MD RABUL SANY

Ethical Hacker with 3+ years of experience. Specializing in penetration testing, vulnerability identification and security solutions that protect digital assets from evolving threats.

VIEW WORK →

YEARS EXP

Active since 2021

VULNS FOUND

12 Critical · 24 High

TOTAL BOUNTY

HackerOne + Intigriti

PLATFORMS

H1 · Intigriti · HTB

03.

BOUNTY EARNINGS

TOTAL EARNINGS

Across all bug bounty platforms

⚡ VERIFIED PAYOUTS

TOP PLATFORM

HackerOne

$5,200 · 32 reports · 8 critical

⬡ ACTIVE HUNTER

// MONTHLY EARNINGS (2024)

// PLATFORM BREAKDOWN

HackerOne

61%

Intigriti

28%

Bugcrowd

11%

// SEVERITY BREAKDOWN

Critical

22%

High

45%

Medium

33%

02.

FEATURED PROJECTS

CONFIDENTIAL

BUG BOUNTYWEB

Critical Auth Bypass — Global SaaS Platform

Authentication bypass allowing full account takeover without credentials. Affected 200K+ enterprise users.

⚡ P1 · CRITICALREAD WRITE-UP →

CONFIDENTIAL

RED TEAMNETWORK

Internal Network Pentest — Finance Sector

Full red team engagement. Achieved domain admin via lateral movement and privilege escalation chain.

🔴 DOMAIN ADMINREAD WRITE-UP →

WEB PENTESTSQL

Blind SQLi to RCE — E-Commerce Platform

Chained blind SQL injection with SSRF to achieve Remote Code Execution on production server.

🟡 HIGH · RCEREAD WRITE-UP →

RESEARCHAPI

API Security Audit — Healthcare System

IDOR vulnerabilities allowing unauthorized access to 50,000+ patient records. CVE pending.

⚡ CRITICAL · IDORREAD WRITE-UP →

04.

EXPERIENCE

Security Researcher

⬡ HackerOne

2021 — PRESENT · 3+ yrs

Identified and reported high-impact vulnerabilities for global organizations.
Helped companies strengthen digital defenses by uncovering critical system flaws.
Collaborated with enterprise security teams across multiple verticals.

⚡ Top Researcher · 50+ Reports Accepted

Ethical Hacker

⬡ HackerOne

2022 — 2024 · 2 yrs

Performed deep penetration testing and collaborated with security teams.
Developed effective solutions against potential cyber threats.
Conducted source code review and black-box testing engagements.

✓ Penetration Testing · Code Review

Bug Bounty Hunter

⬡ Intigriti

2022 — PRESENT · 2+ yrs

Identifying system vulnerabilities with official permission.
Reporting security flaws to maintain high-level safety standards for client networks.
Specializing in web application and API security assessments.

⚡ Active Hunter · Multiple P1/P2 Reports

05.

SKILLS & STACK

// SKILL RADAR

Web Hacking

92%

OWASP Top 10

95%

Burp Suite

90%

API Security

85%

SQLi / XSS

88%

Networking

82%

Nmap/Recon

90%

Wireshark

78%

VAPT

87%

Cryptography

75%

Metasploit

83%

Priv Escalation

80%

SSRF / XXE

85%

Red Teaming

72%

Reverse Shell

78%

Linux/Bash

88%

Python

70%

OSINT

82%

Report Writing

90%

CTF

76%

// LANGUAGES

BANGLA — NATIVE

ENGLISH — FLUENT

06.

TOOLS ARSENAL

🔥

BURP SUITE

WEB

💀

METASPLOIT

EXPLOIT

🌐

NMAP

RECON

🦈

WIRESHARK

NETWORK

⚡

NUCLEI

SCANNER

🐍

SQLMAP

INJECT

🛡️

OWASP ZAP

WEB

🔍

SUBFINDER

RECON

🔐

HASHCAT

CRYPTO

🐧

KALI LINUX

📡

FFUF

FUZZ

🕷️

DIRSEARCH

RECON

07.

WRITE-UPS & RESEARCH

CVE-2024-XXXXMar 2025

Exploiting SSRF to Access AWS Metadata Service

Chained SSRF with cloud metadata endpoint exposure to extract IAM credentials from production environment.

→ READ FULL WRITE-UP

HTB PRO LABJan 2025

HackTheBox RastaLabs — Full Domain Compromise

Complete walkthrough covering Active Directory exploitation, Kerberoasting, and BloodHound lateral movement.

→ READ FULL WRITE-UP

BUG BOUNTYNov 2024

Stored XSS in Admin Panel — $2,500 Bounty

Persistent XSS in admin-facing dashboard allowing complete session hijacking of privileged accounts.

→ READ FULL WRITE-UP

CTF · 1ST PLACESep 2024

Web Category — National CTF Championship 2024

All 8 web challenges: JWT attacks, deserialization, SSTI, and prototype pollution — 1st place finish.

→ READ FULL WRITE-UP

08.

CERTIFICATIONS

EC-COUNCIL

Certified Ethical Hacker (CEH)

// 2024 · Valid

Advanced hacking tools and techniques training by EC-Council.

HOVER TO FLIP ↻

🏆

CEH CERTIFIED

EC-Council · 2024
Status: ACTIVE

[ VERIFY ON CREDLY ]

TCM SECURITY

Practical Ethical Hacking – The Complete Course

// 2023 · Completed

Hands-on network pentesting, web hacking, real-world exploitation.

HOVER TO FLIP ↻

⚡

TCM CERTIFIED

TCM Security · 2023
Status: COMPLETED

[ VERIFY ON ACADEMY ]

09.

EDUCATION

Diploma in Civil Engineering

Bodiul Alam Science & Technology Institute

2020 — 2023

Project management, engineering design and technical problem-solving — applied to structured security research and systematic vulnerability assessment.

Secondary School Certificate (SSC)

Madhabpur High School

2014 — 2019

Strong foundation in science and technology, sparking early interest in computer systems and security.

10.

VISITOR INTELLIGENCE

—

TOTAL VISITORS

// YOUR CONNECTION

IP: Resolving...

Location: Detecting...

ISP: Scanning...

// VISITOR ORIGIN MAP

🇧🇩 Bangladesh 🇺🇸 United States 🇮🇳 India 🇬🇧 United Kingdom 🇩🇪 Germany

11.

CONTACT

Book a Free 30-min Security Consultation

Let's discuss your security needs — vulnerability assessment, pentest, or research collaboration.

Open to security research collaborations, bug bounty programs, and penetration testing engagements. All communications are encrypted.

✉

mdrabulsany71@gmail.comPRIMARY

mdrabulsanyLINKEDIN

MdRabulSanyFACEBOOK

⬡

HackerOne ProfileH1

// SEND ENCRYPTED MESSAGE

YOUR NAME

YOUR EMAIL

SUBJECT

MESSAGE

contact.sh — interactive

$ ./contact.sh
Type: help | whoami | hire | skills

rabul:~$