Skip to content
View asifnawazminhas's full-sized avatar
💭
Offensive Security Engineer | Red Teaming, AI & CVEs | Responsible Disclosure
💭
Offensive Security Engineer | Red Teaming, AI & CVEs | Responsible Disclosure

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Block or report asifnawazminhas

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
asifnawazminhas/README.md

Hey! 👋 My name is Asif. I am a passionate penetration tester exploring red-team techniques, learning offensive methods, pivoting and post-exploit workflows.

In my free time I contribute to the community, report vulnerabilities through responsible disclosure, and publish CVEs for confirmed issues. I’m also experimenting with how AI can be applied in the offensive security niche, exploring ways to combine AI with red-teaming and vulnerability research.

Typing SVG

Profile views Ethical hacker Hacker Penetration Tester Red Teamer Security Researcher Linux Kali Linux Linux Ubuntu Burp Suite Web Security AI Cybersecurity Python Scripting Bash Scripting Metasploit Framework Git Version Control OWASP Community Terminal CLI
Mission: Securing the Internet
GitHub Stats GitHub Streak Top Languages

Asif's github activity graph

Projects & Contributions:

CVEs
CVE Short Description References
WordPress security researcher CVEs overview An overview of the vulnerabilities I’ve reported and published through Wordfence Threat Intelligence, including CVE IDs, descriptions, and affected software. Wordfence Researcher Page
CVE-2024-34955 Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. NVD Entry
CVE-2024-34954 Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. NVD Entry
CVE-2025-54384 Stored XSS vector in Markdown description fields. NVD Entry
GitHub Advisory

Guides, etc
Project Short Description Stars Forks
OWASP GenAI Red Teaming Guide A community-driven guide by OWASP on red teaming for generative AI systems, outlining risks, testing approaches, and mitigation strategies. N/A N/A

About me

I’m an Offensive Security Engineer / Penetration Tester with a background from Royal Holloway, University of London. Born in the Netherlands 🇳🇱 and native in Dutch, I spend the majority of my time learning and practising hands-on offensive techniques, ethical hacking, responsible disclosure and publishing technical writeups on my blog.

My work focuses on practical penetration testing, red-team skills: post-exploit pivoting, Active Directory escalation, AV/EDR evasion and real-world engagements.

I balance professional consulting with continuous learning (CTFs, HTB labs, and research) and producing readable, writeups for the community.

Quick facts

  • Education: MSc Information Security (Royal Holloway, University of London); Bachelor in ICT: Information & Communication Technology (Windesheim University of Applied Sciences)
  • Location / Languages: Netherlands: born and raised; native Dutch 🇳🇱, fluent English 🇬🇧; conversational in Urdu/Hindi 🇵🇰 🇮🇳 and some Arabic 🇸🇦
  • Specialties: Web hacking, red teaming, pivoting, AV/EDR evasion, escalation paths, exploit development, responsible disclosure
  • Interests: Purple teaming, adversary emulation, automated recon pipelines, threat-informed defense

You can reach me here 👇

trophy Trophies

OSCP CRTO CISSP OSWA CISM CEH
OSCP CRTO CISSP OSWA CISM CEH

Feel free to give your suggestions

Popular repositories Loading

  1. asifnawazminhas.github.io asifnawazminhas.github.io Public

    Sharing my journey in cybersecurity, red teaming, and AI

    Shell 1

  2. eicar-68kb-tester eicar-68kb-tester Public

    EICAR Test File Generator – A script to generate 68 KB EICAR test files in multiple formats (.txt, .pdf, .xls, .xlsx, .zip). Useful for antivirus testing, security research, and network monitoring…

    Python 1

  3. CVSS3.1Calculator CVSS3.1Calculator Public

    CVSS Calculator v3.1 - a burp suite extension for calculating v3.1 scores of vulnerabilities.

    Python 1

  4. python-docs-hello-world python-docs-hello-world Public

    Forked from Azure-Samples/python-docs-hello-world

    A simple python application for docs

    Python

  5. asifnawazminhas asifnawazminhas Public

  6. xss-payloads xss-payloads Public

    Remote XSS Payloads: External script injection payloads that demonstrate how attackers load malicious JavaScript from remote CDNs and servers.

    JavaScript