$ ./overview --all

bash — n16h70wl@kali: ~
┌──(n16h70wl㉿kali)-[~]
└─$

Muhammad Tayab Bashir

Web Pentesting · Network Security · OSINT · Active Directory . Bug Bounty

Available for engagements CC — (ISC)² PNPT — TCM-SEC

> profile

rolePenetration Tester
experience2+ years
currentCyber Silo Pvt. Ltd.
educationB.Sc. CS — UCP
certsPNPT · CC

> whoami

Experienced Penetration Tester and Bug Bounty Hunter with 2+ years in professional cybersecurity — identifying and mitigating vulnerabilities across web applications, APIs, and network and Active Directory infrastructure.

At Cyber Silo Pvt. Ltd. I run weekly grey-box and black-box tests and author PCI DSS-aligned reports, and hunt independently on HackerOne and Bugcrowd — with disclosed flaws at Cloudflare, Expedia Group, and more.

> certifications

  • PNPT — Practical Network Penetration Tester TCM Security
  • CC — Certified in Cybersecurity (ISC)²

> courses & training

  • Practical Ethical Hacking — The Complete Course Udemy · 2023
  • Bug Bounty Hunting with Burp Suite Udemy · 2023
  • Cyber Security Udemy · 2022
  • Cryptography Cybrary · 2022
  • CompTIA Linux+ Cybrary · 2022
  • Penetration Testing & Ethical Hacking Cybrary · 2022
  • IELTS — 7.0 Bands British Council

> focus areas

Web App Pentesting Network Security Active Directory OWASP Top 10 OSINT & Recon Bug Bounty Vuln Research PCI DSS

> bug bounty hall of fame

Cloudflare Expedia Group Shutterfly LY Corporation Modern Treasury Mattermost Forge Global
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

$ ls -la ./projects/

Projects

~/passive-recon-intelligence-engine LIVE

Passive Recon Intelligence Engine

A structured dorking and OSINT checklist covering 14 categories across 12+ search engines — Google, Shodan, FOFA, Censys, GreyNoise, GitHub, and more. Built for bug bounty hunters and penetration testers who want systematic, reproducible passive recon.

JavaScriptAstroGoogle DorkingShodanFOFACensysOSINT
~/nightowl-ir LIVE

NightOwl-IR

Zero-dependency PowerShell incident-response triage toolkit for Windows — 87+ checks across 8 domains, MITRE ATT&CK-mapped, with a collapsible HTML dashboard.

PowerShellIncident ResponseMITRE ATT&CKWindowsHTML
~/ci/cd-security-vulnerability-gatekeeper LIVE

CI/CD Security Vulnerability Gatekeeper

Deterministic, rule-based CI/CD security gate that aggregates secret, dependency, and SAST scanners into one policy-driven pass/fail gate with a deduplicated remediation report. Runs locally and as a GitHub Action.

PythonDevSecOpsSASTCI/CDGitHub Actions
~/advalidate LIVE

ADValidate

A native, lockout-aware, multi-protocol credential validation and access-mapping engine for authorized Active Directory penetration testing and red-team engagements.

Active DirectoryRed TeamKerberosLDAPSMBCredential Access
════════════════ [ PENTEST REPORTS ] ════════════════

$ ls -la ./reports/

Sample Pentest Reports

Redacted, sanitized sample deliverables — the structure, methodology, and remediation detail I bring to every engagement. No real client data.

════════════════ [ BLOG ] ════════════════

$ cat blog/recent.txt

Latest Posts

blog/building-nightowl-ir-triage-toolkit.md blog
$ May 18, 2026

Building NightOwl-IR: A Zero-Dependency Windows Triage Toolkit

Real incident response rarely happens on a host with your tools pre-installed. Here's why I built NightOwl-IR to run on stock PowerShell, what it collects in the first 15 minutes, and how mapping findings to MITRE ATT&CK speeds up triage.

════════════════ [ CTF WRITEUPS ] ════════════════

$ cat ctf/recent.txt

CTF Writeups

ctf/hackthebox-forest.md HTB
Medium Active Directory May 30, 2026

Forest — HackTheBox

Forest goes from an anonymous LDAP session to Domain Admin via AS-REP roasting and an ACL-abuse chain that ends in DCSync. A perfect walkthrough of why Active Directory attack paths are about permissions, not just passwords.

ctf/hackthebox-active.md HTB
Easy Active Directory Apr 26, 2026

Active — HackTheBox

Active is a textbook AD box: an anonymously readable SYSVOL share leaks a GPP-encrypted service-account password, which is Kerberoasted into a full Domain Admin compromise. Two legacy misconfigurations, total takeover.

ctf/hackthebox-lame.md HTB
Easy Network Feb 14, 2025

Lame — HackTheBox

One of HackTheBox's original machines. A classic Samba usermap_script vulnerability leads to unauthenticated remote code execution and immediate root access — perfect for understanding how legacy services get exploited.

════════════════ [ TOOLS ] ════════════════

$ which --all tools

Arsenal

Burp Suite web
Caido web
Nmap network
Metasploit exploit
Wireshark network
Maltego osint
SQLmap web
Amass recon
Hydra exploit
Nikto web
John the Ripper exploit
BeEF web
DirBuster recon
WPScan web
Nessus vuln
Finddomain recon
Python lang
Bash lang
Linux os
VMware infra
web network exploit osint recon vuln lang os infra
════════════════ [ CONTACT ] ════════════════

$ ssh contact@tayab.dev

Get In Touch

Available for freelance penetration testing engagements, bug bounty collaborations, and security consulting. Response within 24–48 hours.

contact_form.sh — bash
$ cat > message.txt <<EOF