Hi, I'm Muhammad Ilyas, a Full Stack Web Developer, Bug Bounty Hunter, and Content Creator. I specialize in identifying security vulnerabilities and building secure applications. My YouTube channel, WebWonders, shares my knowledge of ethical hacking and web development.
- 2023 Top Hunter at @opn Bug Bounty Program
- Found vulnerabilities in platforms like Omise, DPD Group UK, Mux
- Experienced in detecting XSS, CSRF, SSRF, Cache Poisoning, DNS Rebinding, and Account Takeovers
π‘οΈ Security Highlights (from HackerOne)
- Omise: Subdomain Takeover via Dangling DNS
- DPD Group UK: Complete Account Takeover via Autofill Exploit
- Mux: API Logs Leak (Internal IPs Exposure)
- Omise: Web Cache Deception & CSRF Token Exposure
- Omise: Firewall Bypass Leading to Admin Page Access
- Omise: SSRF via DNS Rebinding
- Omise: Lack of Rate Limiting in Login Forms
- Teaching-a-beginner-to-Bug-Bounty-hunting-tutorial: A YouTube series teaching bug bounty hunting with real examples
- Bug-Bounty-Road-Map: Resources for different vulnerabilities and exploitation case studies
- Automation_Setup (Private): My private toolkit for automating security checks during bug hunting
- My-ChatApp: Fully featured chat app with video/audio calling
- project_website: Client project with HTML/CSS design
- Ilyas-Chat-App: A WhatsApp-like chat application
- Project_Machine_Learning: My custom ML model experiments
- TestingDNS: Python project for DNS-based tests
- Languages: JavaScript, Python, Ruby, C++, C#, Shell, PHP, HTML/CSS
- Frameworks: Ruby on Rails, React.js, Next.js
- Tools: Docker, Git, GitLab, Nmap, Burp Suite, Knoxss
- Security: XSS, SSRF, CSRF, DNS Rebinding, Rate Limiting Bypass, Web Cache Deception
- πΊ YouTube: WebWonders
- π¦ Twitter: @Cyber78678
- π Website: Portfolio
- πΌ Open to Employment Opportunities
- A7: Cross-Site Scripting (XSS) β October 2023
- A3: Sensitive Data Exposure β August 2023
- Streaker Badge β August 2023