I am a Bangladeshi cybersecurity researcher, Red Teamer, and Bug Hunter specializing in web security testing, Android security testing, malware development, and network security. I am currently works as a Researcher at Collective Insight Organization (CIO) and a Junior Cyber Security Engineer at Infosec.
Read My Blog See My ProjectsConducts a thorough manual penetration test on the web application to verify its security.
Performs penetration testing for iOS and Android applications using both manual and automated methods to identify vulnerabilities and enhance mobile app security.
Conducts a comprehensive manual penetration test to strengthen network security and safeguard all connected devices against potential future attacks.
Acknowledgment sparks gratitude, weaving respect and kindness into every stride.
I have been acknowledged by more than PENDING well-known companies for reporting security vulnerabilities in their services and products.
Acknowledgments include rewards, fame, and swags; my top ones are remarkable.
Valid Reports
Bug Bounty Acknowledgements
Years of Experience
CVE-2024–27956 refers to a critical SQL injection (SQLi) vulnerability discovered in the WP-Automatic plugin, a popular content automation tool for WordPress websites. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on the affected website’s database, potentially leading to complete website compromise.
READ MORE ▪Router firmware is a critical component of any network infrastructure, and its security is often overlooked. As a hacker, understanding how to reverse engineer and backdooring router firmware. In this write-up, we will see the process of reverse engineering and backdooring a router firmware.
READ MORE ▪In the rapidly evolving landscape of cybersecurity, vulnerabilities are discovered that can have far-reaching implications for organizations. One such vulnerability is CVE-2024–24919, an information disclosure flaw in Check Point Quantum Gateway. This vulnerability, identified by the researcher johnk3r, poses a significant risk by potentially allowing attackers to access sensitive information on internet-connected Gateways configured with IPSec VPN, remote access VPN, or mobile access software blade.
READ MORE ▪The Android Security Toolkit is a bash script designed to assist in various security testing activities on Android devices. It provides a convenient interface for tasks such as extracting APKs, decompiling APKs, running activities, and identifying potential security vulnerabilities. The toolkit is particularly useful for security researchers, penetration testers, and developers concerned with Android app security.
See Here ▪This script helps you search for Proof of Concepts (PoCs) for given CVEs, scan for CVEs on a specific host, and find PoCs for CVEs detected on a host. It uses APIs like Shodan InternetDB and PoC-in-GitHub to fetch relevant data.
See Here ▪