Hi everyone! My name is Muhammad Khizer Javed. I’m currently working in the cybersecurity sector mainly as a Bug Bounty Hunter and Penetration Tester, performing web/mobile application security assessments and network security assessments.

About Me:

• 🔭 I’m currently working on enhancing web and mobile application security.
• 🌱 I’m currently learning more about digital forensics and advanced penetration testing techniques.
• 👯 I’m looking to collaborate on cybersecurity research and Penetration Testing projects.
• 🤔 I’m looking for help with improving my skills in threat hunting and incident response.
• 💬 Ask me about Bug Bounty Hunting, Penetration Testing, or anything related to cybersecurity.
• 📫 How to reach me: [email protected]
• ⚡ Fun fact: I enjoy playing story-based video games, reading novels, and watching movies/documentaries.

Professional Background:

• Active engagement in Bug Bounty Hunting.
• Experience as a Penetration Tester.
• Recognized by over 300+ reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense.
• Active contributor and speaker at local universities and security conferences, including BlackHat MEA.

My Blog:

• blog.securitybreached.org

Recent Blog Posts:

• Bug Bounty Blueprint: A Beginner's Guide
  A comprehensive guide for beginners starting their journey in bug bounty hunting. It covers the basics, tools, and methodologies to get you started.
  Snippet: "Starting in bug bounty can be daunting. This guide aims to demystify the process and provide a clear path for beginners..."

• Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST
  In this blog, I detail the process of discovering leaked AWS credentials in an Android app API using Dynamic Application Security Testing (DAST).
  Snippet: "While testing an Android app, I stumbled upon an exposed API endpoint leaking AWS credentials. Here's how I found and reported it..."

• How I Manipulated My Rank on the Bugcrowd Platform
  An intriguing look into how I was able to manipulate my rank on Bugcrowd's platform, shedding light on platform vulnerabilities.
  Snippet: "By understanding the ranking algorithm, I identified a way to artificially boost my rank. Here's the step-by-step process..."

• Hacking 100K+ Loyalty Programs for Fun and Profit
  Exploring vulnerabilities in loyalty programs and how they can be exploited for significant rewards.
  Snippet: "Loyalty programs often have weak security measures. I uncovered several high-impact vulnerability..."

• Hacking SMS API Service Provider of a Company: Android App Static Security Analysis (Bug Bounty POC)
  A detailed proof-of-concept (POC) on how I performed a static security analysis on an Android app to find vulnerabilities in its SMS API service.
  Snippet: "By conducting a static analysis on the Android app, I identified critical vulnerabilities in the SMS API service provider. Here's how..."

Connect with me: