Cyber Security Consultation · Penetration Testing

Zishan Ahamed Thandar

Offensive Security Expert and Ethical Hacker helping SaaS, startups, and enterprises discover and fix real-world vulnerabilities in their web applications, APIs, and infrastructure — before attackers do.

Hack The Box — Top 10 (Legacy) TryHackMe — Top 5% 150+ Valid Vulnerabilities Reported 20+ Security Hall of Fame Mentions

Cyber Security Consultation Penetration Testing Download Resume (PDF) View Courses & Ebooks

Web / API / Infrastructure / Active Directory Security Bug Bounty Hunter on HackerOne & selected private programs

Security Products & Resources

How I Help Secure Your Business

Products

Structured, battle-tested notes and guidance for certifications and red-team learning. Designed for professionals who want to move from theory to hands-on offensive security skills.

Ultimate Web Security Checklist for Bug Bounty HunterseBook OSCP+ Obsidian Notes BundleObsidian Notes CRTA Copy Paste CommandseBook OSWP Copy Paste CommandseBook

Hall of Fame & Recognitions

Trusted by Global Organizations

Recognized over twenty times by international organizations for impactful, responsible disclosure that helped protect millions of users and critical systems.

Google Honorable Mentions Oracle Critical Patch Update Credits AOL Security Hall of Fame Xiaomi Security Hall of Fame Zoho Hall of Fame NCIIPC, Govt of India Newsletter Mention

Mail.ru Responsible Disclosure GeeksForGeeks Hall of Fame Shaadi.com Security Acknowledgement PostNL Responsible Disclosure EUR.nl Hall of Fame Visenze Security Hall of Fame

…and additional organizations across technology, education, and government sectors that have trusted my work to improve their security posture.

Experience

Publicly Verifiable Security Research

Offensive Security Consultant & Independent Researcher

2018 — Present · HackerOne · Yogosha

Conducted independent security research across real-world production systems, responsibly disclosing high-impact vulnerabilities including access control flaws, authentication issues, stored XSS, and complex business logic vulnerabilities.

Recognized through public Hall of Fame acknowledgements and verified reports on industry-standard vulnerability disclosure platforms.

Bug Bounty Web & API Security Responsible Disclosure

HackerOne Public Profile Verified Reports Yogosha Researcher Profile Strike Force

Projects

Security Tools & Learning Resources

Hackify

Bash script that automates installation of common wordlists and penetration testing tools on Debian-based systems, so new lab or VPS environments are ready for testing with a single command.

Open Source Bash · Debian

Source Code

Hacker Proxy Pro (Browser Add-on)

Lightweight Firefox add on used by security professionals to toggle quickly between Burp Suite proxy and TOR, reducing setup overhead and keeping one browser dedicated to offensive security work.

Open Source Burp & TOR Routing

Install

WebsiteDorkerPro

OSINT and recon tool for red teamers, bug bounty hunters, and web app pentesters to quickly generate dorks, discover exposed endpoints, and map attack surfaces around a target domain.

Open Source Python Package

Install from PyPI

CyberTerminus (Browser Theme)

Sleek, hacker-inspired Firefox dark theme mirroring the glow of a terminal. Designed for coders, ethical hackers, and cyberpunk lovers who live in the browser.

Firefox Theme Neon Terminal Palette

Install CyberTerminus

Certifications & Education

Verified Technical Skills

Testimonials

Feedback from Security Teams

“We greatly appreciate your effort in disclosing a security vulnerability responsibly and confirming the fix.”

Sai Prasad

Instamojo

“Thanks for your hard work, Zishan!”

AT&T Security Team

View Tweet

“We appreciate you bringing this to our attention.”

Chip Benson

Edmodo Safety Team

“Thank you for bringing the following vulnerability to our attention.”

Kate M Jeary

University of Cambridge