Available for VAPT Engagements
Md Ashiqur
Rahman Emon
VAPT Specialist · Ethical Hacker · Offensive Security Researcher · Bug Bounty Hunter
#TOP 500Intigriti Global
Ranking
100+Organisations
Disclosed To
5+Years Offensive
Security
Top1%TryHackMe
Platform
🏆 Intigriti Hall of Fame
CAP Certified
CNSP Certified
CRTOM Certified
BGD e-GOV Cyberdrill — 4th Place
PortSwigger 190+ Labs
// 01 — About
Ethical hacker and VAPT specialist with 5+ years of hands-on offensive security experience. Ranked Top 500 worldwide on Intigriti, with extensive lab validation across PortSwigger (190+ Labs) and TryHackMe (160+ Rooms). Expert in OWASP Top 10 (Web/API), AI Driven Pentesting, SecOps, Application Security, PCI-DSS, and ISO 27001. Expertise in AI-assisted security research, cloud hacking, and automated reconnaissance.
// 02 — Experience
- Ranked #TOP 500 globally on Intigriti with Hall of Fame recognitions.
- Disclosed exceptional / critical vulnerabilities across 100+ organisations — including Elastic, John Deere, Razer, Xsolla, Telenet, Signicat, and Red Bull.
- Engineered personal automation scripts for asset discovery, reconnaissance, fuzzing, exploit automation using (Python and Bash) and AI-based red teaming & automated pentesting.
- Extensive experience through company self-hosted bug bounty programs, advancing exposure to emerging vulnerabilities and OSINT techniques beyond standard OWASP Top 10.
- Leveraged LLMs (Claude, ChatGPT, Grok, DeepSeek) for automated scanning, exploit development, and secure code review.
#TOP 500 Intigriti Rank
100+ Orgs Disclosed
5+ Yrs Active
HoF Multiple Recognitions
- Designed and delivered a 4-month comprehensive Ethical Hacking course for 20+ students.
- Mentored students on building security automation tools and writing professional VAPT reports.
// 03 — Technical Skills
Offensive Security
Web Pentesting
API Pentesting (REST, GraphQL)
Network Pentesting
Cloud Security (AWS, GCP, DO, Linode)
IoT Hacking
AI Hacking
Social Engineering
OSINT
Methodologies & Compliance
VAPT
OWASP Top 10 (Web/API)
Threat Modeling
PCI-DSS
ISO 27001
SecOps
CIA Triad
TCP/IP · OSI
Cryptography
Security Tools
Burp Suite
Nmap
Naabu
Rustscan
Hydra
Dirsearch
FFUF
SQLmap
Nuclei
Httpx
Acunetix
OWASP ZAP
Postman
Nessus
Metasploit
Programming & Automation
Python
Bash
PHP
JavaScript
HTML / CSS
JSON / YAML
LLM-assisted Recon
AI Exploit Dev
Secure Code Review
// 04 — Labs & Research
190+
Labs Completed
PortSwigger Web Security Academy
160+
Rooms Completed
TryHackMe — Top 1%
4th
National Cyberdrill
BGD e-GOV CIRT Bangladesh
- Infosec Publication (Medium): Technical blogs on exploitation techniques and offensive security methodologies.
- Academic Thesis: Offensive Approach in Web Application Pentesting with TOR and Proxychains (CSE 4th-year project).
- Android Development: "Medicine Care" Android application (CSE 3rd-year project).
- Security Automation: Custom reconnaissance, fuzzing, and exploit automation tooling in Python and Bash.
- PentesterLab: Advanced manual exploitation exercises beyond automated tooling.
// 05 — Certifications
CRTOM
Certified Red Team Operations Management
CRTOM
CAP
Certified AppSec Practitioner
The SecOps Group
CNSP
Certified Network Security Practitioner
The SecOps Group
// 06 — Education
- Thesis: Offensive Approach in Web Application Pentesting with TOR & Proxychains.
- Developed "Medicine Care" Android application as third-year project.