Available for Bug Bounty & Security Research

Hi, I am Md Maruf Hosan

aka 0xmaruf

I break systems to make them safer. Security researcher, bug bounty hunter and sometimes CTF player.

Read Writeups Get in Touch
Md Maruf Hosan - 0xmaruf
Web Application Pentester
50+
Valid Reports
15+
Hall of Fame
3
Critical Findings
100%
Responsible Disclosure

About Me

I'm a passionate security researcher specializing in web application security. My journey in cybersecurity started with CTF competitions and evolved into professional bug bounty hunting.

I enjoy playing CTFs and building tools that save time during recon. My approach combines manual testing expertise with automation to find vulnerabilities that others might miss.

When I'm not hunting bugs, I write detailed writeups to help the community learn from my findings. I believe in responsible disclosure and making the internet a safer place, one vulnerability at a time.

Skills

Web Security API Security Pentesting Automation OSINT Code Analysis Android Pentesting

Tools

Burp Suite Nuclei ffuf Subfinder httpx Katana Remote Server nmap Custom Tools

Programming

JavaScript

Expertise Highlights

Web Application Security
OWASP Top 10 & Beyond
API Testing
REST, GraphQL, WebSocket
Recon Automation
Custom Scripts & Tools
Mobile Security
Android Penetration Testing

Platforms I Hunt On

Active on major bug bounty platforms, consistently finding and responsibly disclosing vulnerabilities.

HackerOne

Mostly I hunt here. Active hunter with multiple valid submissions.

@0xmaruf

Bugcrowd

Participating in various programs and submitting quality reports.

@0xmaruf

YesWeHack

European platform engagement with diverse program targets.

@0xmaruf

Security Writeups

Detailed technical writeups to help the community learn.

Account Takeover Jan 2025

Firing 8 Account Takeover Methods

Comprehensive guide covering 8 different account takeover methods with practical examples and exploitation techniques.

15 min 2.4k views
JavaScript Dec 2024

Grep Tips for JavaScript Analysis

Essential grep commands and patterns for bug bounty hunters to analyze JavaScript files for sensitive endpoints and secrets.

8 min 1.8k views
Tools Nov 2024

Don't You Have Burp Suite Pro?

Tips and tricks for Burp Suite Community Edition users to maximize their testing capabilities without the Pro version.

10 min 3.1k views
Salesforce Oct 2024

Hacking on Private Program Using Salesforce CRM

Case study of finding vulnerabilities in a private program that utilizes Salesforce CRM infrastructure.

12 min 1.5k views
Case Study Sep 2024

Found Vulnerability on Fiverr

Simple restriction bypass on Fiverr platform. A detailed walkthrough of identifying and exploiting access control issues on a major marketplace platform.

6 min 4.2k views
Recognitions

Hall of Fame & Certifications

Acknowledged by industry-leading companies for responsible security disclosures and continuous professional development.

Certifications

Active

eJPT

eLearnSecurity Junior Penetration Tester

INE | eLearnSecurity

Active

PNPT

Practical Network Penetration Tester

TCM Security

Active

BBH

Bug Bounty Hunter

HackerOne / Bugcrowd

Hall of Fame

Uber

Uber

Dell

Dell

IBM

IBM

US Dept of Defense

US Department of Defense

Toyota

Toyota

Fiverr

Fiverr

Dutch Government

Dutch Government

+10 More

Various

15+
Companies
50+
Valid Reports
3
Critical
100%
Responsible

Events

Conferences, CTFs, and community engagements.

HackerOne Bug Hunt 2024

Finalist

Competed against security researchers in Bangladesh and reached the finals.

Mar 12, 2024
Bangladesh

Local CTF Night

Organizer

Organized and hosted a local CTF event for newcomers in cybersecurity.

Sep 21, 2024
Community

WebSec Meetup

Panelist

Panel discussion on modern web security threats and responsible disclosure.

Jul 6, 2024
Panel

Event Highlights

HackerOne Swag
HackerOne T-Shirt
Security Stickers
Sticker Collection
Conference Badge
DEF CON Badge
Bugcrowd Hoodie
Bugcrowd Hoodie
Event Photo
Security Conference
Swag Collection
Swag Collection
Event Badge
H1 Live Event
More Swag
Exclusive Merch

Want me to speak or run a workshop?

Invite Me to Speak

Get In Touch

Have a question or want to collaborate? Drop me a message.

Twitter GitHub LinkedIn HackerOne