Skip to content
View MuhammadKhizerJaved's full-sized avatar
🏠
Working from home
🏠
Working from home

Block or report MuhammadKhizerJaved

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Hi there, I'm Muhammad Khizer Javed 👋

A dedicated and seasoned cybersecurity professional specializing in Bug Bounty Hunting and Penetration Testing.

MuhammadKhizerJaved

Hi everyone! My name is Muhammad Khizer Javed. I’m currently working in the cybersecurity sector mainly as a Bug Bounty Hunter and Penetration Tester, performing web/mobile application security assessments and network security assessments.

About Me:

  • 🔭 I’m currently working on enhancing web and mobile application security.
  • 🌱 I’m currently learning more about digital forensics and advanced penetration testing techniques.
  • 👯 I’m looking to collaborate on cybersecurity research and Penetration Testing projects.
  • 🤔 I’m looking for help with improving my skills in threat hunting and incident response.
  • 💬 Ask me about Bug Bounty Hunting, Penetration Testing, or anything related to cybersecurity.
  • 📫 How to reach me: khizerjaved@securitybreached.org
  • ⚡ Fun fact: I enjoy playing story-based video games, reading novels, and watching movies/documentaries.

Professional Background:

  • Active engagement in Bug Bounty Hunting.
  • Experience as a Penetration Tester.
  • Recognized by over 300+ reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense.
  • Active contributor and speaker at local universities and security conferences, including BlackHat MEA.

My Blog:

Recent Blog Posts:

  • Bug Bounty Blueprint: A Beginner's Guide
    A comprehensive guide for beginners starting their journey in bug bounty hunting. It covers the basics, tools, and methodologies to get you started.
    Snippet: "Starting in bug bounty can be daunting. This guide aims to demystify the process and provide a clear path for beginners..."

  • Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST
    In this blog, I detail the process of discovering leaked AWS credentials in an Android app API using Dynamic Application Security Testing (DAST).
    Snippet: "While testing an Android app, I stumbled upon an exposed API endpoint leaking AWS credentials. Here's how I found and reported it..."

  • How I Manipulated My Rank on the Bugcrowd Platform
    An intriguing look into how I was able to manipulate my rank on Bugcrowd's platform, shedding light on platform vulnerabilities.
    Snippet: "By understanding the ranking algorithm, I identified a way to artificially boost my rank. Here's the step-by-step process..."

  • Hacking 100K+ Loyalty Programs for Fun and Profit
    Exploring vulnerabilities in loyalty programs and how they can be exploited for significant rewards.
    Snippet: "Loyalty programs often have weak security measures. I uncovered several high-impact vulnerability..."

  • Hacking SMS API Service Provider of a Company: Android App Static Security Analysis (Bug Bounty POC)
    A detailed proof-of-concept (POC) on how I performed a static security analysis on an Android app to find vulnerabilities in its SMS API service.
    Snippet: "By conducting a static analysis on the Android app, I identified critical vulnerabilities in the SMS API service provider. Here's how..."

Connect with me:

KHIZER_JAVED47 MuhammadKhizerJaved

Popular repositories Loading

  1. Insecure-Firebase-Exploit Insecure-Firebase-Exploit Public

    A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "wr…

    Python 293 82

  2. XSS-Hunter-Bluk-Delete XSS-Hunter-Bluk-Delete Public archive

    A Friendly chrome extension to bulk delete captured pages from xsshunter.com

    JavaScript 11 1

  3. BugBountyLearningResources BugBountyLearningResources Public

    Bug Bounty Learning Resources i mentioned on My Blog at http://whoami.securitybreached.org/

    8 1

  4. keyhacks keyhacks Public

    Forked from streaak/keyhacks

    Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

    2 2

  5. bash-scripts bash-scripts Public

    Forked from aamnah/bash-scripts

    Bash scripts to get stuff done..

    Shell 1

  6. TCM-Security-Sample-Pentest-Report TCM-Security-Sample-Pentest-Report Public

    Forked from hmaverickadams/TCM-Security-Sample-Pentest-Report

    Sample pentest report provided by TCM Security

    1