EIR Cohort 2 at Amrita TBI with grants for development up to ₹10 lakhs.

CVEs & Bug Bounties

image
image
image
image

  • Aravindh P

    • Got awarded $28,000+ by Google for discovering several critical Gemini markdown sanitization bypasses using browser autofill quirks, enabling stored HTML injection at the app root. This allowed UI spoofing, phishing, CSP bypass, and zero-click data exfiltration.
    • He also received $700+ in bug bounty for discovering vulnerabilities in ChatGPT as well as GenAI platforms.

  • Anup N., Mithilesh, Sumanthi, and Yasasri received bug bounties worth $1,500 in total at the Genspark AI Showdown program, showcasing their AI security expertise.

  • Aneesh M. and Anirudh received bug bounties totaling $2,500 for discovering critical vulnerabilities in ChatGPT and other AI models, advancing AI security research.

  • Rohit Prasanth

    • Found a Remote Code Execution (RCE) vulnerability in a CMS used by multiple KTU-affiliated colleges, including Government Engineering College Thrissur and TKM College of Engineering (TKMCE).
    • Discovered a critical RCE vulnerability in a shared server hosting 200+ websites, impacting organizations such as CIAL Airport, Bhavans, and Chinmaya schools, as well as hospitals.

  • Arun Krishnan was appointed CVE-2025-5302 for a high severity (8.6 CVSS score) for a Denial of Service (DOS) vulnerability in run-llama/llama_index.

  • Abhiram N. was awarded $1000 for discovering and responsibly reporting multiple security vulnerabilities in mobile applications (November 2025).

  • Two of our members, Devnath N. S. and Anirudh Ajith, received bug bounties for bugs in the De Volkskrant website and DSCI. Anirudh Ajith also received several bug bounties in 2025 for bugs in Kerala University and Rambler & Co. Sport. Devnath N. S. also discovered bugs in the Kerala Technical University (KTU) website, the Kerala Government website, and the Meditrina Hospital website.

Scholarships & Publications

image
image

  • Our members Johith Lal and Sarin Krishnan got a scholarship worth $2000 to attend Blackhat Singapore cybersecurity conference.

  • Mohith L.S. authored a research paper titled “Post-Quantum Cryptography Based Multimedia Encryption Communication Scheme in IoT Consumer Electronics“ published in IEEE Transactions on Consumer Electronics. This work proposes a hybrid framework combining Quantum Key Distribution (QKD), chaos-based encryption, and Post-Quantum Cryptography (PQC) to secure multimedia data, particularly images, in IoT consumer electronic networks.

    • Mohith L. S. also received a certificate of diploma from Non Stop University cryptography olympiad, conducted by Novosibirsk State University, Russia for attaining a total score of 13 in the university bracket round 1.

  • Three of our members, Adithyan Pratheeksh Nair, Akshika Munshi, and Yadhu Krishna, received the prestigious SINCON scholarship in 2025 for exceptional cybersecurity contributions.

Internships & Placements

image
image
image
image
image

  • Aparna Balaji - AI Security Intern @TAC Security
  • Adithyan Pratheeksh Nair - Site Reliability Intern @Scapia
  • Alfin Joseph - Security Engineer @CRED
  • Arun Krishna - Security Engineer Intern @Scapia, also was an independent vulnerability researcher @Dataflow security
  • Hridhya P. - Security Analyst Intern @Novo Nordisk
  • Sarin Krishnan - Security Engineer Intern @Meesho
  • Chandra B. Nair - Reverse Engineer and Anti-Bot Bypass Specialist @Nielsen IQ
  • Suraj Kumar - Reverse Engineer and Anti-Bot Bypass Specialist @Nielsen IQ
  • Akshika Munshi - MDR Intern @Palo Alto Networks Unit 42
  • Anikait Panigrahi - MDR Intern @Palo Alto Networks Unit 42
  • M. S. Preetham Reddy - MDR Intern @Palo Alto Networks Unit 42
  • Yadhu Krishna - MDR Intern @Palo Alto Networks Unit 42
  • Nithin Chenthur Prabhu - Associate MDR Analyst @Palo Alto Networks Unit 42
  • Sabhya Raj Mehta - Associate MDR Analyst @Palo Alto Networks Unit 42
  • Sejal Koshta - Associate Security Researcher @Trellix
  • Sanjay Vardhan Padala - Vulnerability Research Intern @Exodus Intelligence
  • Srijiith S. - Research Apprentice @SEFCOM ASU Global Security Initiative
  • Keerthi Prabu P. - Sourcing Analyst Intern @GEP Worldwide

We carry forward not just the exhilarating memories and the serious life lessons that the club gave us but also the mark of never-ending curiosity, ethics, sheer resilience in the face of downs, and the will and drive to excel in whatever footholds that life puts us in.

We are deeply grateful to our mentors, our faculty, the college, and every individual who stood by us and supported this journey. The guidance, encouragement, and trust have empowered us to grow, explore, and build a community driven by curiosity, learning, and excellence.

collage