I'm a Security Researcher based in India 🇮🇳.
I hunt bugs, break systems, and build tools that help others do the same 🔥
- 🎯 10+ CVEs published (XSS, RCE, SQLi, Auth Bypass, etc.)
- 🛠️ Contributor to Exploit-DB, Metasploit, and CIS Benchmarks
- 🎤 Speaker at CrestCon (London) & ThreatCon (Kathmandu)
- 🧠 Shellcode author and CTF machine creator for HTB & VulnHub
> echo "Touhid Shaikh"
┌──(root💀touhid)-[~/research]
└─$ whoami
Security Researcher | Exploit Developer | Open Source Contributor
┌──(root💀touhid)-[~/CVEs]
└─$ cat highlights.txt
✅ OSCP | OSCE | CRT | CPSA | ISC² CC
🚨 CVE-2024-43381 – Stored XSS in reNgine
🎯 RCE on Netgear, TP-Link, OnePlus Web Services
🎓 MBA (ITASM) | BSc IT
🌍 Conferences: CrestCon (UK), ThreatCon (Nepal)- Suid Binary – .so Injection(Weak File Permissions)(Privilege Escalation)
- Port Forwarding Explained
- PSV-2018-0182: NetGear WNR614 WiFi Home Router Unauthenticated Remote Admin Forcibly Logout
- (De | Un)serialization Detailed with Demo
- 🔒 CVE-2024-43381 – Stored XSS in reNgine
- 💥 CVE-2021-29069 – Command Injection in Netgear Router
- 🛡️ CVE-2018-11714 – Auth Bypass in TP-Link Routers
- 🖥️ 10+ total CVEs — see full list on Exploit-DB
Proud to be acknowledged by:
- 🍏 Apple – Security Misconfiguration
- 🌐 Synology – Remote Code Execution, SSRF and Security Misconfiguration
- 📶 Netgear – Remote Code Execution and XSS and Security Misconfiguration
- 🔐 OnePlus – Remote Code Execution
- 🎯 Arlo, Registrar.gov, HackTheBox, PlaySMS, and more.
- 📄 PagedOut Magazine – Article on Netgear RCE
- 🧪 Subzy Contributor – Subdomain Takeover Checker
- 📚 CIS Benchmark – pfSense Security Guidelines
- ⚙️ Metasploit Contributor – Custom Exploits
- 🧨 ShellPop – Shell Generator Tool
Thanks to everyone who has referenced or credited my work in their repositories!