Skip to content
View Rehan137's full-sized avatar

Block or report Rehan137

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
rehan137/README.md





Β 



Β  Β 


πŸ”΄ THREAT PROFILE

root@kali:~# cat /etc/threat-actor.json
{
  "operator"    : "Rehan Malek",
  "affiliation" : "NSIT Ahmedabad [M.Sc Cybersec]",
  "clearance"   : "RED TEAM // UNRESTRICTED",
  "specialties" : [
    "ICS/SCADA Exploitation",
    "Authentication System Hacking",
    "Hardware Implants & RF Attacks",
    "Bug Bounty & CVE Research",
    "RADIUS/AAA Security"
  ],
  "cve_count"   : "1 PENDING",
  "mission"     : "Hunt. Break. Disclose. Repeat.",
  "available"   : true,
  "status"      : "[●] ACTIVE β€” HUNTING MODE"
}

☠️ ZERO-DAY ARSENAL & CVE DISCLOSURE LOG

⚠️ All research conducted ethically under Coordinated Vulnerability Disclosure (CVD) frameworks. Do not attempt to replicate on unauthorized systems.

πŸ”΄ STATUS CVE ID TARGET SEVERITY CLASS
⏳ PENDING CVE-XXXX-XXXXX Kotori ICS/SCADA πŸ”΄ CRITICAL Unauthenticated Telemetry Data Poisoning
╔══════════════════════════════════════════════════════════════════════════╗
β•‘                  [ EXPLOIT CHAIN ANALYSIS β€” KOTORI ]                   β•‘
╠══════════════════════════════════════════════════════════════════════════╣
β•‘                                                                          β•‘
β•‘  TARGET    :  Kotori ICS/SCADA Framework                                 β•‘
β•‘  VECTOR    :  Unauthenticated HTTP Endpoint                              β•‘
β•‘  TECHNIQUE :  Telemetry Data Injection β†’ Sensor Value Falsification      β•‘
β•‘  IMPACT    :  Critical Infrastructure Disruption / False Sensor Data     β•‘
β•‘  DISCLOSE  :  Coordinated Vulnerability Disclosure (CVD)                 β•‘
β•‘  CREDIT    :  βœ… Official Contributor Credit Received                    β•‘
β•‘  CVE ID    :  Pending Assignment by NVD                                  β•‘
β•‘                                                                          β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

βš”οΈ ATTACK METHODOLOGY & KILL CHAIN

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  RECON   │───▢│  WEAPON  │───▢│  DELIVER │───▢│  EXPLOIT │───▢│  PERSIST │───▢│  EXFIL   β”‚
│──────────│    │──────────│    │──────────│    │──────────│    │──────────│    │──────────│
β”‚  OSINT   β”‚    β”‚ Zero-Day β”‚    β”‚ Social   β”‚    β”‚Auth Byp. β”‚    β”‚ RADIUS   β”‚    β”‚Data Drainβ”‚
β”‚  Nmap    β”‚    β”‚ HW Implntβ”‚    β”‚ Delivery β”‚    β”‚ SCADA/OT β”‚    β”‚ Backdoor β”‚    β”‚ C2 Comms β”‚
β”‚  Shodan  β”‚    β”‚ Exploits β”‚    β”‚ Phishing β”‚    β”‚ ICS/PLC  β”‚    β”‚ Persist  β”‚    β”‚ Loot Out β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

🌐 WEB APPLICATION πŸ“‘ HARDWARE & EMBEDDED 🏭 ICS / SCADA πŸ” NETWORK & AUTH
OWASP Top-10 Flipper Zero Modbus / DNP3 RADIUS / AAA
SQL Injection RF Replay Attacks Telemetry Poisoning Wi-Fi Deauth
Auth Bypass / IDOR NFC Cloning PLC Exploitation MITM Attacks
XXE / SSRF / RCE RFID Spoofing Kotori Framework Session Hijacking
LFI / RFI BadUSB / JTAG OT Network Recon Cred Harvesting

