<@EmptyMahbob/>

System.out.println("Welcome");

MD MAHBOB ALAM

GitHub LinkedIn HackerOne X / Twitter TryHackMe

About Me

I am a dedicated Cybersecurity Researcher and Penetration Tester based in Dhaka, specializing in finding and exploiting critical vulnerabilities.

With over 6 years of experience in bug bounty hunting and nearly 2 years in formal penetration testing, I have successfully identified and reported approximately 500 vulnerabilities across more than 50 diverse companies, organizations, and governmental entities.

My expertise covers full-stack vulnerability research (IDOR, XSS, RCE, LFI, etc.), and I am proficient with key industry tools like Burp Suite Pro, Metasploit, Nmap, and more.

  • emptymahbob@gmail.com
  • +8801813880373
  • Dhamrai, Dhaka, Bangladesh

Education:

  • B.Sc. in Software Engineering (Cybersecurity Major) - Daffodil International University (2022-2026)
  • Diploma in Computer Science & Engineering - Faridpur Polytechnic Institute (2017-2021)

Compliance & Frameworks:

HIPAA GDPR NIST OWASP Top 10

Core Capabilities

Areas of Expertise

  • Penetration Testing & Vulnerability Research
  • Exploitation (IDOR, XSS, CSRF, RCE, LFI)
  • SIEM & Incident Response
  • Security Frameworks & Risk Management
  • Automation and Scripting

Security Tools

Burp Suite Pro Metasploit Nmap Sqlmap Wireshark Nuclei Wazuh Ffuf Amass SIPG Confused Nmap Ghauri Naabu Aquatone etc.

Languages

  • Python: Automation & Exploit Development
  • PHP: Web Application Security Context
  • Bash Scripting: CLI & Workflow Automation
  • SQL: Database Interaction & Injection Testing
  • CVSS, Git: Other Technologies

Professional Experience

Private Penetration Testing

Jan 2024 - Present (Contractual)

PentesterSpace

  • Conducted project-based penetration tests for local & international companies.
  • Delivered detailed vulnerability reports with impact analysis & remediation steps.
  • Collaborated with development teams to ensure perfect implementation of patches.

Security Researcher (Bug Bounty Hunter)

Jan 2020 - Present

Hackerone

  • Conducted security testing for 50+ international companies, reporting critical vulnerabilities.
  • Specialized in identifying complex flaws including IDOR, CSRF, XSS, RCE, and Business logic issues.
  • Collaborated with other researchers to maximize the security impact of findings.

Bug Bounty Hall of Fame

Acknowledged and rewarded by global organizations for finding and reporting security flaws.

Yahoo Sony Nokia Alibaba Ford Motor Company U.S. Dept Of Defense U.S. Department of Education The U.S. Defense Industrial Base U.S. Department of Justice United Parcel Service Inc (UPS) U.K. Health and Safety Executive U.K. Companies House The Office of National Statistics U.K Dutch Government 2K Games Procter & Gamble New Work SE The Walt Disney Company Global Payments Inc. Erasmus University University of Sheffield University of Cambridge American Airlines Visma Palo Alto Software KeyBank Costco Mondelēz International VK LLC (Mail.ru) MTN Group Anywhere Real Estate Inc Intuit Mondoo QIWI Informatica stripo inc Experian Information Solutions Inc ABB Group Duolingo and many more.

Professional Certifications

Community & Participation

CTF and Hacking Contest Participation:

Awards & Recognitions

Blog / Writeups

Documenting my journeys in CTFs, Penetration Testing, and Bug Bounty hunting.

Thumbnail for KnightShop CTF Challenge

KnightShop CTF Writeup: Registering with $1000+ Credit!

A fun logic flaw / Mass Assignment challenge from CipherSprint solved by guessing an unintended parameter in the registration process.

CTF WEB/API Mass Assignment