Mohammad Omor Faruk

Software engineer with 6+ years in backend systems and 3+ years in cybersecurity research. I build production infrastructure and find what breaks. Based in Bogura, Bangladesh.

mdomorffaruk@gmail.com +880175014994 github/mdomorffaruk linkedin/in/mdomorffaruk fiverr/mdofrbn7 medium/@mdomorffaruk
About

Delivery + Security Depth

I started as a full-stack developer building production banking systems. Over time I moved deeper into cybersecurity - recon automation, vulnerability research, and application security. That mix means I understand both how software is built and how it breaks.

Education
  • B.Sc. CSE, University of Rajshahi (2018-2022)
  • OSCP Coursework (PWK 3.2)
  • Blue Team Junior Analyst (BJT)
  • Google Foundations of Cybersecurity
  • PortSwigger & TryHackMe labs
Awards
  • Digital Bangladesh Award 2022 (Prime Minister's Office)
  • Robotech Olympiad 2023 - Embedded Systems
Timeline
2023 - Present
Cybersecurity Researcher
ByteTech, Bangladesh
  • Web app recon, attack-surface mapping, manual testing
  • Automation pipelines for asset discovery and vuln triage
  • Malware analysis and reverse engineering
  • 30+ bug bounty reports across H1, Bugcrowd, Intigriti
2020 - 2023
Full-Stack Developer
ByteTech, Bangladesh
  • Production web apps (React, Node.js, PHP, REST APIs)
  • Southeast Bank Alarm Management System - end to end
  • ElectronJS desktop tooling, monitoring dashboards
2019 - 2020
Freelance Developer
Fiverr / Upwork
  • Java 2D games and web projects for international clients
  • $700+ earned across platforms
Skills

Stack & tooling

Languages
JavaScriptPHPPythonKotlinC/C++BashJava
Backend
Node.jsExpressLaravelDjangoREST APIs
Frontend
ReactTypeScriptHTML/CSSElectronJS
Databases
MySQLPostgreSQLMongoDBSQLite
Web Security
OWASP Top 10XSSSQLiSSRFIDORRCESSTIXXECSRFRace ConditionsBusiness LogicPrototype Pollution
API & Auth
REST API TestingGraphQLJWT AttacksOAuth/OIDCMFA BypassAuth BypassMass AssignmentCORS Misconfig
Advanced Attacks
HTTP Request SmugglingHost Header InjectionCache PoisoningWebSocket HijackSubdomain TakeoverCloud Metadata SSRFFile Upload BypassOpen Redirect
Infra & Cloud
AWS PentestS3 MisconfigCloud ReconWAF BypassDNS EnumPort ScanningContainer SecurityLinux Priv Esc
Recon & Automation
SubfinderAmassChaos APIHttpxKatanaGauWaybackFeroxbusterNucleiFFuFGrepCustom Pipelines
Tools
Burp Suite ProNmapMetasploitGhidraWiresharkPython ScriptingBashDockerPlaywrightGit
Reverse & Malware
Malware AnalysisReverse EngineeringBuffer OverflowExploit DevKernel ExploitPatchGuardDLL Injection
Android

Play Store apps

Kotlin apps built from scratch. Some published, more in development.

H
Hifz Tracker
com.mdomorffaruk.hifztracker
Published
Z
Zakat Calculator
com.mdomorffaruk.zakatcalculator
Published
T
Simple To-Do
com.mdomorffaruk.todoapp
Published
M
Mosque Toolkit
com.mdomorffaruk.mosquetoolkit
In Dev
B
Budget Tracker
com.mdomorffaruk.budgettracker
In Dev
H
Habit Tracker
com.mdomorffaruk.habittracker
In Dev
L
Ledger Book
com.mdomorffaruk.ledgerbook
In Dev
F
Freelancer CRM
com.mdomorffaruk.freelancercrm
In Dev
R
Renewal Tracker
com.mdomorffaruk.renewaltracker
In Dev
S
Study Planner
com.mdomorffaruk.studyplanner
In Dev
Projects

Full project list

Production systems, security tools, and award-winning engineering.

Banking Platform

Southeast Bank Alarm Management

24/7 real-time monitoring for banking security infrastructure. Kotlin Android client + PHP REST API backend. Reduced manual monitoring workload by 70%.

PHPKotlinMySQLBanking
Security Scanner

VulnXposer

Web-based vulnerability assessment platform integrating OWASP ZAP, DNS analysis, port scanning, and structured HTML/PDF reporting.

GitHub →
ReactNode.jsOWASP ZAPNmap
Award-Winning IoT

Smart Helmet

AI-powered accident alert and rider safety system with GPS/GSM and OpenCV vehicle recognition. Digital Bangladesh Award 2022 by the Prime Minister.

PythonOpenCVIoTGPS/GSM
Recon Pipeline

Recon Automation Toolkit

Bash/Python automation for subdomain enumeration, archive URL collection, HTTP probing, and Nuclei-based vulnerability triage.

GitHub →
BashPythonSubfinderNuclei
Bug Bounty Methodology

Research Notes & Workflows

Curated methodology for recon, API testing, and structured testing strategy for bug bounty hunting.

GitHub →
MethodologyAPI Testing
Automation

HackerOne Workflow Scripts

Python automation for HackerOne bug bounty workflows, target scope management, and reporting.

GitHub →
PythonAutomation
Writeups

Research & articles

Published on Medium. Malware analysis, kernel internals, web security, and red team methodology.

Exploring Vulnerabilities in Modern Web Applications

Overview of common web weaknesses and practical security considerations.

Read →

Kernel Mode DLL Injection Techniques

Low-level injection concepts, OS internals, and kernel-space execution.

Read →

Advanced Persistent Threats and Kernel-Level Exploits

Attacker tradecraft, APT methodology, and kernel exploitation techniques.

Read →

Bypassing Windows Kernel PatchGuard

Deep dive into PatchGuard bypass for exploit development workflows.

Read →

Red Team Strategies and Methodologies

Offensive security approaches covering planning, execution, and reporting.

Read →

Advanced Malware Injection Techniques

Analysis of sophisticated injection patterns and defensive countermeasures.

Read →
Contact

Open to work

Freelance engineering, security consulting, and remote collaboration. Bangladesh-based, global hours.

Email
mdomorffaruk@gmail.com
Reply within hours
Fiverr
mdofrbn7
Send an order
LinkedIn
in/mdomorffaruk
Connect