Cybersecurity Professional · Kerala, India

Hinan Mohamed
finds what others miss.

CEH-certified security consultant specializing in penetration testing, vulnerability assessment, and offensive security research. I help organizations identify and close critical security gaps — before adversaries find them first.

↗ LinkedIn GitHub Medium

Skills & Certifications

Certifications

CEH

Offensive Security

Burp Suite Nuclei nmap IDOR CORS Open Redirect JWT Analysis

Recon & Tools

subfinder amass httpx subjack curl Kali Linux

SOC & Monitoring

Splunk Wazuh Wireshark Snort SIEM Log Analysis Threat Detection

Domains

Web App Security API Security Bug Bounty Pen Testing Incident Response Threat Intelligence

Bug Bounty Findings

Hardcoded Production Credentials in Public JS File

Network Solutions — Exposed API keys and production credentials in a publicly accessible AEM JavaScript file.

CORS Misconfiguration with Credentialed Requests

Todoist — Subdomain wildcard trust allowing credentialed cross-origin requests, enabling potential account takeover.

IDOR on Profile Update Endpoint

Todoist — Insecure Direct Object Reference allowing unauthorized modification of user profile data via token leakage.

Dangling CNAME Exposing Internal AWS Infrastructure

Conductor — Misconfigured DNS record revealing internal AWS infrastructure details through subdomain takeover vector.

PayPal Invoice PII Exposure via Google-Indexed Links

PayPal — Personally identifiable information accessible via skipAuth invoice links indexed by Google search.

Writing & Profiles

✍️

Medium Bug bounty writeups & security research

→

💼

LinkedIn Professional profile & experience

→

🐙

GitHub Security tools, scripts & projects

→

𝕏

Twitter / X Security insights & community

→

Contact

Available for security consulting engagements, penetration testing contracts, bug bounty collaborations, and advisory roles. Based in Kerala, India — working with clients globally, remotely.

✉ Get in touch

Hinan Mohamedfinds what others miss.