Karāchi, Sindh, Pakistan
I’m a motivated and results-driven Security Researcher and Penetration Tester with hands-on experience developed through internships, practical certification exams, and extensive CTF-based learning. My work focuses on identifying security weaknesses, understanding attacker behavior, and helping improve the resilience of modern systems through offensive security techniques. With a strong foundation in Computer Science from FAST NUCES, I began my journey in application development, which gradually evolved into a deep interest in security testing and vulnerability research. This background allows me to approach security from both a builder’s and an attacker’s perspective, enabling me to better understand how design and implementation choices can introduce real-world risks. I have practical experience performing web application and network security assessments, including vulnerability identification, threat modeling, and manual testing of authentication, authorization, and business logic flaws. I am comfortable working with industry-standard tools such as Burp Suite, OWASP ZAP, Nmap, and Metasploit, and I actively apply both automated and manual techniques during assessments to validate findings accurately. In addition to traditional application security, I have worked on security analysis of complex application logic and distributed systems, reviewing access controls, input handling, and protocol-level behavior to uncover exploitable weaknesses. My experience also includes auditing smart contract logic and studying common exploit patterns, which has strengthened my ability to reason about trust boundaries and attack paths beyond standard web environments. I also have hands-on experience with secure backend development and deployment, working with technologies such as Node.js, Express, MongoDB, Docker, and AWS. This has helped me understand secure development practices, deployment risks, and how security testing fits into real-world engineering workflows. I have built internal tools to support vulnerability discovery and improve the efficiency of security testing processes. I’m continuously learning and refining my skills through labs, research, and hands-on challenges, and I’m actively seeking opportunities where I can apply my offensive security mindset to help organizations identify weaknesses early and strengthen their systems against real-world threats.
Worked as a Red Team Intern focused on offensive security operations and tooling. Contributed to developing a Python reconnaissance tool for subdomain enumeration, DNS/WHOIS lookup, banner grabbing, tech detection, and port scanning.
Specialized in developing, testing, and auditing DeFi smart contracts on the Ethereum blockchain. Experienced in identifying and mitigating security vulnerabilities in Solidity-based protocols, including staking, yield farming, token swaps, and liquidity pools. Proficient with Hardhat, Ethers.js, and OpenZeppelin for secure development and automated testing. Perform smart contract audits, fuzz testing, and static/dynamic analysis to ensure protocol resilience and gas efficiency. Collaborate with front-end and security teams for end-to-end vulnerability assessments, threat modeling, and secure contract integrations. Familiar with OWASP, Web3 attack vectors, reentrancy, flash loan exploits, and web application security testing tools like Burp Suite and OWASP ZAP.
Worked on DeFi applications built on the Solana blockchain, focusing on developing and testing smart contracts using Rust and the Anchor framework. Integrated on-chain programs with front-end interfaces via Solana Web3.js. Contributed to building core features like staking, token management, and yield farming. Gained hands-on experience with Solana’s architecture, transaction lifecycle, and DeFi protocols. Implemented secure coding practices, conducted program testing and audits, and analyzed vulnerabilities such as integer overflows, access control flaws, and reentrancy risks to enhance protocol security and reliability.
Delivered multiple independent software projects on a task-by-task basis. Developed solutions for desktop applications, automation, and backend systems. Worked autonomously to meet deadlines, ensuring high-quality, efficient, and reliable solutions. Gained experience in debugging, problem-solving, and adapting to diverse technical requirements.