I am Osama Mahmood ! A Security Reasearcher !
Information Security enthusiast and Penetration Tester having knowledge of the following fields:
Started to learn web application security at the age of 14.
Within 2 months I was able to report in over 30 organizations. I got
acknowledged for reporting software and web application security
vulnerabilities.
- Web Application Penetration Testing
- Network Security
Here is the Exploit i found in a WordPress Theme:-
-http://packetstormsecurity.com/files/131657/WordPress-Exquisite-Ultimate-Newspaper-1.3.3-Cross-Site-Scripting.html
Bugcrowd Profile : https://www.bugcrowd.com/Osama_Mahmood
HackerOne : https://www.hackerone.com/osama_mahmood
I haven't done any certifications or any courses related to information
security yet. Most of my achievements were through self studying,
practice and hard work.
Honors & Awards
Acknowledged in Microsoft Hall of Fame of Security Researchers
Microsoft
Microsoft mentioned me in their hall of fame of security researchers for reporting security vulnerability in Microsoft website.
Checkout:
https://technet.microsoft.com/en-us/security/cc308575
Checkout:
https://technet.microsoft.com/en-us/security/cc308575
Acknowledged By Facebook :) 2015
Reported Authorization bug in one of facebook acquired Oculus
One of the biggest dreams became true.. ♥
Thank you
Facebook ♥
And my all well wishers ♥♥♥
http://facebook.com/whitehat/thanks/
One of the biggest dreams became true.. ♥
Thank you
Facebook ♥
And my all well wishers ♥♥♥
http://facebook.com/whitehat/thanks/
Acknowledged in Apple Hall of Fame of Security Researchers
Apple
Apple mentioned me in there hall of fame of security researchers for reporting vulnerability in Apple.
Checkout:
http://support.apple.com/en-au/HT201536
Checkout:
http://support.apple.com/en-au/HT201536
$150 From Heroku
Heruku
Got $150 from Heroku for fining vulnerability in there website .
Checkout:
https://bugcrowd.com/heroku/hall-of-fame
Checkout:
https://bugcrowd.com/heroku/hall-of-fame
$50 Form Dropcam
Dropcam
Got $50 from dropcam for reporting vulnerability in there web application .
Checkout:
http://bugcrowd.com/dropcam/hall-of-fame
Checkout:
http://bugcrowd.com/dropcam/hall-of-fame
$50 From Opendrive
Opendrive
Got $50 from OpenDrive for reporting Cross Site Scripting Vulnerability .
$100 ,T-shirt & Hall Of Fame From Olark
Olark
Got $100 ,T-shirt & Hall Of Fame From Olark for reporting vulnerability in the API and chat site.
Checkout:
https://www.olark.com/help/security
Checkout:
https://www.olark.com/help/security
Acknowledged By Python.org
Python.org
Reported Stored XSS in there site. And Got HOF
https://www.python.org/humans.txt
https://www.python.org/humans.txt
Acknowledged By Rapid 7 & Metasploit :)
Rapid 7 & Metasploit
Got acknowledged by Rapid 7 & Metasploit :) and as a reward they send me some really cool swag :)
https://www.facebook.com/th3.m4rkm3n.007/posts/731568063626681
https://www.facebook.com/th3.m4rkm3n.007/posts/731568063626681
Acknowledged By Dropbox
Dropbox
Reported
vulnerability in Hackpad acquired by Dropbox and got acknowledged by
Dropbox got 1TB Pro Account for life time and a T-shirt :)
https://hackerone.com/dropbox/thanks
http://osamamahmood.blogspot.com/2015/02/cross-site-in-hackpad-acquired-by.html
https://hackerone.com/dropbox/thanks
http://osamamahmood.blogspot.com/2015/02/cross-site-in-hackpad-acquired-by.html
Acknowledge By CyberGhost
CyberGhost
Got 3 month Premium key for reporting a information discloser Vulnerability .
Acknowledged By Automattic
Automattic
Acknowledged by Automattic for reporting bug in wordpress
https://hackerone.com/automattic/thanks
https://hackerone.com/automattic/thanks
Acknowledged By Secret.ly
Secret.ly
Reported information disclouser vulnerability in secret.ly and received T-shirt and stuffed Toy.
