Results-driven IT & Cybersecurity professional with 2.5+ years of hands-on experience in penetration testing, network security, and AI/ML development. I build recon frameworks, AI-driven security proofs-of-concept, and offensive security tooling for real-world experimentation.
I'm a cybersecurity and AI/ML professional with 2.5+ years of experience, building offensive security tooling, reverse engineering solutions, and hands-on experimentation labs for real threats.
My work spans CLI-based vulnerability tools, AI-powered automation systems, network configuration, and IoT analysis. I hold a Google Cybersecurity Certificate and have participated in national digital forensics challenges.
Currently pursuing a B.S. in Information Technology at Shaheed Benazir Bhutto University (2024–2028).
Problem: Security reconnaissance tools are often fragmented, slow, or difficult to extend for large-scale analysis.
Approach:
• Designed a modular reconnaissance framework in Python (~1500 lines)
• Implemented concurrent scanning for significantly improved performance
• Integrated multiple reconnaissance techniques into a unified and extensible pipeline
• Containerized the solution using Docker for easy deployment and reproducibility
Key Features:
• Parallelized scanning workflows
• Modular architecture supporting rapid extension and adaptation
• Automated aggregation and reporting of recon data for structured analysis
Tools: Python, Docker
Outcome: Developed a scalable and extensible reconnaissance system suitable for structured security analysis and experimentation, greatly reducing manual effort and increasing coverage for pentesters and researchers.
Problem: Understanding vulnerabilities requires hands-on exposure to how exploits are constructed and executed.
Approach:
• Built an OWASP-aligned framework demonstrating real-world exploitation logic:
– Cross-Site Scripting (XSS)
– SQL Injection
– Command Injection
• Designed the system for reproducibility and controlled, safe testing environments
• Targeted for educational and research use, prioritizing understanding over automation
Key Contributions:
• Structured exploit-generation workflows reflect real-world attack chains
• Demonstrated common pitfalls and how input validation fails
• Provided a safe sandbox for vulnerability experimentation and training
Tools: Python, Web Security Tools
Outcome: Enabled systematic exploration of common web vulnerabilities and their root causes, delivering value to students and security enthusiasts learning about exploitation.
Problem: Modern microservice architectures introduce complex attack surfaces that traditional scanners and analysis tools frequently miss.
Approach:
• Analyzed the open-source OWASP crAPI deployed within a Kubernetes environment
• Applied static analysis (Ghidra), traffic inspection (Wireshark), and API testing (Burp Suite)
• Reconstructed inter-service logic and behavioral flows, mapping out hidden trust boundaries
Key Findings:
• Exposed business logic inside internal microservices invisible to black-box testers
• Identified cross-service authentication bypass and orchestration permission flaws
• Surfaced vulnerabilities requiring complex cross-layer analysis, beyond the reach of conventional tools
Outcome: Advanced cloud security research, highlighting the need for multi-layer visibility in modern app assessments and uncovering new vulnerability classes in production-grade microservices.
An end-to-end IoT attack & defense research laboratory on ESP32 — includes firmware reverse engineering, protocol exploitation, and automated threat discovery. Demonstrated MQTT vulnerabilities, performed binary analysis (Ghidra), simulated attacks, and generated CVE-style disclosures for embedded hardware.
Key Highlights: Custom exploit firmware, binary extractions using esptool.py, traffic capture with Wireshark, and automated reporting for IoT vulnerability research.
Open to security roles, AI/ML projects, and freelance pentesting engagements.