Skip to content
View asifnawazminhas's full-sized avatar
๐Ÿ’ญ
Offensive Security Engineer | Red Teaming, AI & CVEs | Responsible Disclosure
๐Ÿ’ญ
Offensive Security Engineer | Red Teaming, AI & CVEs | Responsible Disclosure
2 followers · 1 following

Achievements

Achievement: Pull Sharkx2

Achievements

Achievement: Pull Sharkx2

Block or report asifnawazminhas

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
asifnawazminhas/README.md

Hey! ๐Ÿ‘‹ My name is Asif. I am a passionate penetration tester exploring red-team techniques, learning offensive methods, pivoting and post-exploit workflows.

In my free time I contribute to the community, report vulnerabilities through responsible disclosure, and publish CVEs for confirmed issues. Iโ€™m also experimenting with how AI can be applied in the offensive security niche, exploring ways to combine AI with red-teaming and vulnerability research.

Typing SVG

Profile views Ethical hacker Hacker Penetration Tester Red Teamer Security Researcher Linux Kali Linux Linux Ubuntu Burp Suite Web Security AI Cybersecurity Python Scripting Bash Scripting Metasploit Framework Git Version Control OWASP Community Terminal CLI
Mission: Securing the Internet
GitHub Stats GitHub Streak Top Languages

Asif's github activity graph

Projects & Contributions:

CVEs
CVE Short Description References
WordPress security researcher CVEs overview An overview of the vulnerabilities Iโ€™ve reported and published through Wordfence Threat Intelligence, including CVE IDs, descriptions, and affected software. Wordfence Researcher Page
CVE-2024-34955 Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. NVD Entry
CVE-2024-34954 Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. NVD Entry
CVE-2025-54384 Stored XSS vector in Markdown description fields. NVD Entry
GitHub Advisory

Guides, etc
Project Short Description Stars Forks
OWASP GenAI Red Teaming Guide A community-driven guide by OWASP on red teaming for generative AI systems, outlining risks, testing approaches, and mitigation strategies. N/A N/A

About me

Iโ€™m an Offensive Security Engineer / Penetration Tester with a background from Royal Holloway, University of London. Born in the Netherlands ๐Ÿ‡ณ๐Ÿ‡ฑ and native in Dutch, I spend the majority of my time learning and practising hands-on offensive techniques, ethical hacking, responsible disclosure and publishing technical writeups on my blog.

My work focuses on practical penetration testing, red-team skills: post-exploit pivoting, Active Directory escalation, AV/EDR evasion and real-world engagements.

I balance professional consulting with continuous learning (CTFs, HTB labs, and research) and producing readable, writeups for the community.

Quick facts

  • Education: MSc Information Security (Royal Holloway, University of London); Bachelor in ICT: Information & Communication Technology (Windesheim University of Applied Sciences)
  • Location / Languages: Netherlands: born and raised; native Dutch ๐Ÿ‡ณ๐Ÿ‡ฑ, fluent English ๐Ÿ‡ฌ๐Ÿ‡ง; conversational in Urdu/Hindi ๐Ÿ‡ต๐Ÿ‡ฐ ๐Ÿ‡ฎ๐Ÿ‡ณ and some Arabic ๐Ÿ‡ธ๐Ÿ‡ฆ
  • Specialties: Web hacking, red teaming, pivoting, AV/EDR evasion, escalation paths, exploit development, responsible disclosure
  • Interests: Purple teaming, adversary emulation, automated recon pipelines, threat-informed defense

You can reach me here ๐Ÿ‘‡

trophy Trophies

OSCP CRTO CISSP OSWA CISM CEH
OSCP CRTO CISSP OSWA CISM CEH

Feel free to give your suggestions

Popular repositories Loading

  1. asifnawazminhas.github.io asifnawazminhas.github.io Public

    Sharing my journey in cybersecurity, red teaming, and AI

    HTML 1

  2. eicar-68kb-tester eicar-68kb-tester Public

    EICAR Test File Generator โ€“ A script to generate 68 KB EICAR test files in multiple formats (.txt, .pdf, .xls, .xlsx, .zip). Useful for antivirus testing, security research, and network monitoringโ€ฆ

    Python 1

  3. trufflehog trufflehog Public

    Forked from trufflesecurity/trufflehog

    Find, verify, and analyze leaked credentials

    Go 1

  4. nuclei-templates nuclei-templates Public

    Forked from projectdiscovery/nuclei-templates

    Community curated list of templates for the nuclei engine to find security vulnerabilities.

    JavaScript 1

  5. impacket impacket Public

    Forked from fortra/impacket

    Impacket is a collection of Python classes for working with network protocols.

    Python 1

  6. BloodHound BloodHound Public

    Forked from SpecterOps/BloodHound

    Six Degrees of Domain Admin

    Go 1