Cyrex — Security Researcher & Bug Bounty Portfolio

> Hi, I am Md Maruf Hosan aka 0xmaruf — I break systems to make them safer.

Security researcher, bug bounty hunter and sometimes CTF player. I write about web security, automation and recon.

> I research web apps._

About

I research web applications, find bugs in the wild and write detailed writeups so others can learn. My focus is on practical exploitation, automation for recon and responsible disclosure. I enjoy playing CTFs and building tools that save time during recon.

Platforms i Hunt on

HackerOne -Mostly i hunt on > 0xmaruf
Bugcrowd > 0xmaruf
yeswehack > 0xmaruf

Quick Stats

CTFs

70+

Bounties

30+

Top Tools: Intelligence • Burp • Remote Server

Writeups

Firing 8 Account Takeover Methods

Short summary: I have covered 8 different account takeover methods

Grep tips for JavaScript Analysis

Short summary: grep tips for bug bounty hunters.

Dont you have burp suite pro?

Short summary: tips for burp suite community edition users.

Hacking on private program , that uses salseforce crm

Short summary: private program uses salesforce crm found vulnerability here.

Found Vulnerability on Fiverr

Short summary: simple restriction bypass on fiverr.

comming.......

Short summary:

events

Hackerone Bug Hunt 2025 — Finalist

Mar 12, 2025

Local CTF Night — Organizer

Sep 21, 2024

WebSec Meetup — Panelist

Jul 6, 2024

Want me to speak or run a workshop? Use the contact form below.

Swags|Events|Stickers

Swag 1

Swag 2

Swag 3

Swag 4

Swag 5

Contact

Want to collaborate, book a talk, or report something? Fill the form and I'll get back to you.