Skip to content
View ZishanAdThandar's full-sized avatar
πŸ›‘οΈ
Working on client security assessments
πŸ›‘οΈ
Working on client security assessments
226 followers · 98 following

Achievements

Achievement: Starstruckx3Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: Galaxy BrainAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Achievements

Achievement: Starstruckx3Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: Galaxy BrainAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Block or report ZishanAdThandar

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ZishanAdThandar/README.md

Zishan Ahamed Thandar

⚑ Cyberpunk Skill Badges

🧩 About Me

I am a Cybersecurity Consultant and Offensive Security Specialist with 7+ years of real-world experience helping organizations identify and remediate high-impact security vulnerabilities using real attacker techniques before they are abused in the wild.

My approach is attacker-driven and manual-first, focused on finding what automated scanners miss and translating technical risk into clear, actionable remediation for engineering teams.

Highlights

  • 150+ valid real-world vulnerability disclosures
  • Web & API penetration testing for modern applications
  • Active Directory attacks, internal recon & privilege escalation
  • Top 5% TryHackMe, ex-Top 10 Hack The Box
  • Built open-source security tools trusted by 500+ professionals

πŸ›  How I Help Organizations

  • Web & API Penetration Testing (manual, attacker-driven)
  • Active Directory & Internal Network Assessments
  • Pre-launch & Pre-production Security Reviews
  • Bug Bounty Program Validation & Support
  • Clear, developer-friendly remediation guidance

🧬 Core Expertise

Offensive Security

Web Pentesting β€’ API Security β€’ Active Directory Attacks
Privilege Escalation β€’ Business Logic Flaws
Authentication & Access Control Exploitation

Primary Toolset

Burp Suite β€’ Nmap β€’ Metasploit β€’ Nessus β€’ BloodHound
CrackMapExec β€’ Impacket β€’ Hydra β€’ John β€’ Nuclei

Operating Systems

Kali Linux β€’ Arch Linux β€’ Debian β€’ Ubuntu β€’ Windows

Programming

Python β€’ Bash β€’ PHP β€’ JavaScript β€’ MySQL β€’ HTML/CSS

πŸ† Responsible Disclosure & Trust Signals

Recognized by organizations including:

Google β€’ Oracle β€’ AOL β€’ Mail.ru β€’ Xiaomi β€’ Zoho β€’ NCIIPC β€’ Shaadi.com
GeeksForGeeks β€’ EC-Council β€’ PostNL β€’ EUR.nl β€’ and many more

πŸŽ– Certifications

  • CRTA – CyberWarFare Labs
  • C3SA – CyberWarFare Labs
  • Programming Certifications – Python, Java, PHP, HTML, CSS, Git

πŸ“š Practical Security Playbooks & eBooks

Professional resources built from real-world testing experience.

πŸ“˜ Bug Bounty Web Security Checklist

Structured methodology covering real attack paths
➑️ https://zishanhack.com/products/web-security-checklist

πŸ“‘ OSWP Notes eBook

Wireless security & Wi-Fi exploitation notes
➑️ https://zishanhack.com/products/oswp-notes

πŸ›‘ CRTA Red Team Notes

Windows & Active Directory internal testing notes
➑️ https://zishanhack.com/products/crta

☣️ OSCP Obsidian Notes

Organized OSCP-focused red team knowledge base
➑️ https://zishanhack.com/products/oscp-bundle

πŸš€ High-Impact Security Tools

πŸ”Ή Hacker Proxy Pro

Instant Burp Suite / TOR proxy switching (Firefox)
➑️ https://github.com/ZishanAdThandar/HackerProxyPro

πŸ”Ή Hackify

One-command pentesting environment setup
➑️ https://github.com/ZishanAdThandar/hackify

πŸ”Ή Pentester Guide

Complete offensive security roadmap
➑️ https://github.com/ZishanAdThandar/pentest

πŸ”Ή WebsiteDorkerPro

Automated OSINT & reconnaissance tool
➑️ https://github.com/ZishanAdThandar/WebsiteDorkerPro

🌐 Work With Me

Available for limited-scope security engagements.

Built for real-world security Β· Focused on impact Β· Designed for trust

⭐ Star & Follow to support ongoing tools, research, and releases

Popular repositories Loading

  1. pentest pentest Public

    Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

    PHP 596 88

  2. hackify hackify Public

    A single script to install important Pentesting Tools and wordlists on Debian based Linux OS.

    Shell 51 6

  3. HackerProxyPro HackerProxyPro Public

    Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.

    JavaScript 34 7

  4. blog blog Public

    CTF and Bug Bounty Hunting WriteUps.

    CSS 21 4

  5. WebsiteDorkerPro WebsiteDorkerPro Public

    Python 7 1

  6. hacknotes hacknotes Public

    Private Notes of Zishan Ahamed Thandar for reference

    TeX 4 2