Hi, I’m Wahid

Security researcher and bug bounty hacker based in Australia. I look for vulnerabilities in web apps, APIs, and enterprise systems, then report them.

🏆 Top 3 AU · HackerOne 2025 Bug Bounty Hunter Offensive Security 🇦🇺 Australia

whoami

I’m an independent security researcher based in Australia, specializing in high-impact web application vulnerabilities and supply chain attack surfaces. My work focuses on identifying systemic weaknesses in enterprise environments before they can be exploited.

In 2025, I ranked Top 3 in Australia on the HackerOne national leaderboard. I actively contribute to responsible disclosure programs across global platforms: payment processors, SaaS providers, and large-scale cloud infrastructures.

My research emphasizes HTTP behavior analysis, middleware handling, dependency confusion, cache poisoning, and modern web attack chains. I approach security through deep protocol-level understanding rather than surface testing.

Web App Security Vulnerability Research Penetration Testing Bug Bounty Burp Suite HTTP Analysis Supply Chain Attacks Cache Poisoning CTF

hacking progress & disclosures

2026 - Milestone
Active – Ongoing Research & Disclosures
  • Actively researching and submitting disclosures across multiple programs
2025 - Milestone
⭐ Finished Top 3 in Australia – HackerOne National Leaderboard (2025)
⭐ Valid Google report – vulnerability affecting 100,000+ global domains
2025 - Disclosures
Responsible disclosures submitted to:
  • Social media platforms
  • Global payment processors
  • Enterprise SaaS providers
  • Search & recruitment portals
  • Additional programs under review
2024 - Disclosures
Responsible disclosures submitted to:
  • Finance platforms
  • eCommerce and payment service providers
  • Government technology infrastructure
  • Consumer electronics brands
  • Job listing services
Duplicate valid findings
  • Multiple tech and cloud service providers
  • Bug bounty platforms
  • Education and developer tools vendors
  • Government and public-sector web services
  • Global eCommerce companies

credentials

Certifications

TryHackMe

TryHackMe Badge
Education

Certificate IV - Information Technology (Web Design)

Experience
  • Security researcher: web app & enterprise vulnerabilities
  • Bug bounty hunter: responsible disclosure across multiple programs
  • CTF participant: active since November 2023

blog

Short write-ups and research notes. Click a post to read it.

open full blog

contact

Have a collaboration opportunity, disclosure inquiry, or just want to connect? Reach out on any of these platforms.

LinkedIn X (Twitter) HackerOne