Ubaid ur Rehman
@darkmaster0345 · 18-year-old self-taught developer & vulnerability researcher
Source code security and privacy-focused software builder. I find vulnerabilities through passive analysis, JS bundle review, HAR analysis, and console-based verification with responsible disclosure.
Source Code Security + Privacy Engineering
I'm a DAE Electronics student at Technical College of Karachi (in progress), focused on vulnerability research and privacy-first software development.
My security workflow is transparent: passive analysis → JavaScript bundle review → HAR file analysis → browser console verification → responsible disclosure. I prioritize reproducible findings over automated scanner reports.
I openly use AI assistants (Claude and Gemini) to speed up code analysis and attack-surface mapping, while keeping reports evidence-driven and technically verified.
Passive Analysis
Non-intrusive observation of application behavior and data flows
JS Bundle Review
Source code analysis of client-side JavaScript for leaked secrets and logic flaws
Responsible Disclosure
Evidence-driven reports with verified, reproducible findings
Software Forge
Open-source tools built with Kotlin, Python, and TypeScript. Built software, not vaporware.
Verified Security Research
20+ vulnerabilities across 3 engagements · 7+ Critical findings · 1 Hall of Fame listing
EC-Council (CodeRed)
9 vulns · 3 Critical9 vulnerabilities found (3 Critical). Acknowledged in 12 minutes. Hall of Fame 2026 + Certificate of Appreciation.
PriceOye
5 vulns · 3 Critical PII5 vulnerabilities found, including 3 Critical PII leaks. Remediation confirmed within 72 hours.
Waqar Electronics
6 vulns · XSS-to-ATO6 vulnerabilities found including one Stored-XSS-to-ATO chain via insecure session cookies.
F-Droid App Security Audits
Verifying FOSS apps for tracker-free, privacy-respecting compliance
Audit History
Journey So Far
PriceOye
First bug bounty report submitted; 5 vulnerabilities identified, including critical PII leaks.
EC-Council initial report
Initial responsible disclosure submitted to EC-Council.
HaramVeil + NoFap Hydra + Waqar Electronics
Built privacy-focused projects and disclosed Waqar Electronics ATO chain.
FOSS contributions
Continued open-source development on privacy/security-oriented repositories.
F-Droid Snowflake verification
Forward-compatibility verification for Snowflake Volunteer on Android 16 approved by F-Droid maintainer.
EC-Council Hall of Fame
Hall of Fame 2026 listing with Certificate of Appreciation for 9 vulnerabilities (3 Critical).
Certifications & Achievements
Verified credentials from Saylani Cisco Networking Academy & EC-Council.
DC - M3 - CyberOps Associate ( Networking Basics )
Start learning the basics of computer networking and discover how networks operate.
EC-Council Hall of Fame 2026
Certificate of Appreciation — Responsible Disclosure
Recognized by EC-Council President Sanjay Bavisi for identifying vulnerabilities in EC-Council web assets (9 vulnerabilities, 3 Critical)
Introduction to Cybersecurity
Introduction to Dark Web, Anonymity, and Cryptocurrency
Network Technician Career Path
Digital Safety and Security Awareness
DC - M3 - CyberOps Associate ( Networking Basics )
CyberOps AssociateStart learning the basics of computer networking and discover how networks operate.
Network Technician Career Path
Network Technician Career PathComprehensive career path badge earned upon completing the full Network Technician curriculum covering networking fundamentals, security, and administration through Saylani Cisco Networking Academy.
Digital Safety and Security Awareness
Digital Safety and Security AwarenessBadge earned for demonstrating comprehensive awareness of digital safety practices, online privacy protection, and cybersecurity hygiene through the Saylani Cisco Networking Academy program.
ALL VERIFIABLE ON SAYLANI CISCO NETWORKING ACADEMY & EC-COUNCIL
Skills & Tools
(Honest Snapshot)
GitHub Activity
Terminal-style view of the latest commits, PRs, and events across the darkmaster0345 repositories.
Snowflake Proxy
Help censored users browse the free internet — right from your browser
Proxy inactive — click Enable to start helping censored users access the free internet
WebRTC Relay
Your browser becomes a bridge. Censored users route traffic through your WebRTC connection to access the open internet.
Your Privacy First
Your IP is never exposed to the websites censored users visit. You're just a transport layer — no data stored, no logs kept.
By Tor Project
Snowflake is built by the Tor Project. It's used by thousands daily to bypass censorship in restricted regions worldwide.
Learn moreSnowflake Network
You're not alone — thousands of proxies are helping censored users worldwide
Fingerprint Art
Every browser leaves a unique mark — here's yours, turned into art
Uniqueness Score
Your browser is 0% unique among visitors
More private — blends in with the crowd
Higher uniqueness means your browser fingerprint is more distinctive, making it easier for trackers to identify you without cookies.
What drives your art
This art was generated from data your browser leaked passively
No cookies, no storage, no server calls needed. This is the same technique advertisers use to track you across the web. Every element in the art above corresponds to a piece of information your browser volunteered without you knowing.
- ›Use a privacy-focused browser like Firefox or Tor Browser
- ›Install uBlock Origin or Privacy Badger extensions
- ›Disable JavaScript when possible (breaks many sites)
- ›Use browser settings to block third-party trackers
- ›Consider using a VPN to mask your IP address
Capture The Flag
3 hidden challenges across this portfolio — solve them all to earn the Verified Hacker badge
Base64 Beacon
A signal is being broadcast from the terminal. Intercept it and decode the message.
Source Inspector
Something is hidden in the source code of this page. Inspect the HTML to find the secret.
ROT13 Transmission
An encrypted transmission was intercepted: FRPHVGL. Decode it using a classic cipher.
Encryption Playground
Encode, decode, and explore classic ciphers
Encodes binary data into ASCII text using a 64-character alphabet. Commonly used...
Password Analyzer
Test your password strength and learn what makes passwords secure
Security Scanner
Real-time analysis of this website's security headers
Scroll into view to initiate security scan…
LET'S WORK
TOGETHER
Security engagement, collaboration, or just want to talk shop. All communications treated with strict confidentiality.
Let's Build Something
Android apps · Websites · Security audits
Need a secure Android app, a blazing-fast website, or a thorough security audit? Let's discuss your project.
Typical response < 24h · Available now
GitHub
@darkmaster0345
/in/ubaid-ur-rehman-979623401/
Responsible Disclosure
All findings reported through proper channels. Available for bug bounty and private security consulting.