About
Penetration Tester with hands-on experience conducting vulnerability assessments and penetration testing engagements across web applications, REST APIs, mobile (Android), and network infrastructure. Skilled in full engagement lifecycle — scoping, exploitation, post-exploitation, and delivering clear remediation reports. Holds CRTA, ACP, and CAPIE certifications; actively pursuing CRTP to deepen Active Directory attack chains. Recognized by the Government of Malaysia for responsible vulnerability disclosure. Continuously practises offensive skills via HackTheBox and TryHackMe. Combines an attacker's mindset with developer-level code understanding to identify and exploit vulnerabilities others miss.
Skills & Expertise (32)
Work Experience
Security Software Developer
Cyberheals
Feb 2024 - Present
Built a Python-based SAST tool integrated into GitHub Actions and GitLab CI/CD, scanning 15+ repositories per commit and detecting 300+ vulnerabilities in Q1 with 95% accuracy. Developed an automated credential exposure scanner across 50+ repositories, uncovering 150+ leaked API keys, tokens, and database credentials before reaching production. Engineered a TLS scanning pipeline for daily audits across production endpoints, detecting weak protocols (TLS 1.0/1.1) and misconfigured cipher suites. Designed an AI-driven Automated Access Review system auditing IAM permissions and enforcing least-privilege access aligned with SOC 2 and ISO 27001.
Penetration Tester Intern
TheCyberhost
Jul 2023 - Aug 2023
Conducted full mobile application penetration test on the AndroGoat Android target, uncovering 8+ critical vulnerabilities spanning the OWASP Mobile Top 10. Exploited Insecure Data Storage, Hardcoded Credentials, Improper Session Handling, and XSS — each with working proof-of-concept and CVSS scoring. Delivered 5 PoC exploits with detailed remediation guidance; achieved 100% acceptance rate from the development team.
Cybersecurity Trainee
Verzeo
Jun 2021 - Aug 2022
Led 4 offensive security engagements, identifying 12+ vulnerabilities including SQL Injection, XSS, and service misconfiguration flaws. Built 10+ custom Metasploit payloads achieving 85% AV evasion rate; performed Nmap reconnaissance across 50+ hosts, surfacing 20+ misconfigured services. Mapped all findings to MITRE ATT&CK framework with full exploitation chains; executed covert data exfiltration exercises using steganography.
Education
B.Sc. Computer Science - The New College Arts & Science
2021 - 2024 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (32)
Click a skill to find developers with the same skill
