Arbaz Hussain

Welcome!

I’m Arbaz Hussain from India 🇮🇳 — a Smart Contract Security Triager at Immunefi. My passion for blockchain and web security powers my quest to keep the decentralized world safe. My work revolves around deep-dive security research to detect vulnerabilities before they become a threat.

When I’m not diving into code, you’ll find me exploring new cultures, chasing travel adventures, or getting lost in deep thoughts about philosophy, self-awareness, and human behaviors.

From trekking in the Himalayas to reflecting on life’s big questions, I believe every experience adds a new layer to how we see the worldand ourselves.

Experience

Full-Time Bug Bounty Hunter (Mar 2016 - Mar 2022)
Co-founded SecurityLit (Product Engineering) (June 2019 - Oct 2021)
Web Application Security Triager at Immunefi (Apr 2022 - Present)
Smart Contract Security Triager at Immunefi (Nov 2022 - Present)

Skills

🛡️ Ethereum-based Blockchain Security (Smart Contracts & DApp Auditing)
🔒 Web Application Security Testing
📱 Mobile Application Security (iOS & Android)
☁️ Cloud Security (AWS, Azure, GCP)
🛠️ DevSecOps & Web Security
🌐 Onchain Threat Monitoring Solutions
🎥 Motion Graphics & Video Editing (Adobe Premiere)
💻 Scripting Languages: Python, JavaScript, Bash
💻 Programming Languages: Golang, Rust, Solidity

Acknowledgements

Top 100 hackers on HackerOne (2020)
Synack Red Team Member for VAPT
250+ valid vulnerability reports via HackerOne (impact score of 20)
500+ overall valid reports across multiple platforms
Acknowledged by 300+ companies, including Microsoft, Google, PayPal, etc.

Speaker @ Conferences

BSides Ahmedabad 24: Web3 Bug Bounties: Why & How to Get Started
Slides Video

DeFi Security Summit 24: The Bug Hunter’s Guide to High-Quality Reporting
Slides Video

BSides Ahmedabad 22: The Dark Side of DeFi
Slides Video

NULL-HYD 22: Introduction to Web3 & Security Pitfalls

ThreatCon 22: Tour of Common Web3 Vulnerabilities

Web3Conf Goa 23: Navigating EVM Chain Security: Smart Contract Vulnerabilities
Video

Open Source Projects

Maintaining open-source projects in Web3 security.

EVM Vulnerabilities PoC Templates
Creating reusable, easily modifiable PoC examples for various EVM-based vulnerabilities.
Immunefi CLI Tool
A Rust-based CLI tool that automates white-hat bug hunting processes.

Work Projects

Contributions to the Web3 community at Immunefi.

Personal Projects

CIMEX CONTINUOUS SECURITY RECON FRAMEWORK

Cimex automates security monitoring and reconnaissance, streamlining bug bounty workflows. Utilizes AWS Lambda, Celery tasks, Redis queues, and Django for efficient scaling.

Video Overview
Mar 5, 2020

LINK DUMPER BURP PLUGIN

Extracts links from JS/CSS files intercepted by Burp Proxy using multiple regex patterns. Features auto-link building to accelerate deeper analysis.

GitHub Repository
Aug 27, 2019

BROKEN LINK HIJACKING BURP PLUGIN

Automates detection of broken links from Burp Proxy responses. Performs DNS resolution to identify potential hijackable domains.

GitHub Repository
Sep 13, 2019

HACK BOT - TELEGRAM

My first initiative to run penetration testing and bug bounty tasks seamlessly via a Telegram bot system.

GitHub Repository
Medium Post 1
Medium Post 2
Aug 29, 2017

Twitter Timeline

We are releasing weekly community challenges for beginners to learn about the common security pitfalls... https://t.co/u2Fpi91G1H @immunefi
— Arbaz Hussain (@ArbazKiraak) March 2, 2022

Brilliant piece of postmortem written by @sherlockdefi on a complex cross-protocol reentrancy... https://t.co/8SooOJycNl
— Arbaz Hussain (@ArbazKiraak) August 17, 2022