πŸ› οΈ WEAPON LOADOUT

⚑ EXPLOITATION FRAMEWORKS & TOOLS

Burp Suite Metasploit Nmap Wireshark Flipper Zero Docker

πŸ’€ OPERATING SYSTEMS

Kali Linux Parrot OS Windows

πŸ”€ LANGUAGES

Python Bash PHP SQL

πŸ—οΈ INFRASTRUCTURE

DigitalOcean MySQL Git


πŸ“‚ CLASSIFIED OPERATIONS β€” Click to Decrypt

πŸ“± ROOT LOCK SCREEN BYPASS Β β€”Β  [Android Security]
╔══════════════════════════════════════════════════════╗
β•‘            OPERATION : DROID BYPASS                 β•‘
╠══════════════════════════════════════════════════════╣
β•‘  TARGET   :  Rooted Android Devices                 β•‘
β•‘  VECTOR   :  Privilege Escalation via Root Shell    β•‘
β•‘  METHOD   :  Scripted Lock Screen Bypass            β•‘
β•‘  IMPACT   :  Full Device Access β€” No Auth Required  β•‘
β•‘  LESSON   :  Root access = broken security model    β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

Script demonstrating privilege escalation on rooted Android devices, exposing fundamental weaknesses in Android's security model when root is present. Full PoC with documentation.


πŸ” CYRAD β€” ENTERPRISE RADIUS AUTH SYSTEM Β β€”Β  [Network Auth / AAA]
╔══════════════════════════════════════════════════════╗
β•‘            OPERATION : CYRAD DEPLOYMENT             β•‘
╠══════════════════════════════════════════════════════╣
β•‘  SYSTEM   :  CYRAD β€” Custom RADIUS Auth Platform    β•‘
β•‘  BUILD    :  Designed & built from scratch          β•‘
β•‘  FEAT 1   :  Per-user data limits & quota enforce   β•‘
β•‘  FEAT 2   :  Real-time session monitoring (AAA)     β•‘
β•‘  CLIENT   :  Cyndia Cyberspace LLP                  β•‘
β•‘  RESULT   :  βœ… Letter of Recommendation Awarded    β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

Enterprise-grade Authentication, Authorization, and Accounting (AAA) system. Built for production deployment with real-time data cap enforcement and live session management.


πŸ” ORIGIN IP DISCOVERY TOOL Β β€”Β  [OSINT / Recon]
╔══════════════════════════════════════════════════════╗
β•‘            OPERATION : UNMASK                       β•‘
╠══════════════════════════════════════════════════════╣
β•‘  TARGET   :  CDN-protected web applications         β•‘
β•‘  VECTOR   :  Origin IP unmasking (Cloudflare/CDN)   β•‘
β•‘  METHOD   :  Multi-vector recon + DNS enum          β•‘
β•‘  PURPOSE  :  Expose true origin β€” bypass WAF/CDN    β•‘
β•‘  USE CASE :  Penetration testing recon phase        β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

Automates origin IP discovery behind Cloudflare and reverse proxies. Used in pen tests to identify and attack the true origin server, bypassing CDN/WAF protections entirely.


πŸ“‘ FLIPPER ZERO 5-IN-1 EXTENSION BOARD Β β€”Β  [Hardware Hacking]
╔══════════════════════════════════════════════════════╗
β•‘            OPERATION : HARDWARE KRAKEN              β•‘
╠══════════════════════════════════════════════════════╣
β•‘  HARDWARE :  Custom Flipper Zero PCB Extension      β•‘
β•‘  CAP 1    :  RF Replay + Sub-GHz attacks            β•‘
β•‘  CAP 2    :  NFC cloning + RFID spoofing            β•‘
β•‘  CAP 3    :  Physical bypass + BadUSB               β•‘
β•‘  PURPOSE  :  Red team physical security assessment  β•‘
β•‘  STATUS   :  Built, assembled & field-tested        β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

Custom 5-in-1 PCB extension board for Flipper Zero β€” dramatically expanding RF, NFC, RFID, and physical attack capability for real-world red team operations.


