Dhaval Kapil is an Application Security Engineer with 12 years of experience who currently secures applications at Meta and lives in Mountain View. He blends deep offensive security expertise—demonstrated by a widely referenced heap-exploitation guide and practical exploit implementations—with robust systems and backend engineering skills shown in projects like an ICMP tunneling library. A Georgia Tech MS graduate in Information Security with roots at IIT Roorkee and hands-on experience from Amazon, Splunk, Jio and SDSLabs, he has a track record of finding real-world vulnerabilities and automating security testing at scale. Comfortable moving between low-level C/C++ internals and cloud-native tooling, he also contributes to open source and teaching, having served as a network security TA and GSoC mentor. Colleagues rely on him for turning complex attack techniques into reproducible research and hardened defenses.
12 years of coding experience
4 years of employment as a software developer
Bachelor’s Degree, Computer Science and Engineering, Bachelor’s Degree, Computer Science and Engineering at IIT Roorkee
M.S., Information Security, M.S., Information Security at Georgia Institute of Technology
High School, High School at St. Kabir Public School
Transparently tunnel your IP traffic through ICMP echo and reply packets.
Role in this project:
Back-end Developer & System Engineer
Contributions:2 releases, 51 commits, 7 PRs in 1 year
Contributions summary:Dhaval primarily focused on building an ICMP tunneling library, starting with checksum calculation and socket initialization. They implemented core functionality for sending and receiving ICMP packets, including header creation and payload handling. The user refactored the code by separating client and server components, and added crucial elements to configure the network. They also integrated network configuration and the tunnel itself, using a series of scripts that automate configuration steps.
This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
Role in this project:
Security Engineer
Contributions:50 commits, 8 PRs, 10 pushes in 5 years 6 months
Contributions summary:Dhaval has made significant contributions to a heap exploitation guide, providing code examples and explanations of various heap attacks. They implemented attacks such as "unlink exploit", "House of Spirit", "House of Lore", "house of force", "House of Einherjar", and "Shrinking Free Chunks". The commits demonstrate a deep understanding of glibc's heap internals and the techniques used to exploit vulnerabilities within it.
understandingsecurityinternalsglibcexploitation
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.