ctrl-Nix // LEISURE PORTFOLIO

LVL 1

HACKER XP 0 / 100

LEVEL UP

MODULE 01

DOSSIER

Full intel on ctrl-Nix — who she is, what she builds, how she thinks.

Real name: Shreyanshi Singh. Handle: ctrl-Nix. First-year B.Tech at KIIT, Bhubaneshwar — already building AI-powered security tools most seniors haven't attempted.

Operating at the intersection of cybersecurity and machine learning — threat detection, AI forensics, applied cryptography.

Built a financial forensics AI on a PDF → OCR → Gemini 2.5 Pro → anomaly report pipeline. All in the first year.

Also: she writes poetry and sketches. Because creativity and analytical thinking are the same muscle.

// SKILL MATRIX

PYTHON

92DIAMOND

MACHINE LEARNING

78PLATINUM

CRYPTOGRAPHY

75PLATINUM

C / C++

70GOLD

JAVASCRIPT / WEB

68GOLD

OSINT

65GOLD

target_intel.sh

cat /etc/target.conf

NAME="Shreyanshi Singh"

HANDLE="ctrl-Nix"

LOC="Bhubaneshwar, Odisha"

UNI="KIIT B.Tech CSE"

YEAR="First Year"

STATUS="OPEN_TO_WORK"

GITHUB="ctrl-Nix"

CTF_FLAGS=6 • PROJECTS=4

---

./secrets.sh

also_writes="poetry ✍"

sketches=true • caffeine=high

// INTERESTS

THREAT DETECTIONAI SECURITY OSINTCRYPTOGRAPHY FORENSICSPOETRY ✍ART 🎨

MODULE 02

OPERATIONS

Deployed systems — all active, all real.

github.com/ctrl-Nix ↗

AI × FINTECH × FORENSICS

FinGuard AI Auditor

Intelligent financial forensics — processes invoices, receipts, and balance sheets to detect anomalies and fraud patterns before humans do.

PDF/IMG INPUTOCR EXTRACTIONGEMINI 2.5 PRO

PYTHONMULTIMODAL AIFRAUD DETECTION

explore ↗

SECURITY × EDUCATION

Hash & Encrypt Playground

Type anything. Watch it transform in real time. MD5, SHA-256, AES — all visualized live. A living cryptography textbook.

JAVASCRIPTSHA-256AESREAL-TIME

github ↗

FULL-STACK × UI

Netflix Clone

A working streaming platform — TMDB API, auth, dynamic browsing. Built to understand how real platforms are architected before studying how they're attacked.

TMDB APIHTML/CSS/JS

github ↗

E-COMMERCE × SECURITY

Amazon Clone

Pixel-accurate e-commerce with dynamic listings, functional cart, and payment integration. Understanding e-commerce security means building it first.

HTML/CSS/JSCART LOGIC

open →

LIVE DEMO

Rubber Ducky Demo

Interactive USB attack simulation — learn how a Rubber Ducky works step by step.

INTERACTIVE

MODULE 03

RUBBER DUCKY

A USB device that looks innocent but secretly types commands faster than any human.

   _____
  /  o   | ~~~~~ |
  \_____/
  |  |  |
  |USB|  |
  |___|  |
[=======]

USB RUBBER DUCKY

// THE WORLD'S MOST DANGEROUS USB

FORM FACTOR

USB Drive

APPEARS AS

HID Keyboard

SPEED

1000wpm

DETECTION

NONE

STEALTH95%

DANGER LEVEL88%

EASE OF USE82%

⚠ EDUCATIONAL USE ONLY

Understanding attacks = better defense.

WHAT IS A RUBBER DUCKY?

THE BASICS // BEGINNER

INTRO

Imagine you find a USB drive on the ground. You plug it in. But it's actually a tiny computer pretending to be a keyboard. Within seconds, it types commands — faster than any human. The victim sees nothing. The OS trusts it completely.

device_type: USB Keyboard (trusted)

threat_scan: CLEAN

reality: IT'S A RUBBER DUCKY.

THE PAYLOAD SCRIPT

DUCKYSCRIPT // HOW IT TALKS

CODE

Rubber Ducky runs DuckyScript. Each line is an instruction — DELAY, STRING, ENTER. Executes the moment it's plugged in.

DELAY 500

GUI r

STRING cmd.exe

ENTER

STRING whoami && ipconfig /all

ENTER

LIVE ATTACK SIMULATION

INTERACTIVE // PLAY BOTH SIDES

LIVE

Watch a simulated attack unfold in real time. You can type and respond.

DUCKY_ATTACK_SIM.exe

● CONNECTED

[ SIMULATION STARTED ]

HOW TO DEFEND

PROTECTION STRATEGIES // CRITICAL

DEFENSE

Now that you know the attack — here's how ctrl-Nix defends against it.

✓ NEVER plug in unknown USB devices

✓ Enable USB device whitelisting

✓ Use endpoint protection blocking HID attacks

✗ "It looks safe so it's fine" ← wrong

MODULE 04

FIND ctrl-Nix.

6 breadcrumbs across source code, ciphers, binary, and acrostics. Her real LinkedIn is the final flag.

POINTS

0/6

SOLVED

—

RANK

VIEW SOURCE

50 PTSOPEN▾

Old hacker tradition — leave a flag in the HTML comments. Open DevTools. Search for "FLAG".

keyboard: Ctrl+U → Ctrl+F → "FLAG"

DECODE THE ALIAS

100 PTSOPEN▾

Her GitHub handle committed as Base64. Decode it.

# handle_encoded: Y3RybC1OaXg=

Browser console: atob("Y3RybC1OaXg=")

III

CAESAR CIPHER

150 PTSOPEN▾

Email username encrypted with Caesar cipher. Shift = length of her last name.

cipher: fuveljafuvfbojanf

shift: len("Singh") = 5 — subtract

Terminal: caesar 5 fuveljafuvfbojanf

READ THE BINARY

150 PTSOPEN▾

City encoded in binary. Each 8-bit group = one ASCII character.

01000010 01101000 01110101 01100010 01100001 01101110 01100101 01110011 01101000 01110111 01100001 01110010

01000010 = 66 = 'B'. Terminal: binary [8bit groups]

ACROSTIC — FIRST LETTERS

200 PTSOPEN▾

University name hidden in the first letter of each paragraph.

Knowledge isn't given — it's extracted from hard problems.
Intelligent systems don't emerge from textbooks alone.
Intuition in security comes from failure.
The best code I write is the code I eventually delete.

K — I — I — T. First letter of each paragraph.

LOCATE THE REAL PROFILE

250 PTSOPEN▾

Decode the LinkedIn slug and visit her profile. Find the keyword in the About section.

platform: LinkedIn

slug_b64: c2hyZXlhbnNoaS1zaW5naC0zMzI0YTgyNzE=

url: linkedin.com/in/[decode_slug]

look_in: About section — keyword for investigators

Terminal: decode c2hyZXlhbnNoaS1zaW5naC0zMzI0YTgyNzE= → LinkedIn → About → keyword.

// DECODE TERMINAL

ctrl-nix@osint:~$

OSINT shell ready. Type help for commands.

ctrl-nix@osint:~$

MODULE 05

CONTACT

LET'SBUILD.

First-year. Already shipping. Open to internships, research collabs, and CTF teams.

If you got through the CTF challenges — you're exactly the kind of person I want to work with.

📧

shreyanshisreeansh@gmail.com

linkedin.com/in/shreyanshi-singh-3324a8271

→

📱

PHONE