Mohamed Hosny

Cybersecurity Student | Bug Hunter

Cybersecurity enthusiast specializing in Web Application Security and Bug Bounty hunting, with practical experience discovering vulnerabilities on real-world targets.

View Projects Writeups Contact

$ cat about.txt

I am a cybersecurity student and bug bounty hunter from Egypt with hands-on experience in vulnerability assessment and manual penetration testing. I focus on discovering access control vulnerabilities such as IDOR and logic flaws.

I actively participate in bug bounty programs and continuously improve my web security skills through real-world testing. My goal is to secure the digital landscape one system at a time while expanding my knowledge of offensive security.

Bug Bounty

Active Hunter

Web Sec

Specialization

$ ./skills.sh

Security Skills

Web Application Penetration Testing
Network Penetration Testing
Bug Bounty Hunting
Vulnerability Assessment

Tools & Technologies

Burp Suite

Nmap

Subfinder

Amass

Linux

$ history | grep experience

Experience

Bug Hunter

HackerOne 2026 - Present

Perform manual penetration testing on web applications participating in vulnerability disclosure programs.
Focus on logic bugs and IDOR vulnerabilities.
Write professional vulnerability reports and communicate with triage teams.

Education & Certs

Computer Science

Tanta University, Egypt Expected Graduation: 2027

eJPTv2

Achieved

eWPT / eWPTX

Achieved

OSWA

Achieved

OSCP

In Progress

$ ls -la ./projects

Recon Automation Script

A sophisticated tool that automates subdomain discovery, port scanning, and general reconnaissance using aggregated sources.

Bash Python Automation

IDOR Vulnerability Lab

A carefully constructed environment for step-by-step analysis and exploitation of complex Insecure Direct Object Reference vulnerabilities.

Web Sec Docker PHP/MySQL

Web Security Testing Notes

A comprehensive collection of personal notes, payloads, and methodologies curated during active bug hunting engagements.

Documentation Methodology

$ tail -f /var/log/writeups

Oct 15, 2026 Bug Bounty

Account Takeover chaining IDOR and Logic Flaw

Detailed breakdown of how an Insecure Direct Object Reference (IDOR) on a password reset endpoint led to a full account takeover on a private program.

Read Writeup

Sep 22, 2026 PortSwigger Labs

Bypassing Advanced Access Controls

Walkthrough of complex access control bypass techniques inspired by PortSwigger Academy challenges and real-world scenarios.

Read Writeup

Aug 05, 2026 HTB / TryHackMe

Box Walkthrough: Mastering Web Exploitation

A comprehensive guide on exploiting misconfigured web applications, from initial foothold to privilege escalation in a synthetic environment.

Read Writeup

View All Writeups

$ nc -lvnp 4444

Waiting for incoming connections...

Email

m7mdhosny21@gmail.com

Phone

+20 1003269903

Location

Tanta, Egypt