Skip to content
View ZishanAdThandar's full-sized avatar
🛡️
Working on client security assessments
🛡️
Working on client security assessments
248 followers · 98 following

Achievements

Achievement: Starstruckx3Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: Galaxy BrainAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Achievements

Achievement: Starstruckx3Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: Galaxy BrainAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Block or report ZishanAdThandar

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ZishanAdThandar/README.md

Zishan Ahamed Thandar

Offensive Security Research & Consulting

I specialize in attacker-driven security assessments focused on identifying real-world attack paths across modern web applications, APIs, authentication systems, and Active Directory environments.

My work focuses on:

  • Web Application Penetration Testing
  • API Security Assessments
  • Authentication & Access Control Testing
  • Active Directory Security Reviews
  • Privilege Escalation & Internal Reconnaissance
  • Security Research & Methodology Development

I prefer manual testing methodologies designed to uncover high-impact vulnerabilities often missed by automated tooling.

Core Expertise

Offensive Security

Web Pentesting API Security Active Directory Privilege Escalation Authentication Testing Access Control Reviews Business Logic Testing Reconnaissance

Tooling & Platforms

Burp Suite Nmap BloodHound Impacket CrackMapExec Nessus Metasploit Nuclei Hydra John the Ripper

Operating Systems

Kali Linux Arch Linux Debian Ubuntu Windows

Programming & Scripting

Python Bash JavaScript PHP MySQL HTML/CSS

Responsible Disclosure

Recognized by organizations including:

Google • Oracle • AOL • Xiaomi • Zoho • Mail.ru • NCIIPC • Shaadi.com • EC-Council • GeeksForGeeks • PostNL • EUR.nl

Certifications

  • CRTA — CyberWarFare Labs
  • C3SA — CyberWarFare Labs
  • Programming Certifications — Python, Java, PHP, HTML, CSS, Git

Featured Projects

Pentester Guide

Comprehensive offensive security knowledgebase covering:

  • Web Security
  • API Security
  • Active Directory
  • Privilege Escalation
  • Red Team Methodology
  • Reconnaissance
  • Attack Chains
  • Security Tooling

➡️ https://github.com/ZishanAdThandar/pentest

HackerProxyPro

Firefox extension for rapid Burp Suite / TOR proxy switching.

➡️ https://github.com/ZishanAdThandar/HackerProxyPro

Hackify

Automated pentesting environment setup toolkit.

➡️ https://github.com/ZishanAdThandar/hackify

WebsiteDorkerPro

OSINT and reconnaissance automation utility.

➡️ https://github.com/ZishanAdThandar/WebsiteDorkerPro

Practical Security Resources

Bug Bounty Web Security Checklist

Real-world testing methodology covering:

  • Authentication Testing
  • Access Control
  • SSRF
  • Business Logic Flaws
  • API Security
  • Injection Testing
  • Reconnaissance

➡️ https://zishanhack.com/products/web-security-checklist

CRTA Red Team Notes

Windows & Active Directory focused red team notes.

➡️ https://zishanhack.com/products/crta

OSCP Obsidian Notes

Structured OSCP-oriented penetration testing notes.

➡️ https://zishanhack.com/products/oscp-bundle

OSWP Notes

Wireless security & Wi-Fi exploitation notes.

➡️ https://zishanhack.com/products/oswp-notes

Security Services

Available for limited-scope offensive security engagements.

Services

  • Web Application Penetration Testing
  • API Security Reviews
  • Active Directory Assessments
  • Authentication Security Testing
  • Security Validation Before Production Releases

Links

Current Focus Areas

  • API Security Research
  • Authentication Attack Paths
  • Active Directory Methodology
  • Security Automation
  • Offensive Security Documentation
  • Real-World Exploitation Techniques

Built around offensive security research, practical methodology, and real-world testing.

Popular repositories Loading

  1. pentest pentest Public

    Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

    PHP 629 88

  2. hackify hackify Public

    A single script to install important Pentesting Tools and wordlists on Debian based Linux OS.

    Shell 55 7

  3. HackerProxyPro HackerProxyPro Public

    Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.

    JavaScript 34 7

  4. blog blog Public

    CTF and Bug Bounty Hunting WriteUps.

    HTML 20 4

  5. WebsiteDorkerPro WebsiteDorkerPro Public

    Python 8 1

  6. hacknotes hacknotes Public

    Private Notes of Zishan Ahamed Thandar for reference

    TeX 6 3