Lahore, Punjab, Pakistan
I’m an OSCP+ certified Security Analyst, Penetration Tester, and Security Researcher with more than 10 years of hands-on experience in offensive security, bug bounty hunting, and vulnerability research. My work spans web applications, APIs, mobile applications, cloud environments, and internal and external infrastructure. I conduct end-to-end security assessments covering scoping, reconnaissance, vulnerability discovery, exploitation, impact validation, technical reporting, remediation guidance, and retesting. Alongside professional penetration testing, I remain actively involved in bug bounty hunting and responsible vulnerability disclosure through platforms including HackerOne and Bugcrowd. My security research has been recognised by more than 500 organisations, including Apple, Microsoft, Meta, the Government of Singapore, and the United States Department of Defense. I’m also passionate about knowledge sharing and contributing to the cybersecurity community. I have delivered security sessions at universities and spoken at local and international cybersecurity conferences, including two appearances at Black Hat Middle East and Africa. My primary areas of focus include: • Web application and API penetration testing • Mobile application security testing • Internal and external infrastructure assessments • Cloud and identity security • Vulnerability research and responsible disclosure • Exploitation and real-world attack-path validation • Technical reporting, remediation guidance, and retesting I’m continuously working to deepen my technical expertise, take on challenging security assessments, and help organisations identify and address meaningful security risks before they are exploited by attackers.
Performing end-to-end penetration testing and security assessments for Telspace across web applications, APIs, mobile applications, cloud environments, and internal and external infrastructure. Key responsibilities include: • Conducting black-box, grey-box, and authenticated security assessments based on defined scopes and rules of engagement. • Identifying, validating, and safely demonstrating exploitable vulnerabilities and real-world attack paths. • Assessing web applications, APIs, mobile applications, network infrastructure, cloud environments, identity controls, and security configurations. • Performing reconnaissance, vulnerability analysis, exploitation, privilege escalation, lateral movement validation, and post-exploitation activities where authorised. • Producing detailed technical and executive reports containing evidence, business impact, risk ratings, and actionable remediation guidance. • Collaborating with project managers, technical teams, and client stakeholders throughout scoping, testing, remediation, and retesting. • Supporting offensive security research and continuously improving assessment methodologies, tooling, and reporting quality.
Bug Bounty Hunting
Bug Bounty Hunting