cybersecurity · penetration testing

Zain

scroll to enter

Z

Open to opportunities

Penetration
Tester &
Red Teamer.

Penetration tester, aspiring red teamer, bug bounty hunter and security researcher from Pakistan — at 17. Manual exploitation, custom tooling, and real-world validated findings.

View My Work Get In Touch

Z

Zain

Penetration Tester · Bug Bounty

Red Teamer Security Researcher

2+

Yrs Kali

3+

Tools

1+

Critical Bug Found

About

Who I Am

I'm a self-taught penetration tester running Kali Linux bare metal for 2+ years. I've completed TryHackMe's full Jr. Pentester path and have a real-world validated bank vulnerability to my name — at 17.

What sets me apart is my commitment to manual exploitation over automated tools. I believe you don't truly understand a vulnerability until you can reproduce it by hand. That mindset drove me to build my own recon and exploitation tools from scratch.

My target is a professional security role before 18, with a long-term path into Red Team operations.

"If you can't do it manually, you don't know how it works."

🐧

Kali Linux — Bare MetalDaily driver for 2+ years. Not a VM, not dual-boot.

🐛

Bank Vulnerability — ValidatedCritical bug confirmed valid by the bank directly.

🎯

Bug Bounty — HackerOneActive hunter focused on web application targets.

🛠️

3+ Open Source ToolsBuilt from scratch to solve real pentesting problems.

Capabilities

Technical Skills

🔍Reconnaissance

NmapWiresharkSubdomain EnumOSINTDNS Analysis

🕷️Web Pentesting

Burp SuiteXSSSQLiIDORCSRFAuth Bypass

⚡Exploitation

MetasploitCustom ScriptsPriv EscReverse Shells

🌐Networking

TCP/IPDNS/DHCPCGNATHTTP/SPacket Analysis

💻Languages

PythonBashC / C++JavaScript

🛠️Tooling

Burp SuiteLinux CLIGit / GitHubCustom C2

Progression

Learning Journey

✓ Complete

Pre Security

TryHackMe — Networking, web & Linux foundations

✓ Complete

Cyber Security 101

TryHackMe — Core security concepts & practices

✓ Complete

Jr. Penetration Tester

TryHackMe — Full pentesting methodology path

In Progress

Web Fundamentals

TryHackMe — Deep dive into web attack surfaces

Upcoming

CompTIA Pentest+

Industry certification — structured pentesting methodology

Upcoming

Red Team Operations

Offensive Pentesting · Web App Pentesting · Web App Red Teaming · Full Red Team Path

Open Source

Tools I've Built

Bash

Custom network management and automation tool. Interface config, monitoring, and network tasks — no third-party dependencies.

Python

Specialized XSS callback listener solving the CGNAT problem — clean alternative for receiving payload data when standard tools get flagged.

Python

SubDomainFinder

Fast subdomain discovery tool for real-world bug bounty recon. Automates the target mapping phase of a pentest engagement.

First Critical Bug — Bank Vulnerability

Discovered and reported a critical vulnerability in a live banking system. Marked duplicate but officially validated by the bank — confirming the finding and its real-world severity.

Contact

Let's Connect

📧Emailzain.root3 💼LinkedIn@zainroot3 🎯HackerOne@zainroot3 💻GitHub@zainroot3 📸Instagram@zain 💬WhatsAppMessage Me