Hisham Osman

Offensive Security Specialist | Bug Bounty Hunter

🏆 #1 HackerOne Sudan (2025)
eJPTv2 | eCPPTv2 | CAP Certified

Offensive Security Specialist with 4+ years of experience in penetration testing and ethical hacking. Discovered critical vulnerabilities in 30+ major organizations including NASA, US DoD, Twitter/X, General Motors, and more.

About Me

Husham Osman

Hisham Osman (Mr_k0anti)

Passionate cybersecurity professional with over 4 years of experience in penetration testing, ethical hacking, and offensive security. I have a proven track record of discovering critical vulnerabilities in high-profile organizations such as NASA, General Motors, Twitter/X, and the U.S. Department of Defense.

In 2025, I achieved #1 ranking on HackerOne in Sudan, with over 200 valid reports across 40+ international programs. I specialize in web application security, mobile application testing (Android & iOS), API testing, and cloud infrastructure assessments.

🎓 Electronics Engineering Graduate 🏆 CTF Champion 🔐 Ethical Hacker 🌍 Based in Dubai, UAE

Impact & Recognition

200+
Valid Bug Reports
40+
International Programs
30+
Companies Secured
4+
Years Experience

Organizations Secured

Discovered vulnerabilities in 30+ major organizations worldwide

🚀
NASA
🛡️
US DoD
Twitter/X
🚗
General Motors
📱
AT&T
🌊
OpenSea
🦎
GEICO
🏀
NBA
📡
MTN
🎮
Roblox
Nintendo
PlayStation
📞
8x8
📰
Thomson Reuters
☁️
Cloud Infusion
💰
Robinhood
🏠
Anywhere Real Estate
🧬
23andMe
💳
Inter
Netlify
📊
Dynatrace
📚
Preply
🔐
Alpha Group

Professional Experience

Penetration Tester, Freelancer
Confidential (Remote)
Sep 2024 - Mar 2025
  • Conducted 3-6 penetration testing projects monthly across various industries
  • Performed manual and automated security testing (XSS, SQLi, CSRF, SSRF, IDOR)
  • Delivered detailed security reports with PoCs and remediation recommendations
Security Researcher
HackerOne (Freelance)
May 2021 - Present
  • Identified and reported 200+ security vulnerabilities to high-profile clients
  • Achieved #1 ranking on HackerOne in Sudan (2025)
  • Mastered OWASP Top 10 for web, API, and mobile security
  • Used tools: Burp Suite Pro, SQLMap, ffuf, nuclei, and custom scripts
QA Tester
MRM, Dubai
May 2024 - Aug 2024
  • Developed 1000+ test plans including performance and security test plans
  • Reviewed 300+ user interfaces for functionality and design adherence
  • Used Salesforce, Azure DevOps, Jira, and SharePoint for test management
VAPT Specialist
Resecurity (Remote)
Dec 2022 - Nov 2023
  • Completed rigorous eJPT and eCPPT certification training
  • Performed systematic penetration tests on various systems and applications
  • Enhanced team collaboration through effective client coordination

Core Skills

Penetration Testing

  • Web Application Testing
  • Mobile App Security (Android/iOS)
  • API Testing
  • Network Security
  • Cloud Security (Azure, AWS, GCP)

Tools & Technologies

  • Burp Suite Pro
  • Metasploit
  • Nmap, Nessus, Acunetix
  • SQLMap, ffuf, nuclei
  • Kali Linux

Programming

  • Python
  • JavaScript
  • Bash/PowerShell
  • PHP
  • HTML/CSS

Methodologies

  • OWASP Top 10
  • Bug Bounty Hunting
  • OSINT
  • Reverse Engineering
  • Secure Code Review

Certifications

eCPPTv2
eLearnSecurity (INE)

Certified Professional Penetration Tester

eJPTv2
eLearnSecurity (INE)

Junior Penetration Tester

CAP
SecOps Group

Certified AppSec Practitioner

ISC2 CC
ISC2

Certified in Cybersecurity

OSCP
Offensive Security

In Progress

Projects & Tools

K0jsfuzzer

Advanced JavaScript analysis tool with web scraping capabilities for security testing.

View Project →
Shodan Dorker

Automated tool for discovering vulnerable network devices using Shodan search queries.

Explore Tool →
GitHub Dorker

Security tool designed to identify sensitive data leaks and exposed credentials on GitHub.

Explore Tool →
Pentesting Methodology

Comprehensive penetration testing checklist and methodology guide for security assessments.

View Methodology →

Achievements & Recognition

🏆 CTF Competitions
  • 1st Place - Sudan CyberTalent CTF (2021)
  • 2nd Place - GISEC CTF "FoureCore" (2023)
  • 65th Rank - BlackHat MEA CTF (2023)
🎯 Bug Bounty Rankings
  • #1 HackerOne Sudan (2025)
  • #3 HackerOne UAE (Feb 2024)
  • #2 Most Valuable Hacker - Alpha Group
📚 Education
  • Bachelor's in Electronics Engineering
  • Sudan University of Science & Technology
  • GPA: 3.41/4.00 - First of Class (2023)

Get In Touch

I'm always open to discussing new projects, security research collaborations, or opportunities in cybersecurity.

📧
📱 +971-5xxxxxx
📍 Dubai, UAE
LinkedIn
HackerOne
GitHub