🪼

Qadeer
Khan

Application Security Researcher On HackerOne Offensive security specialist with expertise in web application penetration testing, bug bounty hunting on HackerOne,Bugcrowd and vulnerability research.

I1ackerOne
50+
CVEs Found
3
Certifications
2.3+
Years Exp.

Who I Am

About Me

I'm Qadeer — a Security Researcher driven by one question: how do systems break?

What began as curiosity has evolved into a disciplined career in Application Security Research. Operating on HackerOne, I hunt vulnerabilities that matter — from authentication flaws to business logic errors — and report them responsibly to help organizations strengthen their defenses.

With 2.3 years of focused experience, I've built a track record that includes bug bounty achievements, Hall of Fame recognitions, and a growing command of industry-standard tools including Burp Suite, OWASP methodologies, and network analysis frameworks. I have responsibly disclosed critical vulnerabilities to Fortune 500 companies.

My expertise spans web application security, binary exploitation, and advanced penetration testing techniques — demonstrating deep hands-on skill in both network and web attack vectors.

My mission: make the internet safer by finding what others miss.

Web App Pentesting
Exploit Development
Reverse Engineering
Network Security
Source Code Audit
Bug Bounty
Vulnerability Research & Exploitation
Cloud Security
Recon & Attack Surface Discovery
OWASP Top 10 & Web Security Testing

My Certifications

🛡️
OSCP
Offensive Security Certified Professional
Offensive Security
💻
OSWE
Offensive Security Web Expert
Offensive Security
⚔️
CEH
Certified Ethical Hacker
EC-Council

My Work

Security Research

🐛
Bug Bounty · Critical
Auth Bypass via JWT Confusion
Discovered a critical authentication bypass leveraging algorithm confusion in JWT validation on a major fintech platform.
HackerOneJWTAuth
View Write-up
🔍
CVE · High
SQLi in Popular CMS Plugin
Identified an unauthenticated SQL injection vulnerability affecting 200k+ installations of a WordPress plugin. Responsibly disclosed.
CVESQLiWordPress
View Write-up
Bug Bounty · Critical
SSRF to Internal Cloud Metadata
Chained SSRF with cloud metadata exposure to exfiltrate IAM credentials from a leading SaaS company's infrastructure.
SSRFAWSCloud
View Write-up
🔧
Tool · Open Source
AutoRecon-Web
Custom recon automation tool for web application bug bounty hunting. Combines passive and active scanning with smart filtering.
PythonToolRecon
View on GitHub
🌐
Bug Bounty · High
XSS to Account Takeover
Chained stored XSS with CSRF token theft to achieve full account takeover on an e-commerce platform with 10M+ users.
XSSCSRFATO
View Write-up
🔐
CVE · Critical
RCE via Deserialization
Remote code execution via unsafe Java deserialization in an enterprise middleware product. Affected 50+ enterprise clients globally.
RCEJavaCVE
View Write-up

What I Do

My Services

🕵️
Web App Penetration Testing
End-to-end black/grey/white box testing of web applications following OWASP Top 10 and PTES methodology. Detailed report with PoC and remediation.
🐞
Bug Bounty Consulting
Help organizations set up or improve their bug bounty programs on HackerOne/Bugcrowd. Triage, scope definition, and reward structuring.
🔎
Source Code Review
Manual and automated security review of application source code across multiple languages. Identify logic flaws, injection points, and business-logic vulnerabilities.
🌐
API Security Testing
Comprehensive REST and GraphQL API security assessment including auth, rate limiting, BOLA/BFLA, and data exposure testing.
🎓
Security Training
Hands-on training for developer teams in secure coding, threat modeling, and OWASP best practices. Custom workshops and CTF-style labs.
📋
Vulnerability Research
Deep-dive independent research into software and infrastructure. Zero-day discovery with responsible disclosure and CVE coordination.

My Work

All Projects

🕷️
Pentest · Critical
Advanced Web App Pentest
Deep-dive into complex web apps. Found and responsibly disclosed critical vulnerabilities including auth bypasses, IDOR, and business-logic flaws.
Burp SuiteOWASPFFUFSQLMap
View Write-up
🔌
API Security · High
API Security Assessment
Tested REST & GraphQL APIs for authentication flaws, automated fuzzing, rate limiting bypass, and token privilege escalation chains.
GraphQLPostmanNucleiJWT
View Write-up
🔑
Bug Bounty · Critical
OAuth Token Logic
Discovered token refresh bypass enabling privilege escalation in a mobile app, allowing access to admin endpoints without valid credentials.
OAuth2MobileFridaBurp Suite
View Write-up
☁️
Cloud Security · High
Cloud Security Audit
Assessed AWS/Azure/GCP environments for misconfigurations, IAM privilege issues, exposed S3 buckets, and delivered hardening recommendations.
AWSAzureGCPProwler
View Write-up
🔓
Tool · TryHackMe
Hash Cracker
Earned the Hash Cracker badge on TryHackMe demonstrating expertise in identifying and cracking various hash types using modern techniques.
HashcatJohnMD5SHA
View Badge
🌐
Bug Bounty · High
XSS to Account Takeover
Chained stored XSS with CSRF token theft to achieve full account takeover on a platform with millions of users. Responsibly disclosed via HackerOne.
XSSCSRFHackerOneJS
View Write-up
🗄️
CVE · High
SQLi in CMS Plugin
Identified an unauthenticated SQL injection vulnerability in a widely used CMS plugin affecting hundreds of thousands of installations worldwide.
SQLMapMySQLCVEWordPress
View Write-up
🎯
Recon · Tool
Recon & Attack Surface Discovery
Built an automated recon pipeline combining subdomain enumeration, port scanning, and JS secret extraction to map full attack surfaces rapidly.
AmassSubfinderHttpxPython
View on GitHub
Bug Bounty · Critical
SSRF to Cloud Metadata
Chained SSRF with AWS metadata endpoint exposure to exfiltrate IAM credentials from a SaaS company's internal infrastructure.
SSRFAWSIMDSv1Burp
View Write-up
🔐
CVE · Critical
RCE via Deserialization
Remote code execution via unsafe Java deserialization in an enterprise middleware product. Coordinated CVE disclosure affecting 50+ enterprise clients.
JavaysoserialRCECVE
View Write-up

Contact Me

Have a project, collaboration, or vulnerability to report? Drop me an email — I respond within 24 hours.

📨
📨 i10xqadeer@outlook.com
✅ Message sent! I'll get back to you soon.