Waseem Akram

Muhammad Waseem Akram

hello@hackerwasii.com

Profile

  • Information security enthusiast with industry level certifications and a strong interest in penetration testing and offensive security.
  • Strong background in security tools, emerging technologies, processes and best practices.
  • Reported Security Vulnerabilities in Microsoft, Facebook, Apple, Dell etc.

Technical Expertise

  • Networking: Storage Networks, Network Security, Server Networks, IP Protocols, LAN/WAN Switching, Troubleshooting.
  • Security Assessment: SAST, DAST, VAPT, Open-Source Analysis, OWASP top 10, Mitre ATT&CK Framework, SANS top 25.
  • Operating Systems: Ubuntu, CentOS, Kali Linux, MacOS, Windows Servers.
  • Cloud/DevOps technologies: Docker, CI/CD, Azure, Web Server, AWS Cloud, Python, Bash.
  • Security & Testing tools: Snyk, BloodHound, Veracode, Burp Suite, Tenable.io, Nmap, gobuster, ExtraHop, Metasploit, OWASP ZAP, Netsparker, Postman, Wireshark etc.

Certifications & Trainings

Experience

Network/Systems Administrator - CoventBridge Group, Remote

July 2022 - July 2023

Application Security Analyst - Gore Mutual Insurance, Remote

Aug 2021 - May 2022

  • Conducting source code reviews using Veracode and Snyk, triaging and reporting vulnerabilities, guiding developers with vulnerability remediation.
  • Performing automated and manual vulnerability assessments and penetration tests on web applications, networks and infrastructure.
  • Conducting focused research on newly identified threats and vulnerabilities.
  • Providing recommendations on system patching, hardening of web application and servers to mitigate potential risks.

Application Security Tester - Saluber MD LLC., Remote

Aug 2020 - July 2021

  • Experience with managing an enterprise level SIEM platform.
  • Strong understanding of variety of IT systems, applications and configurations.
  • Prioritizing and classifying bugs according to severity.
  • Familiarity with basic reverse engineering principles.

Education

Virtual University of Pakistan

Bachelor of Business & Information Technology (BBIT) - 2023

Aspire Group of Colleges (Okara Campus)

Intermediate of Computer Science - 2020 - 2022

Reported bug in Pakistan Government Website

Bugcrowd - Hall of Fame - Reported bugs in Companies like Microsoft, Facebook, Apple etc.

Projects

Instahack (Security Research on Brute Force Attacks)

Python, Bash | GPL-3.0 License

  • Designed and researched a script to simulate brute force attacks to understand how login systems handle security challenges.
  • Focused on developing preventive measures, such as rate limiting, CAPTCHA, and account lockout features to defend against brute force attempts.
  • Ensured the project was conducted in a controlled, ethical environment.