SECURITY
RESEARCHER
Breaking
Systems
Building
Security
I hunt vulnerabilities in web applications, APIs, and infrastructure. Turning security weaknesses into fortified systems.
#About Me
Passionate about uncovering vulnerabilities and helping organizations build more secure systems
Technical Arsenal
Tools and technologies I work with
Web Application Security
Pentesting Tools
Programming
Expertise Level
#Featured Projects
Notable security research, tools, and bug bounty achievements
Critical Vulnerability in Major SaaS
Privilege escalation leading to full account takeover
Discovered and reported a critical IDOR vulnerability affecting millions of users. The flaw allowed unauthorized access to sensitive user data and account takeover.
Custom XSS Scanner Tool
Open-source automated vulnerability scanner
Built a lightweight, efficient XSS scanner using Python. Features include blind XSS detection, DOM-based XSS analysis, and comprehensive reporting.
Cloud Infrastructure Audit
Comprehensive security assessment for Fortune 500
Led a team to conduct red team engagement on cloud infrastructure. Identified 25+ critical vulnerabilities including misconfigured S3 buckets and IAM privilege escalations.
SQL Injection Research
Novel technique bypassing WAF protections
Researched and documented a new SQLi technique that bypasses major WAF solutions. Published technical write-up with proof-of-concept exploits.
Mobile App Security Audit
Banking application penetration testing
Conducted comprehensive security assessment of iOS and Android banking apps. Found critical vulnerabilities including insecure data storage and certificate pinning bypass.
API Gateway Exploit Chain
Multi-step exploit leading to RCE
Chained multiple API vulnerabilities to achieve remote code execution. Demonstrated the importance of defense in depth and proper API security practices.
#Security Blog
Insights, tutorials, and vulnerability disclosures
Advanced XSS Payloads
Crafting sophisticated cross-site scripting attacks
Deep dive into advanced XSS techniques including polyglots, blind XSS, and bypassing modern content security policies...
Breaking WAF Protections
Techniques to bypass web application firewalls
Learn advanced techniques for bypassing WAF protections including encoding, fragmentation, and protocol manipulation...
Automating Bug Hunting
Building your reconnaissance toolkit
How to build efficient automation tools for bug reconnaissance, including subdomain enumeration and vulnerability scanning...
#GitHub Repositories
Open-source projects and security tools
XSS-Payload-Generator
Advanced XSS payload generator with bypass techniques
A comprehensive tool for generating XSS payloads including polyglots, blind XSS, and WAF bypass techniques. Supports multiple encoding schemes.
VulnScanner-Pro
Automated vulnerability scanning framework
Multi-threaded vulnerability scanner with support for subdomain enumeration, port scanning, and automated attack vector detection.
Exploit-Database
Curated collection of security exploits
A comprehensive database of CVEs and proof-of-concept exploits with search, filter, and vulnerability severity scoring.
API-Fuzzer
REST API fuzzing and testing tool
Advanced API fuzzer with support for authentication, rate limiting, custom payloads, and automated vulnerability detection.
JWT-Decoder
JWT token analyzer and validator
Decode, validate, and analyze JWT tokens with support for multiple algorithms, common vulnerability detection, and signature verification.
#Certifications
Professional credentials and industry recognition
OSCP
Offensive Security Certified Professional
CEH
Certified Ethical Hacker
GPEN
GIAC Penetration Tester
CRTP
Certified Red Team Professional