https://hackerone.com/secret/thanks
https://hackerone.com/secret/thanks
Acknowledged By Symantec
Symantec
For reporting Open Redirect
osamamahmood.blogspot.com/2015/05/symantec-vulnerable-to-open-redirect.html
osamamahmood.blogspot.com/2015/05/symantec-vulnerable-to-open-redirect.html
Acknowledged By ReddAPI
ReddAPI
For reporting Login Brute Force Attack
https://hackerone.com/reddapi/thanks
https://hackerone.com/reddapi/thanks
Acknowledged By Bitcasa
Bitcasa
For reporting Vulnerability :)
https://support.bitcasa.com/hc/en-us/articles/202210658-How-To-Responsibly-Report-Security-Concerns
https://support.bitcasa.com/hc/en-us/articles/202210658-How-To-Responsibly-Report-Security-Concerns
Acknowledged By Buffer
Buffer
For reporting
https://bufferapp.com/security
https://bufferapp.com/security
Acknowledged By Campaign Monitor
Campaign Monitor
For reporting Broken Authentication – Session Token bug
https://help.campaignmonitor.com/contact
https://help.campaignmonitor.com/contact
Acknowledged By CodePen
CodePen
For reporting Mis-Configuration Bug
https://bugcrowd.com/codepen/hall-of-fame
https://bugcrowd.com/codepen/hall-of-fame
Acknowledged By Parallels
Parallels
Got 2 year premium access to Parallels access for reporting Password reset Issue
Acknowledged by Freelancer
Freelancer
Reported information leakage and got a White Hat Badge and a Freelancer T-shirt
https://twitter.com/OsamaMahmood007/status/569378085511901184
https://www.facebook.com/photo.php?fbid=720789591371195&set=pb.100003204810332.-2207520000.1427616576.&type=3&theater
https://twitter.com/OsamaMahmood007/status/569378085511901184
https://www.facebook.com/photo.php?fbid=720789591371195&set=pb.100003204810332.-2207520000.1427616576.&type=3&theater
Acknowledged By DuckDuckGo
DuckDuckGo
Reported Authentication Issues in Duck.co and got T-shirt
https://twitter.com/OsamaMahmood007/status/537795686754828288
https://twitter.com/OsamaMahmood007/status/537795686754828288
Acknowledged by Docker
Docker
Reported Multiple Vulnerabilities in hub.docker.com
https://www.facebook.com/th3.m4rkm3n.007/posts/737131563070331?notif_t=like
https://www.facebook.com/th3.m4rkm3n.007/posts/737131563070331?notif_t=like
Acknowledged By MailChimp
MailChimp
Reported vulnerabilities :)
http://mailchimp.com/about/security-response/
http://mailchimp.com/about/security-response/
Acknowledged By MailGun
MailGun
Reported Authentication Bugs and got T-shirt as a reward..
https://twitter.com/OsamaMahmood007/status/524950700380274688
https://twitter.com/OsamaMahmood007/status/524950700380274688
Acknowledged By PagerDuty
PagerDuty
Reported Multiple Bug in There website.
https://www.facebook.com/photo.php?fbid=666805640102924&set=pb.100003204810332.-2207520000.1427616585.&type=3&theater
https://www.facebook.com/photo.php?fbid=666805640102924&set=pb.100003204810332.-2207520000.1427616585.&type=3&theater
Acknowledged By Keen.io
Keen.io
Reported Dir Listing and got T-shirt :)
Acknowledged By DreamHost
DreamHost
Reported security issue in Dreamhost.com and received T-shirts
https://www.facebook.com/photo.php?fbid=671226382994183&set=pb.100003204810332.-2207520000.1427616583.&type=3&theater
https://www.facebook.com/photo.php?fbid=671226382994183&set=pb.100003204810332.-2207520000.1427616583.&type=3&theater
Acknowledged By Sony
Sony
Reported Vulnerabilities in sony.com and playstation.com
https://secure.sony.net/hallofthanks
https://www.facebook.com/photo.php?fbid=666385296811625&set=pb.100003204810332.-2207520000.1427616585.&type=3&theater
https://secure.sony.net/hallofthanks
https://www.facebook.com/photo.php?fbid=666385296811625&set=pb.100003204810332.-2207520000.1427616585.&type=3&theater
Acknowledged By Paymill
Paymill
Reported Vulnerabilities in Paymill and got HOF and t-shirt
https://developers.paymill.com/en/security/security-standards/
https://twitter.com/osamamahmood007/status/514811198412308480
https://developers.paymill.com/en/security/security-standards/
https://twitter.com/osamamahmood007/status/514811198412308480
Acknowledged By SchubergPhills
SchubergPhills
Got Acknowledged
https://twitter.com/osamamahmood007/status/529957864270348288
https://twitter.com/osamamahmood007/status/522436635124723712
https://www.schubergphilis.com/2014/12/15/responsible-disclosure-hall-of-fame-1/
https://twitter.com/osamamahmood007/status/529957864270348288
https://twitter.com/osamamahmood007/status/522436635124723712
https://www.schubergphilis.com/2014/12/15/responsible-disclosure-hall-of-fame-1/
Acknowledged By Ministry Of Interior And Kingdom Relations
Ministry Of Interior And Kingdom Relations
Reported Security vulnerabilities in there website.and got Acknowledgment Letter and t-shirt
https://twitter.com/OsamaMahmood007/status/559700381643456515
https://twitter.com/OsamaMahmood007/status/559700381643456515
Acknowledged By Coursera
Coursera
Reported Open Redirect and got a 100% discount on any Signature Track course!.
