About Me

I have worked across diverse security domains, including web, iOS, Android, network, and cloud pentests, code reviews, smart contract audits, web3 security, and automation.

My journey began with bug bounties in 2013, and I have since assumed leadership roles in pentest teams at both HackerOne and Cobalt with over 300 pentests in domains like Banking, Fintech, Ecommerce, Payments, Healthcare, Telecom, Media, etc.

I'm also working as a Research Team Lead at Credshields, focusing on smart contract audits and our in-house Solidity vulnerability scanner.

Some of my certifications: OSCP, AWS Security Specialty, AWS Cloud Practitioner

Work Experience

1. Credshields [Research Lead] -- Web3 Security, Code Reviews, Smart Contract Audits and Research
2. Cobalt Labs [Team Lead] -- Pentests in various domains and scope, Team and Client Management, Executive Reports.
3. HackerOne [Team Lead] -- Same as above
4. Binary.com [Security Researcher] -- Security and Automation, Code Reviews, Application, Cloud, and Infra Security
5. Bitaces Labs [Cybersecurity Consultant] -- Web2 Pentests and Security Audits

Recent Posts

Projects/Tools

1. SeeAssArrAff - CSRF PoC Generator
2. Frida Setup - One-click Frida Installer for mobile app pentests
3. PacRecon - Security recon suite developed in Go and MongoDB with features such as subdomain enumeration, JavaScript file analysis, parameter enumeration with automated tests for XSS, Nuclei integration, endpoint brute-force, port scanning, and subdomain monitoring with a Discord bot
4. Find more on my Github @az0mb13