JAFAR PATHAN

ABOUT ME

Hey there,

Hi I am Jafar Pathan,
- 👨‍💻 Working Professional in field of Cyber Security, and helping organizations of diverse domains improves their cyber security posture. Completed my bachelor's in Computer Engineering, Achieved CEHv12 Practical certification.
- 🥷 Having expertise in VAPT of wide range of applications domains including Network VAPT, Mobile Applications, APIs, Thick Thin Clients, Web Applications, and skilled in Malware 🐞 Analysis and Reverse Engineering.
- 💡Creator of the first ever Browser Based Web Fuzzing tool -> The Browser Bruter.
- 🔭By hobby I love to research, study and contribute in the field of cyber security.
- 🇮🇳 Made in India.
- 🤝 I'm available for collaboration on Tools Development and CTFs.
- 🎯 Stuck in the loop of - 'Hack->Code->Secure->Repeat'
- 🔑 Here's my PGP key (Just In Case) - https://keys.openpgp.org/vks/v1/by-fingerprint/704CE7C0E6C4F80413F6940FEBF83C765712B2BB

EXPERIENCE

Net Square Solutions Pvt. Ltd.

Information Security Analyst (Jan 2023 - Present)

• Performing VAPT of diverse and vast range of applications including Web Application, Mobile Applications, API Security, Network VAPT, Thick Thin Clients.
• Utilizing my coding skills to perform secure code review to find vulnerabilities in source code and help clients mitigate them.
• Preparing a comprehensive report of VAPT with supporting Proof of Concepts and remediations.
• Writing scripts for automation and problem solving to tackle the challenges faced by the team during VAPT.
• Performing R&D to improve my technical skills and contributing my learnings to the team and the organization.

EDUCATION

Completed Bachelors of Engineering in Computer Engineering from Government Engineering College, Gandhinagar | 2020 - 2023
CGPA: 8.81

Completed Diploma in Computer Engineering from Shri K.J.Polytechnic, Bharuch | 2017 - 2020
CGPA: 9.03

PROJECTS

The BrowserBruter | Associated with Net Square Solutions PVT LTD.
The FIRST EVER! Browser automation based web penetration testing tool.It attacks the web application by controlling and running browsers and injecting malicious payloads in input fields. It automates the process of sending payloads to input fields of web applications in the browser and sends them to the server.It completely bypasses the need to break the encryption of HTTP Traffic in order to fuzz and insert payloads in scanners and intruders like BurpSuite, SQLMap, etc. After fuzzing it generates a comprehensive report including all the data and result of the pentest along with HTTP traffic, this report can be viewed by The Report Explorer tool which comes with The Browser Bruter.
Get it now - https://github.com/netsquare/BrowserBruter/releases

The BrowserBruter Official Documentation | Associated with Net Square Solutions PVT LTD.
The official documentation for The BrowserBruter contains comprehensive and detailed guide on installation, usage & more.
Check now - https://net-square.com/browserbruter/

Damn Vulnerable Android Components
An intentionally vulnerable Android Application to demonstrate various vulnerabilities that arise in Android Components.
Download Now - https://github.com/zinja-coder/Damn-Vulnerable-Android-Components

CERTIFICATIONS

• Certified Ethical Hacker V12 Practical from EC-Council
• Practical Malware Analysis & Triage from TCM
• Practical Ethical Hacking - The Complete Course TCM
• API Security Architect from API Academy
• Android App Hacking - Black Belt Edition from Udemy

TECHNICAL

• VAPT
• Research & Development
• Static Application Security Testing (Secure Code Review)
• Mobile Application Security Testing
• API Security Testing
• Network Penetration Testing
• Strong Experience with tools including Burp Suite, BrowserBruter, Metasploit, Nessus, NMAP, Wireshark, Ghidra, Ffuf, hashcat, etc.
• Web Application Penetration Testing
• Report Writing and Remediation
• Strong Experience with Linux and Windows Operating System
• Googling and Problem Solving
• Scripting and Automation
• Reverse Engineering & Malware Analysis

TALKS, WORKSHOPS & SESSIONS

• Conducted Workshop at NS Conclave 2024 Ahmedabad on Advance Android Exploitations.
• Conducted 2 Days Comprehensive Training on Advance Usage of Browser Bruter at GOA 2024 Employee Conference.
• Presented Research on Web Application Encryption bypass at NS Conclave 2024 Ahmedabad.
• Presented live demonstration of how to fuzz web applications with encrypted traffic at The Hacker's Meetup Vadodara 2024
• Conducted NULL HUMLA (A hands on Attack) Workshop at on Attacking web application using Browser Bruter Null Ahmedabad 2024

ACTIVITIES AND ACHIEVEMENTS

• Developed first ever browser automation based web application penetration testing tool.
• Developed beginner friendly Vulnerable Android Application focusing on android components vulnerabilities.
• Regular CTF player on numerous platforms and among top 1% on TryHackMe - https://tryhackme.com/p/ZinjaCoder
• Writing Articles and writeups about my research and CTFs on medium - https://medium.com/@zinjacoder

SECURITY RESEARCH, ARTICLES, BLOGS

• The Curse Of Encryption - Unleashing the Browser Bruter
• How to create Documentation for Hacking Tool
• The DVAC - Sieve Reborn
• The Painless Guide to Building the Reverse Engineering and Malware Analysis Lab