https://www.facebook.com/photo.php?fbid=740079062775581&set=a.190423754407784.40514.100003204810332&type=1&theater
https://www.facebook.com/photo.php?fbid=740079062775581&set=a.190423754407784.40514.100003204810332&type=1&theater
Acknowledged by KPN
KPN
Reported some security vulnerabilities in KPN domain and got acknowledge by KPN and got a acknowledgment Letter and T-shirt .
https://www.facebook.com/photo.php?fbid=740766792706808&set=a.190423754407784.40514.100003204810332&type=1&theater¬if_t=like
https://www.facebook.com/photo.php?fbid=740766792706808&set=a.190423754407784.40514.100003204810332&type=1&theater¬if_t=like
Acknowledged By Elance-oDesk
Elance-oDesk
Reported some Session related vulnerabilities and got $100 and HOF
https://bugcrowd.com/odesk/hall-of-fame
https://bugcrowd.com/odesk/hall-of-fame
Acknowledged by GoAnimate
GoAnimate
Reported HTML Injection and got HOF
http://goanimate.com/video-maker-tips/security/
http://goanimate.com/video-maker-tips/security/
Acknowledged by GetPocket
GetPocket
Reported and got HOF
http://help.getpocket.com/customer/portal/articles/1225832-pocket-security-overview
http://help.getpocket.com/customer/portal/articles/1225832-pocket-security-overview
Acknowledged By SkyTV
SkyTV
Reported security vulnerabilities XSS
https://skytv.custhelp.com/app/answers/detail/a_id/1797/~/responsible-disclosure-guidelines#e
https://skytv.custhelp.com/app/answers/detail/a_id/1797/~/responsible-disclosure-guidelines#e
Acknowledged By Smart Budget
Smart Budget
Reported XSS And got HOF
https://www.sbudget.com/people.pl
https://www.sbudget.com/people.pl
Acknowledge by SplashID
SplashID
Reported Multiple web vulnerabilities
https://bugcrowd.com/splashid/hall-of-fame
https://bugcrowd.com/splashid/hall-of-fame
Acknowledged By Twilio
Twilio
Reported vulnerability
https://bugcrowd.com/twilio/hall-of-fame
https://bugcrowd.com/twilio/hall-of-fame
Acknowledged By Founder Bliss
Founder Bliss
reported Authentication Bug
https://www.crowdcurity.com/founder-bliss/hall-of-fame/all
https://www.crowdcurity.com/founder-bliss/hall-of-fame/all
Acknowledged By PonyMC
PonyMC
Reported Multiple Bugs
https://www.crowdcurity.com/ponymc/hall-of-fame/all
https://www.crowdcurity.com/ponymc/hall-of-fame/all
Acknowledged By LocalBitcoins
LocalBitcoins
reported some mis configuration bug and got $50
https://www.crowdcurity.com/localbitcoins/hall-of-fame/all
https://www.crowdcurity.com/localbitcoins/hall-of-fame/all
Acknowledged By Crowdcurity
Crowdcurity
Reported Weak Password Policy . and got 0.02 BTC
https://www.crowdcurity.com/crowdcurity/hall-of-fame/all
https://www.crowdcurity.com/crowdcurity/hall-of-fame/all
Acknowledged By ShaderToy
ShaderToy
Reported Reflected XSS and Stored XSS and got listed in there about page
https://www.shadertoy.com/about
https://www.shadertoy.com/about
Cloudflare Bug Bounty Reward
Cloudflare
Got Cloudflare Limited Edition T-shirt reward for reporting vulnerability in cloudflare website.
https://hackerone.com/cloudflare/thanks
https://hackerone.com/cloudflare/thanks
Acknowledged By Trove
Trove
Reported XSS in trove.com and recieved the swag.
