
Sheraz Khalid
Cyber Security Consultant
Sheraz Khalid
👋 Welcome to My Blog
I'm a Cybersecurity Consultant with over 5 years of hands-on experience securing web applications, APIs, and digital infrastructure. I collaborate with companies to identify and remediate realworld vulnerabilities through focused VAPT engagements.
Outside of client work, I stay sharp through bug bounty hunting, and CTFs.
This blog is where I share my journey from bug bounty write-ups and CTF walkthroughs to lessons learned during assessments.
Thanks for stopping by, feel free to explore, learn something new, and reach out if you’d like to connect.
- Age 27
- Residence Islamabad, Pakistan
- e-mail daimbutt70@gmail.com
What I Do
Progress Reports
Valid Reports
400+Hall of Fames
50+Experience
5+ YearsCareer Objective
To contribute meaningful value through cybersecurity consultancy and ethical hacking, helping organizations identify and fix real world security flaws across web, mobile, network, and infrastructure layers. Cybersecurity is not just a profession for me, it’s a passion that fuels my continuous growth through client work, bug bounty hunting, and practical exploration of offensive security.
Resume
Education
2016 - 2018
University of Central PunjabADP IT Management
The program brings together key elements of IT and business management. With a strong focus on real-world projects and hands-on learning, it prepares students to tackle modern business challenges using practical technology solutions.
Experience
2023 - Present
Gulf Business Machine (GBM)Cyber Security Consultant
- Led and delivered end-to-end VAPT projects covering web apps, APIs, mobile apps, and IP infrastructure.
- Collaborated with teammates on phishing simulations and red team engagements.
- Acted as a primary point of contact for clients — from scoping to delivery.
- Helped clients understand risk reports clearly and guided them in remediation efforts.
- Ensured timely delivery of assessments with actionable recommendations.
2019 - Present
BugcrowdBug Bounty Hunter
- Actively hunting security vulnerabilities since 2019 — here’s my profile
- Reported 390+ valid bugs across multiple private and public programs
- Earned over 3,100 reputation points and currently ranked #174 worldwide
- Specialize in identifying high-impact issues such as XSS, IDOR, SQLi, and authentication flaws
- Received multiple Hall of Fame mentions and program-specific recognitions
2021 - 2023
SynackSynack Red Teamer
- Conducted private, high-impact security assessments across various enterprise assets
- Identified and reported vulnerabilities with detailed PoCs through the Synack platform
- Maintained a strong acceptance rate and contributed to high-signal research efforts
Certifications
2025 - 2028
Altered SecurityCRTP (Certified Red Team Professional)
Focused on Active Directory exploitation techniques from a red teamer's perspective.
View Certificate
Research
2020 - Present
Personal / CommunityPublished CVEs
Published multiple CVEs for vulnerabilities identified in third-party software:
Pentesting Skills
Web Application Pentesting
API Pentesting
Network Pentesting
Active Directory Pentesting
Coding / Other Skills
Bash
Python
HTML/CSS
Linux
Googling
Tools
- Burp Suite
- SQLMap
- FFUF
- Metasploit
- Linux
- Wireshark
- BloodHound
- CrackMapExec
- Impacket
Acknowledgement
- Ebay
- Fedex
- Dell
- Under Armour
- Wise
- Indeed
- Upwork
- Bugcrwd
- Bugcrowd MVP - Multiple quarters
- Top 10 on Bugcrowd Leaderboard - January 2024
- CRTP
- Ranked #174 Globally on Bugcrowd