faizal@security:~$

faizal@kali:~$ whoami

CHOWDHURY FAIZAL AHAMMED

|
View My WorkDownload CV

0+

Years Experience

0+

CVEs Published

0+

CTFs Won

OSCP+

Certified

~/about$

About Me

Breaking things to make them stronger

I'm a 24-year-old security enthusiast who's been breaking things since my teens. With 7+ years in offensive security, I've evolved from curious script kiddie to a seasoned penetration tester and cloud security architect.

Currently serving as a Senior Cloud IAM Engineer at Synchrony Financial, I architect enterprise-scale identity and access management solutions while maintaining my offensive edge through red teaming and bug bounty hunting.

I hold multiple CVEs across SSRF, RCE, IDOR, and XSS vulnerability classes, and I've competed in CTFs at both national and international levels. When I'm not hunting bugs, I'm building security tools in Python or automating cloud infrastructure with Terraform.

My unique blend of offensive security and cloud engineering gives me an attacker's perspective on defense — I build secure systems because I know exactly how they break.

profile.json
{
  "name": "Chowdhury Faizal Ahammed",
  "age": 24,
  "role": "Sr. Cloud IAM Engineer",
  "company": "Synchrony Financial",
  "experience": "7+ years",
  "focus": [
    "Offensive Security",
    "Cloud IAM Architecture",
    "Red Teaming",
    "Bug Bounty"
  ],
  "certifications": ["AD-RTS", "CRTA", "OSCP+", "CNPen", "CAP"],
  "cves_published": 6,
  "ctfs_won": "25+",
  "languages": ["Python", "Bash", "Golang", "JavaScript"],
  "cloud": "AWS",
  "status": "Always hunting"
}

~/skills$

Technical Arsenal

Tools and expertise forged through years of offensive operations

Programming Languages

PythonBashGolangJavaScript

Cloud & Infrastructure

AWSTerraformCloudformationCloud Security Architecture

Red Team & Offense

Sliver C2Cobalt StrikeCalderaRed TeamingPenetration TestingExploit DevelopmentReverse EngineeringVulnerability Research

AppSec & Testing

AppSecSAST/DASTBurp SuiteMetasploitNmapWireshark

Specializations

Agentic AI DevelopmentCTF PlayerBug Bounty HuntingSecurity Tool Development

~/projects$

Featured Projects

Security tools and frameworks built to break and protect

Security Tool

CloudGuard Scanner

Automated AWS security scanner that identifies misconfigurations across IAM policies, S3 buckets, security groups, and cloud infrastructure. Generates actionable remediation reports.

PythonAWSBoto3SecurityIAM
Security Tool

ADReaper

Active Directory enumeration and exploitation toolkit for red team operations. Automates Kerberoasting, AS-REP roasting, ACL abuse paths, and lateral movement discovery.

PythonPowerShellActive DirectoryRed Team
Security Tool

BugBounty Automator

Reconnaissance automation framework that chains subdomain enumeration, port scanning, web crawling, and vulnerability detection for bug bounty programs.

BashPythonGoAutomation
View all projects

~/vulnerabilities$

CVE Discoveries

Real vulnerabilities found in production systems

CVE-2022-2170CriticalSSRFCVSS 9.8

Server-Side Request Forgery Vulnerability

Discovered a Server-Side Request Forgery vulnerability that allowed unauthenticated attackers to make arbitrary HTTP requests from the server, leading to internal service enumeration and cloud metadata access.

Enterprise SaaS Platform2022

CVE-2025-67436CriticalRCECVSS 9.1

Remote Code Execution Vulnerability

Identified an unsafe deserialization vulnerability in the API gateway's request transformation layer. Crafted payloads could achieve remote code execution on the gateway server.

Cloud API Gateway2025

CVE-2025-68454HighIDORCVSS 8.6

Insecure Direct Object Reference

Found an Insecure Direct Object Reference in the user data export functionality. By manipulating the export request ID parameter, an authenticated user could download any other user's exported data.

FinTech Application2025

View all CVEs