Arbaz Hussain
Blog
Blog

Hi, there!


I'm Arbaz Hussain, located in INDIA 🇮🇳. I am currently employed as a Smart contract security triager at Immunefi, with a strong inclination towards Blockchain & Web security research.

My professional interests revolve around blockchain and web technologies, with a strong desire to conduct significant security research in these areas.

When I'm not working, I enjoy immersing myself in diverse cultures and embarking on new travel adventures. I'm also a passionate learner of human behaviors, self-awareness and religious philosophies, which allows me to broaden my perspective and understanding of the world.




Experience

  • Full Time Bug Bounty Hunter - March, 2016 - March, 2022.
  • Co-founded SecurityLit (Product Engineering) - June 2019 - October 2021
  • Web Application Security Triager @immunefi - April 2022 - Present
  • Smart Contract Security Triager @immunefi - November 2022 - Present

Skills

  • 🔒 Web Application Security Testing.
  • 📱 Mobile Application Security Testing for iOS and Android platforms.
  • ☁️ Cloud Security Architecture and Implementation, including AWS, Azure, and GCP.
  • 🛡️ Ethereum-based Blockchain Application Security Testing, encompassing Smart Contract and DApp auditing.
  • 🛠️ DevSecOps focusing on Web security.
  • 🌐 Developing Onchain Threat Monitoring Solutions on the Blockchain.
  • 🎥 Creating dynamic and engaging visual content using motion graphics with Adobe Premiere.
  • 💻 Scripting languages: Python, JavaScript, Bash.
  • 💻 Programming languages: Golang, Rust, Solidity.


Acknowledgements

  • Ranked among the top 100 hackers on the HackerOne platform of all time in 2020.
  • An active member of Synack Red Teaming performing Vulnerability Assessment and Penetration Testing (VAPT).
  • Individually reported 250+ valid vulnerability reports through the HackerOne platform alone, with an impact score of 20.
  • Overall reported more than 500+ vulnerability reports from all bug bounty platforms and external bug bounty programs.
  • Received acknowledgments from over 300 companies for reporting valid security vulnerabilities, including Microsoft, Facebook, Google, Verizon Media, AT&T, Unity, Paypal, and Mediafire, among others.

Speaker @Conferences

Bsides Ahmedabad 22, The Dark Side of DeFi
SLIDES    VIDEO

NULL-HYD 22, Introduction to Web3 & security pitfalls by Arbaz Hussain

ThreatCon 22, Tour of Common Web3 Vulnerabilities

Web3Conf Goa 23, Navigating EVM Chain Security: Smart contract vulnerabilities

Open Source Projects

Maintaining open-source projects in web3 security.

  • EVM Vulnerabilities PoC templates

    • Creating Proof of Concept (PoC) examples that are reusable and easily modifiable for various vulnerabilities based on the Ethereum Virtual Machine (EVM).

  • Immunefi CLI tool

    • Immunefi CLI tool, written in Rust, dedicated to automating and assisting the white-hat process of bug hunting

Work Projects

Contributed to the web3 community by producing the following content at Immunefi.

Personal Projects


CIMEX CONTINUOUS SECURITY RECON FRAMEWORK

The Cimex project is designed to provide automated security monitoring solutions and reconnaissance processes. To this end, I developed a framework that streamlines bug bounty manual work and employs scalable technologies such as AWS Lambda, Celery tasks, Redis queue, and the Django framework. As part of the documentation process, I have also created a brief video that provides an overview of the framework's key features and functionality.

Link to Video Mar 5, 2020
LINK DUMPER BURP PLUGIN

Plugin provides the ability to extract links from Burp Proxy JavaScript and CSS files utilizing multiple regex patterns. Key features include auto-matching and an auto URL builder that extracts endpoints from the files.

GitHub Repository Aug 27, 2019
BROKEN LINK HIJACKING BURP PLUGIN

Automated plugin provides a streamlined method of detecting broken links within Burp Proxy responses. It achieves this by performing DNS resolution to determine whether the target links are viable options for exploitation.

GitHub Repository Sep 13, 2019
HACK BOT - TELEGRAM

This was the first project I had worked on to run penetration testing/ bug bounty tasks using a telegram bot system.

GitHub Repository
Medium Post 1
Medium Post 2 Aug 29, 2017


Medium blogs

More articles



Twitter Timeline






Book Recommendations

Atomic Habits book cover

Atomic Habits

By James Clear

A guide to building good habits and breaking bad ones for personal and professional success.

The Alchemist book cover

The Alchemist

By Paulo Coelho

A story about following your dreams and finding your purpose in life.

The Forty Rules of Love book cover

The Forty Rules of Love

By Elif Shafak

A novel that interweaves the stories of a modern-day woman and the legendary poet Rumi.

Man's Search for Meaning book cover

Man's Search for Meaning

By Viktor E. Frankl

A memoir and reflection on the author's experiences in Nazi concentration camps and his theory of logotherapy.

Telepsychics book cover

Telepsychics

By Joseph Murphy

A guide to unlocking the hidden powers of your mind and achieving your goals.



Bucket List

  • 🤿 PADI Scuba diving course.
  • 🏕️ Camping at Chandrataal lake, Spiti valley.
  • 🛣️ Road trip across Northern Himalayas.
  • 🪂 Paramotoring around Annapurna ranges, Nepal.
  • 🌉 Bungee jumping.
  • 🎶 Attend Boris Brejcha Music event.
  • 🚴‍♀️ Complete a 150km cycling route on Al Qudra track, UAE.
  • 🏃‍♂️ Participate in a 50km+ Ultra Hell Race trail running competition.
  • 🏄‍♂️ Master the art of surfing in Bali.
  • ⛷️ Learn to Skii at Shymbulak Ski Resort, KZ.
  • 🏔️ Hike in Pahalgam town, Kashmir.
  • 🧗‍♀️ Certified rock climber.

Spotify List



2023 Year in Sports : Strava 🏃

  • 🕒 Total Time Running: 188 hours
  • 🛣️ Total Distance: 761 KM
  • ⛰️ Total Elevation: 12,992 Meters
  • 🗓️ Days Active: 143
Top Activity: