Shahrukh Iqbal Mirza
Offensive Security Consultant (Red Teamer / Hacker / Pentester)
About me
Howdy! I'm Shahrukh Iqbal Mirza, an infosec geek based in Karachi, Pakistan; working as a Cyber Security Analsyt / Red-Teamer / Penetration Tester in the private sector.I'm a hacker/red teamer/pentester. I love to play CTFs, and am an active member of Hack The Box - Rank: Pro Hacker (ranked 3rd all-over Pakistan in April '21) and TryHackMe - Rank: OMNI.I'm a seasonal bug-bounty hunter and I have got some Halls of Fame of some big organizations like Google and EC-Council to name a few; and have been appreciated for my bug reports by DELL Technologies, Kaspersky Lab, Drexel University, University of Twente, Harvard University, Avira etc.I have given talks at the BeerCon 2: Rise of the Rookie (Talk Title: Kerberoasting) and BeerCon 3: A Game Of Pwns (Talk Title: Oh-My-Phish).I'm also an Advocate of Hacking Is NOT A Crime, because I believe the term "hacker/hacking" is being wrongly used widely, and I am of the opinion that Hacking is not a crime, rather an art. Here's my Hacker Story.
My Portfolio
CVE-IDs:
CVE-2020-25985 - Arbitrary File Deletion (MonoCMS Blog)
CVE-2020-25986 - Cross-Site Request Forgery (MonoCMS Blog)
CVE-2020-25987 - Hard-Coded Credentials (MonoCMS Blog)
CVE-2020-28687 - Shell Upload via Edit Profile (Artworks Gallery)
CVE-2020-28688 - Shell Upload via Add Artwork (Artworks Gallery)Exploits:
MonoCMS Blog - Multiple Vulnerabilities
Artworks Gallery - Shell Upload via Edit Profile
Artworks Gallery - Shell Upload via Add Artwork
EG Free AntiVirus - Unquoted Service PathsBlog:
Check out my technical blogs here.Technical Talks
BeerCon 2: Rise of the Rookie - Kerberoasting
BeerCon 3: Game of Pwns - Oh-My-Phish!
Contact Me
Wanna know more about me or just have a chat?
Connect with me on GitHub, Twitter and LinkedIn!