Platforms
Where to Find Me
Active across major bug bounty platforms, professional networks, and the security community.
Bug Bounty Hunter · 19 Years Old · Algeria
At 19, #1 all-time in Algeria on Bugcrowd. 283+ vulnerabilities found at a 97.59% accuracy rate — top 1% globally across all severity tiers. Over half my submissions are P1 and P2 criticals: the kind that prevent data breaches, account takeovers, and system compromises.
Trusted across 35 Hall of Fame programs — 20 of them private, invitation-only engagements with real companies shipping real products. I find genuine, high-impact vulnerabilities in production systems and report them with precision. Web apps, APIs, Android, CTF — same standard across everything. Open for employment.
Alhamdulillah for everything.
Featured Research
In-depth breakdowns of real vulnerabilities discovered and responsibly disclosed across private and public programs.
Advanced dorking techniques used to uncover a massive data exposure. Full methodology, responsible disclosure process, and key lessons for defenders.
Read Article →An insecure direct object reference that allowed unauthorized deletion of any user account. Root cause analysis, impact assessment, and remediation.
Read Article →Step-by-step methodology from recon to exploitation of a blind SQLi in a tightly-scoped private program. Tools, payloads, and exfiltration technique.
Read Article →From zero to first three accepted vulnerabilities. The mindset, approach, and practical techniques that worked — written for newcomers starting their journey.
Read Article →Track Record
A timeline of milestones across bug bounty platforms and security research.
Second highest-ranked Algerian bug bounty hunter of all time. Ranked #376 globally with 1,607 points and 97.59% accuracy across 283 vulnerabilities.
Recognized across 35 Hall of Fame programs — 20 private and 15 public — for consistent high-quality vulnerability submissions at critical impact levels.
Active on HackerOne with 12 credits earned and consistent submission streak. Open for employment opportunities through the platform.
Published multiple technical write-ups on Medium covering OSINT, web security, API vulnerabilities, and bug bounty methodology. Active CTF competitor in web, machine, and OSINT categories.
Expertise
Specialized areas of offensive security with hands-on experience across real production targets.
XSS, SQL injection, CSRF, SSRF, RCE, IDOR, authentication bypass, business logic flaws, and chained exploit development.
REST and GraphQL assessment, JWT manipulation, rate limiting bypass, mass assignment, and insecure endpoint discovery.
APK reverse engineering, insecure data storage analysis, intent-based attacks, WebView vulnerabilities, and client-side security review.
Google dorking, passive reconnaissance, data leak discovery, open-source intelligence gathering, and footprinting.
Web exploitation, OSINT challenges, reverse engineering, and machine-based capture-the-flag across multiple platforms.
Front-end development, JavaScript, Python for exploit and tool development, and Bash scripting for automation and recon workflows.
Manual source code auditing across PHP, Python, and JavaScript to identify logic flaws, insecure implementations, and vulnerabilities that automated scanners miss.
Vulnerability disclosure reports, methodology write-ups, and educational content for the security community on Medium.
Platforms
Active across major bug bounty platforms, professional networks, and the security community.
Get in Touch
Available for full-time roles, freelance consulting, and responsible disclosure collaboration.
I'm open to security roles, consulting engagements, and collaboration with other researchers. If you're building a security team or need a dedicated bug bounty hunter, reach out.