https://www.facebook.com/photo.php?fbid=745539205562900&set=a.190423754407784.40514.100003204810332&type=1&ref=notif¬if_t=like
Acknowledged by Gitter
Gitter
Reported Some Header related Issues in gitter.im a Dev's Discussion Platform
https://www.facebook.com/photo.php?fbid=745533202230167&set=a.190423754407784.40514.100003204810332&type=1&ref=notif¬if_t=like
https://www.facebook.com/photo.php?fbid=745533202230167&set=a.190423754407784.40514.100003204810332&type=1&ref=notif¬if_t=like
Acknowledged by AT&T
AT&T
Reported vulnerability and got HOF :)
https://bugbounty.att.com/hof.php
https://bugbounty.att.com/hof.php
Acknowledged By CoinDaddy by HOF and $5
CoinDaddy
Reported some mis configuration in there site and got HOF and $5
https://www.crowdcurity.com/coindaddy/hall-of-fame/all
https://www.crowdcurity.com/coindaddy/hall-of-fame/all
Acknowledged By Redbooth
Redbooth
Reported Vulnerability and got acknowledged by RedBooth
Rewarded From Kalibrr
Kalibrr
Reported some vulnerabilities in there site and got $140 as a reward
1) DOM XSS
2) Header Related Issue
1) DOM XSS
2) Header Related Issue
Acknowledged By ESET :)
ESET
Got 1 year premium antivirus :)
https://www.facebook.com/th3.m4rkm3n.007/posts/754411358009018?comment_id=754411694675651&offset=0&total_comments=1¬if_t=feed_comment
https://www.facebook.com/th3.m4rkm3n.007/posts/754411358009018?comment_id=754411694675651&offset=0&total_comments=1¬if_t=feed_comment
Acknowledged By Linux Foundation
Linux Foundation
Reported Vulnerabilities in there site and got $125 coupon for Linux Foundation Certification Exam
Acknowledged By LiveStream
LiveStream
Reported Open redirect vulnerability :)
but no HOF
but no HOF
Acknowledged By RunScope
RunScope
Reported some security vulnerability
Acknowledged By ZIMPERIUM
ZIMPERIUM
Reported vulnerabilities in there website. and received limited edition t-shirt.
https://twitter.com/OsamaMahmood007/status/595625790554787840
https://twitter.com/OsamaMahmood007/status/595625790554787840
Acknowledged By PeoplePerHour
PeoplePerHour
Reported some session management issue in PeoplePerHour and received 15 free proposal credits
Acknowledged By TransferWise
TransferWise
Reported Some session management issue and recieved free payment (of up to 3000 GBP)
Acknowledged By Tr.im
Tr.im
Reported vulnerability that email was not being verified at sigin up page .
Acknowledged By Edx.org
Edx.org
Reported session management vulnerabilities in Edx.org and received T-shirt :)
https://www.facebook.com/th3.m4rkm3n.007/posts/758244670959020
https://www.facebook.com/th3.m4rkm3n.007/posts/758244670959020
Acknowledged By Gravity4
Gravity4
Reported vulnerabilities in there site and got appreciated
Acknowledged By MeetUp
MeetUp
Reported Open redirect in there site and got acknowledged .
Acknowledged By Hosting24
Hosting24
Reported Multiple Bug in there site and got free domain name .
Acknowledged By Xero
Xero
Reported Some session management issue
Acknowledged By LiveChat INC
LiveChat INC
Reported Vulnerabilities in there site and received $20 as a Bounty
Acknowledged By RollBar
RollBar
reported vulnerabilities and got acknowledged:-
https://rollbar.com/about/responsible-disclosure-policy/
https://rollbar.com/about/responsible-disclosure-policy/
Acknowledged By Harvest
Harvest
Reported some password reset link issue and received T-shirt .
https://www.getharvest.com/
https://www.getharvest.com/
Acknowledged By Innogames.de
Innogames.de
Reported 6 XSS and some session related vulnerabilities and got SWAG .
1 Year Premium Account Subscription from OSTraning
OSTraning
Got a year premium account from OSTraning
Acknowledged By MashApe
MashApe
Reported Privilege Escalation in there website and got T-shirt
Acknowledged By Glasswire
Glasswire
For reporting Option Method Enabled in GlassWire.
https://hackerone.com/glasswire/thanks
https://hackerone.com/glasswire/thanks
Acknowledged By TeamSnap
TeamSnap
Reported Some issues and received T-shirt
Acknowledged By Splunk
Splunk
Reported Password reset le=ink issue and received T-shirt
Education
Fazaiia Inter College Korangi Creek Karachi
High School, Metric, Computer Science, A
Doing FSC in Pre-Engineering
Activities and Societies: Computer Science Projects
Volunteer Experience & Causes
Security Researcher
Charity Program On Bugcrowd
Science and Technology
There
was a program on Bugcrowd which was purely for charity purpose and i
reported vulnerabilities in there site and a " Charity Hero " award on
Bugcrowd .
https://bugcrowd.com/Osama_Mahmood
https://bugcrowd.com/Osama_Mahmood
0 comments:
Post a Comment