πŸ’Ό FIELD OPERATIONS

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  [OP-001] KUBOTOR β€” Bug Bounty Hunter (Intern)                          β”‚
β”‚  TIMELINE : Sep 2025 β†’ Jan 2026                                         β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚  [+] Executed structured penetration tests across multiple live targets  β”‚
β”‚  [+] Chained vulnerabilities for maximum-impact proof-of-concept        β”‚
β”‚  [+] Responsible disclosure pipeline β€” full exploit documentation       β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  [OP-002] CYNDIA CYBERSPACE LLP β€” Security Analyst (Intern)             β”‚
β”‚  TIMELINE : May 2025 β†’ Jul 2025                                         β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚  [+] Architected CYRAD from zero β€” enterprise RADIUS authentication     β”‚
β”‚  [+] Per-user quota enforcement + real-time session monitoring          β”‚
β”‚  [+] Awarded Letter of Recommendation for exceptional delivery  πŸ…      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ“Š COMBAT STATISTICS

Β 



Β 

πŸ† SKILL MATRIX β€” THREAT LEVEL

DOMAIN SKILL THREAT LEVEL
🌐 Web App Pentesting Burp Suite / OWASP β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ ADVANCED
πŸ“‘ Hardware Hacking Flipper Zero / RF / RFID β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘ PROFICIENT
🏭 ICS / SCADA Kotori / Modbus / OT β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘ ADVANCED
πŸ” Network / Auth RADIUS / AAA / MITM β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ ADVANCED
🐍 Python Scripting Exploit Dev / Automation β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘ PROFICIENT
πŸ”Ž OSINT / Recon Shodan / DNS / Nmap β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ ADVANCED
πŸ’Ύ Forensics Digital Evidence / Analysis β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘ INTERMEDIATE
🧩 CTF Capture The Flag β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘ PROFICIENT

πŸŽ“ TRAINING & CERTIFICATIONS

πŸ… CERTIFICATION πŸ›οΈ ISSUER 🎯 DOMAIN
Cyber Security & Privacy NPTEL Defensive & Offensive SecOps
Computer Networks & Internet Protocol NPTEL Network Architecture
SQL Injection Attack EC-COUNCIL Web Application Exploitation
PHP & MySQL IIT Bombay Backend Development
H4CKP13T 0X01 International CTF Capture The Flag
PHANTOM FLAB CTF Event Capture The Flag

🌐 ESTABLISH SECURE CONNECTION

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                  OPEN TO ENGAGEMENTS                     β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚  βœ…  Freelance Penetration Testing Assessments           β”‚
β”‚  βœ…  Bug Bounty Collaborations & Joint Research          β”‚
β”‚  βœ…  Security Research Internships                       β”‚
β”‚  βœ…  Full-Time Offensive Security Roles                  β”‚
β”‚  βœ…  CVE Coordination & Responsible Disclosure           β”‚
β”‚  βœ…  Red Team Operations & Hardware Hacking              β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
Β  Β 

root@rehan:~# echo "Β© 2026 Rehan Malek β€” ONLINE | MODE: HUNTING | CLEARANCE: RED TEAM"
Β© 2026 Rehan Malek β€” ONLINE | MODE: HUNTING | CLEARANCE: RED TEAM

Popular repositories Loading

  1. buggymart-project buggymart-project Public

    BuggyMart is a simple e-commerce website built with PHP and MySQL. It is designed to be an easy-to-understand platform for learning about common web application vulnerabilities.

    PHP

  2. rehan137 rehan137 Public

    HTML 1

  3. windows95_portfolio windows95_portfolio Public

    Forked from renish47/windows95_portfolio

    My web portfolio whose design is inspired based on popular Windows-95 operating system's look.

    JavaScript

  4. origin-finder origin-finder Public

    Advanced 30-method origin IP discovery tool with CDN bypass and mathematical validation - Written in pure C with no external dependencies

    C