CYBERSECURITY INTELLIGENCE
Vulnerability Research • OSINT Automation • Threat Intelligence
Cybersecurity practitioner specializing in vulnerability discovery and OSINT automation. Transform digital footprints into actionable intelligence. 5+ years disassembling attack surfaces. Recognized for preventing 1.14 TB of sensitive data exposure.
Cybersecurity practitioner focused on vulnerability research, OSINT automation, and intelligence-driven security analysis. Based in Karachi, Pakistan.
I approach cybersecurity as infrastructure forensics—mapping digital systems to understand how they leak, connect, and reveal themselves. Not theoretical security, but practical vulnerability discovery grounded in structured OSINT methodologies and systematic analysis.
Recognized by Google Bug Hunters (Dragon Badge, Oct 2024) and Bugcrowd (Submission Shogun, Bounty Bee, Jan 2025) for responsible disclosure of critical vulnerabilities including XSS, Open Redirect, CSRF, and infrastructure misconfigurations.
Helped prevent exposure of 1.14 TB of sensitive data across multiple Pakistani organizations. Coordinated responsible disclosures with 5+ organizations and educational institutions, improving their security posture and data protection frameworks.
Current Work: Building TBV Server—a self-hosted intelligence platform combining real-time system monitoring, multi-source OSINT capabilities, CRM, CCTV integration, and structured threat analysis into a unified operational control center.
Approach: Practical, methodology-driven, focused on real-world impact. Every finding is traced, verified, and actionable.
Exposure analysis, infrastructure mapping, threat intelligence
OSINT methodology, asset discovery, vulnerability assessment
Warning-oriented analysis, threat assessment, exposure reporting
Structured research, technical tradecraft, actionable reporting
Formal recognition from major vulnerability disclosure programs and proven impact in data protection.
Google Bug Hunters Program • October 2024
Recognized for responsible disclosure of critical XSS and Open Redirect vulnerabilities in YouTube. Formal recognition from Google's security team.
Bugcrowd Program • January 2025
High-volume submission recognition. Reported and validated critical security flaws in public platforms, directly contributing to vendor security improvements.
Bugcrowd Program • January 2025
Active bounty program contributor. Consistently identified and reported security vulnerabilities across multiple platforms with responsible disclosure practices.
Discovered critical misconfigurations across 5 Pakistani software firms and coordinated responsible disclosure, preventing large-scale sensitive financial and employee data exposure.
Coordinated with educational institution administrators to mitigate a large student data leak, safeguarding thousands of users and improving their protection framework.
Identified and reported an Open Redirect vulnerability in Bugcrowd's own platform, directly contributing to improved application security and vendor awareness.
TBV Bot OSINT automation tool used by 450+ security practitioners for breach detection and threat intelligence workflows.
Years of cybersecurity practice
Research projects & investigations
Responsible disclosure rate
Independent cyber intelligence collective focused on OSINT, exposure analysis, and warning-oriented research.
TBV (The Blue Vault) operates as the strategic framework for organized cyber intelligence work. It's built on three layers: TBV Server (the operational backbone), TBV Bot (field automation, now retired), and the broader intelligence methodology that ties everything into structured, repeatable workflows.
The goal is simple: take messy digital footprints, scattered signals, and exposed data, then transform them into something that can actually be reasoned about. Everything integrates—data collection, verification, analysis, and actionable intelligence delivery.
Self-hosted LAN intelligence platform combining system monitoring, CRM, OSINT, CCTV, and network tooling into unified operational control.
OSINT automation tool used by 450+ users. Modular Python architecture with breach detection, threat correlation, and social media reconnaissance.
Hands-on discovery of web application vulnerabilities, infrastructure misconfigurations, and digital exposure through systematic analysis and responsible disclosure.
Methodology-driven investigations into exposure analysis, infrastructure mapping, and threat landscape intelligence.
Systematic detection of security weaknesses in web applications and infrastructure. Focus on XSS, Open Redirect, CSRF, and infrastructure misconfigurations.
Intelligence gathering on data breaches, data exposure discovery, and compromise confirmation. Automated breach monitoring and correlation.
Comprehensive mapping of digital identity exposure. Social media reconnaissance, identity metadata extraction, and cross-platform analysis.
Passive mapping and asset discovery. DNS enumeration, WHOIS analysis, Shodan scanning, and technology fingerprinting without active probing.
Identification of sensitive data exposure vectors. Risk assessment, remediation coordination, and prevention strategies for data loss.
Python-powered automation of intelligence workflows. Integration of multiple OSINT APIs, scheduled research, and real-time threat correlation.
Production systems, research tools, and intelligence platforms built for cybersecurity analysis and OSINT operations.
Self-hosted LAN intelligence platform combining monitoring, OSINT, CRM, CCTV, and network tooling.
Tech Stack:
OSINT automation tool used by 450+ users for breach detection and threat intelligence.
Tech Stack:
Archived for historical reference • 450+ users served
Responsible vulnerability disclosure with formal recognition from major tech platforms.
Specializations:
Custom reconnaissance and asset discovery tools for infrastructure auditing.
Tech Stack:
Self-hosted LAN intelligence platform combining monitoring, OSINT, CRM, and network tooling.
Full-stack platform with real-time system dashboards, CCTV streaming, WiFi scanning, cloud storage enumeration, HTTP request replication, and multi-source OSINT capabilities. Deployed with Nginx reverse proxy and automated background tasks.
Tech Stack:
OSINT automation tool used by 450+ users for breach detection and intelligence workflows.
Modular Python architecture with breach intelligence modules, social media reconnaissance, threat correlation logic, and identity metadata extraction. Rate-limiting and structured output for reliable automation.
Tech Stack:
Responsible vulnerability disclosure with formal recognition and bug bounty credentials.
Verified security researcher with Google Bug Hunter Dragon Badge (Oct 2024) and Bugcrowd recognition (Submission Shogun, Bounty Bee). Focus on web application vulnerabilities including XSS, Open Redirect, CSRF, and infrastructure misconfigurations. Responsible disclosure coordination across multiple platforms.
Specializations:
Passive reconnaissance and asset discovery for infrastructure auditing and exposure analysis.
Custom Python-based tools for infrastructure mapping, service enumeration, misconfigurations detection, and digital asset discovery. Integrated with open-source intelligence frameworks and OSINT APIs for comprehensive attack surface analysis.
Tech Stack:
Complete overview of research systems, intelligence pipelines, and operational infrastructure.
Dedicated infrastructure for OSINT research, data collection, and intelligence analysis workflows.
Automated intelligence aggregation and processing pipeline for real-time threat monitoring.
Automated workflows for recurring research tasks, scanning, and intelligence gathering.
Real-time monitoring, alerting systems, and operational dashboards for infrastructure oversight.
Scalable storage infrastructure and high-performance data processing for large datasets.
API infrastructure and integrations with third-party services and intelligence sources.
Comprehensive skill set across cybersecurity, OSINT, infrastructure, and intelligent systems development.
Years of Practice
Security Tools
Programming Languages
OSINT Methodologies
Google Bug Hunter
Dragon Badge • Oct 2024
Bugcrowd Recognition
Submission Shogun • Bounty Bee
Data Protection Advocate
1.14 TB exposure prevented
Open to collaboration, research partnerships, and security consulting inquiries.
Cybersecurity Practitioner | OSINT & Threat Intelligence Builder
📍 Karachi, Pakistan
📱 +92 335 8153802
⏰ Available for collaboration
Response time
Usually within 24-48 hours