I will perform a full vapt and deliver a security report

Sri Lanka

I speak English

Penetration Tester, Bug Bounty Hunter, 3x CVE Discoverer

Offensive security researcher & penetration tester. HTB #1 Sri Lanka · HackerOne Top 2 Sri Lanka · 3x MITRE CVE discoverer (CVE-2026-39038/39/40 in Meesho's BharatMLStack). Specialized in web, API & c...
About this Gig

Are you looking for a professional security assessment with a clear, actionable report?


I'm wincr4ck offensive security researcher, HTB #1 Sri Lanka, HackerOne Top 2 Sri Lanka, and 3x MITRE CVE discoverer. I've found critical vulnerabilities in platforms used by UNICEF, Greenpeace, and global SaaS companies.


What I test:

- Web applications (auth, business logic, input validation)

- REST / GraphQL APIs (IDOR, BOLA, broken auth, injection)

- Cloud infrastructure (misconfigs, exposed secrets)

- Subdomains & attack surface mapping


What you get:

- Professional PDF report

- CVSS scored vulnerability ratings

- PoC screenshots & reproduction steps

- Remediation recommendations

- Post fix retest (Premium only)


Common findings: XSS, SQLi, IDOR, CORS misconfig, JWT attacks, 2FA bypass, auth bypass, subdomain takeover, exposed API keys.


Backed by 3 MITRE CVEs, RGOODS Hall of Fame, and active bug bounty work since 2024.


Message me before ordering to discuss your scope.