My Work

Skills, certifications, tools, and what I bring to the table.

Download CV
0
Accepted Reports
0
Years Experience
H1
HackerOne
0
Certifications
HackerOne Bugcrowd

What I Do

Web Application Pentesting

Manual testing of web applications for vulnerabilities including XSS, SQLi, SSRF, IDOR, authentication bypasses, and business logic flaws.

API Security Testing

Deep analysis of REST and GraphQL APIs for broken access controls, scope bypasses, data exposure, and authorization flaws.

Bug Bounty Hunting

Active researcher on HackerOne and Bugcrowd, finding and responsibly disclosing vulnerabilities in major technology platforms.

Authentication & Session Testing

Testing login flows, session management, OAuth implementations, token handling, and privilege escalation vectors.

Recon & Asset Discovery

Subdomain enumeration, port scanning, JS analysis, source map review, and attack surface mapping at scale.

Security Reporting

Clear, detailed vulnerability reports with PoC, impact assessment, and remediation guidance to help teams fix issues fast.

Skills

Vulnerabilities Found

SSRF IDOR Authentication Bypass Broken Access Control Dependency Confusion Stored XSS Subdomain Takeover DNS Misconfiguration PII Exposure Missing Rate Limiting SQL Injection CSRF Information Disclosure Missing 2FA

Technical Skills

API Penetration Testing OWASP Top 10 & Beyond CVSS 4.0 Bash MySQL Git & GitHub

Tools

Burp Suite Caido Postman Nmap Kali Linux

Experience

2 Years Bug Hunting HackerOne 200+ Accepted Reports Responsible Disclosure

Tools I Use

Burp Suite Caido Postman Nmap Kali Linux Git & GitHub Bash MySQL Claude Kimi AI Prexability

Certifications

APIsec

API Penetration Testing

APIsec University
APIsec

OWASP API Security Top 10

APIsec University
FIRST

CVSS v4.0

FIRST
← Back to Home