Skip to content
View touhidshaikh's full-sized avatar
๐Ÿ’ญ
I may be slow to respond.
๐Ÿ’ญ
I may be slow to respond.
110 followers · 17 following

Achievements

Achievement: StarstruckAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault Contributor

Achievements

Achievement: StarstruckAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault Contributor

Highlights

Organizations

@Initd-sh

Block or report touhidshaikh

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
touhidshaikh/README.md

Typing SVG

๐Ÿ•ถ๏ธ About Me

I'm a Security Researcher based in India ๐Ÿ‡ฎ๐Ÿ‡ณ.
I hunt bugs, break systems, and build tools that help others do the same ๐Ÿ”ฅ

  • ๐ŸŽฏ 10+ CVEs published (XSS, RCE, SQLi, Auth Bypass, etc.)
  • ๐Ÿ› ๏ธ Contributor to Exploit-DB, Metasploit, and CIS Benchmarks
  • ๐ŸŽค Speaker at CrestCon (London) & ThreatCon (Kathmandu)
  • ๐Ÿง  Shellcode author and CTF machine creator for HTB & VulnHub

๐Ÿง™โ€โ™‚๏ธ Hacker Highlights

> echo "Touhid Shaikh"
โ”Œโ”€โ”€(root๐Ÿ’€touhid)-[~/research]
โ””โ”€$ whoami
Security Researcher | Exploit Developer | Open Source Contributor

โ”Œโ”€โ”€(root๐Ÿ’€touhid)-[~/CVEs]
โ””โ”€$ cat highlights.txt

โœ… OSCP | OSCE | CRT | CPSA | ISCยฒ CC
๐Ÿšจ CVE-2024-43381 โ€“ Stored XSS in reNgine
๐ŸŽฏ RCE on Netgear, TP-Link, OnePlus Web Services
๐ŸŽ“ MBA (ITASM) | BSc IT
๐ŸŒ Conferences: CrestCon (UK), ThreatCon (Nepal)

๐Ÿ“• Latest Blog Posts

๐Ÿงฐ Tech Stack & Tools I Use

Python PHP Docker Metasploit Burp Suite Git Kali Linux

๐Ÿ† CVEs & Research Contributions

  • ๐Ÿ”’ CVE-2024-43381 โ€“ Stored XSS in reNgine
  • ๐Ÿ’ฅ CVE-2021-29069 โ€“ Command Injection in Netgear Router
  • ๐Ÿ›ก๏ธ CVE-2018-11714 โ€“ Auth Bypass in TP-Link Routers
  • ๐Ÿ–ฅ๏ธ 10+ total CVEs โ€” see full list on Exploit-DB

๐Ÿ› Bug Bounty Hall of Fame

Proud to be acknowledged by:

  • ๐Ÿ Apple โ€“ Security Misconfiguration
  • ๐ŸŒ Synology โ€“ Remote Code Execution, SSRF and Security Misconfiguration
  • ๐Ÿ“ถ Netgear โ€“ Remote Code Execution and XSS and Security Misconfiguration
  • ๐Ÿ” OnePlus โ€“ Remote Code Execution
  • ๐ŸŽฏ Arlo, Registrar.gov, HackTheBox, PlaySMS, and more.

๐Ÿ“š Featured Work

๐Ÿง  Custom Labs Created

๐Ÿ”— Connect with Me

๐Ÿ™Œ Mentions

Thanks to everyone who has referenced or credited my work in their repositories!

๐Ÿ“Ÿ GitHub Stats & Hacker Vibes

Pinned Loading

  1. shellcode shellcode Public

    C 11 1

  2. 403Override-NG 403Override-NG Public

    An advanced, multi-threaded Burp Suite extension designed to automate the discovery of 401 Unauthorized and 403 Forbidden access control bypasses. This tool utilizes aggressive path mutation, headeโ€ฆ

    Python

  3. Writeup-DB/CyberTermX Writeup-DB/CyberTermX Public

    A Cyberpunk Terminal-Style Portfolio for Security Researchers or Hackers.

    HTML 2

  4. Writeup-DB/JWT-101-Lab Writeup-DB/JWT-101-Lab Public

    This vulnerable environment is designed to provide hands-on experience with the attack vectors associated with JSON Web Tokens (JWT, JWS, and JWE).

    Python

  5. Writeup-DB/The-Phantom-Directory Writeup-DB/The-Phantom-Directory Public

    PHP

  6. Writeup-DB/TheForbiddenFortress Writeup-DB/TheForbiddenFortress Public

    This intentionally vulnerable environment is designed to demonstrate and test the capabilities of the 403Override NG Burp Suite extension. It simulates real-world architecture discrepancies betweenโ€ฆ

    HTML