โ˜ฃ About

I am a young independent security researcher who is very passionate about application security since I was a kid. I am very interested in reverse engineering, exploit development and penetration testing. I started my life with a single quote ๐Ÿ’‰ at the age of 12. I’m not any nerd or any geek. Just a normal boy who loves to explore new things. Apart from that I love music.

I got acknowledged by many organizations including Microsoft, Apple, AT&T, Oracle, Adobe, Facebook, Nokia, Twitter, Sony, Ebay, SoundCloud, RedHat, Github, Huawei, Dell, Samsung, Intel, etc.

Me in the news and other mentionings

 

  • The tool LFiFreak which I wrote when I was 18 featured in Pentester Academy TV

Interviews

Research

Author of BreakThiSQLi challenge series.

All my work included here are licensed under
Creative Commons Attribution-ShareAlike 3.0 Unported License

๐ŸŒ Contact me

Buy Me A Coffee

Currently Holds:

CREST

  • CREST Registered Penetration Tester (CRT Pen)
  • CREST Practitioner Security Analyst (CP SA)

Offensive Security

  • OSCE – Offensive Security Certified Expert
  • OSCP โ€“ Offensive Security Certified Professional
  • OSWP – Offensive Security Wireless Professional

eLearnSecurity

  • eCRE – eLearnSecurity Certified Reverse Engineer
  • eCXD – eLearnSecurity Certified eXploit Developer
  • eCPPTX – eLearnSecurity Certified Professional Penetration Tester Extreme
  • eWPTX – eLearnSecurity Web Application Penetration Tester Extreme
  • eCPPTv2 – eLearnSecurity Certified Professional Penetration Tester v2
  • eCPPT Gold – eLearnSecurity Certified Professional Penetration Tester (Gold)
  • eWPT – eLearnSecurity Web Application Penetration Tester

Pentester Academy

Coursera

  • Software Security – University of Maryland
  • Cryptography – University of Maryland
  • Hardware Security – University of Maryland
  • Usable Security – University of Maryland

edX

  • Introduction to Computer Science and Programming Using Python – MIT
  • Embedded Systems – Shape the World – University of Texas
  • Introduction to Linux – The Linux Foundation

PentesterLab

  • PentesterLab White Hat Badge
  • PentesterLab Serialize Badge

The CryptoCurrency Certification Consortium (C4)

  • Certified Bitcoin Professional – CBP

Courses

  • Introduction to Digital Currencies – University of Nicosia
  • LSA Pro DJ Course – London Sound Academy

(Completed 5 in a row, 2016 October – eCPPT, November – eCRE, December – eWPTX, 2017 January – OSCP, March – OSWP)


offsec-student-certified-emblem-rgb-oscp

ecptx_certificate_smewptx_certificate_sm


Made with ๐Ÿ’– in Sri Lanka ๐Ÿ‡ฑ๐Ÿ‡ฐ

Advertisements

22 thoughts on “โ˜ฃ About

  1. Hi,could you please recommand some books about information security?Iโ€™m interested in this method but have no idea what to learn.Thanks!!

  2. Iโ€™m new students from ICT collage, n begin to study n intererst about PenTest, Forensic. Could you guide or give me some artikel or book.
    Thanks

  3. Hi,
    This blog is really impressive actually.
    The number of acknoledgments you have is too damn highโ€ฆ Congratz.

    If you can mail me the same things you mailed to the others before I would be thankful.

    I read your whitepaper about SQLi on insert/update/delete. It was really interesting but unfortunately most of the techniques seem to apply only on MySQL. Moreover, I think this is really straight forward and you should try to explain a little more what you do, and give some screenshot of what you obtain.
    For instance, the article about the linkedIn vulnerability was more comprehensible.

    Anyway, I think you should keep writing articles because you seem to have a talent in PenTest.

    Good luck for your studies.

  4. ไธ้”™็š„ๅšๅฎข๏ผŒๆˆ‘็š„QQๆ˜ฏ297210281๏ผŒ่™ฝ็„ถๆˆ‘ไผš่ฎฒ่‹ฑ่ฏญไธ่ฟ‡๏ผŒๅฆ‚ๆžœไฝ ๅฏนๆˆ‘ๆœ‰ๅ…ด่ถฃๅบ”่ฏฅไผšๅŠ ๆˆ‘

  5. Hey bro, send me a mail I miss you lot and want to see you in a new place. Tom

  6. hai osanda ,

    i have been read your ebook about SQLi, very interesting but i have question in one part about SQLi especially at Insert statement. what’s type payload that we can add at insert statement ??
    for example i have web (vulnerable) for security test purpose. the form is only for insert statement for example “contact us”. it have 4 field and i set one field can be injected (no filtering character). now what we can do with this hole ?? if there’s is a page that display data from “contact us” then i can do more about SQli and lookup the result of injection , but the condition is not. there is no display page result for injection. may be you know ? need explain more , thank you ๐Ÿ™‚

  7. i have been read your ebook about SQLi, very interesting but i have question in one part about SQLi especially at Insert statement. what’s type payload that we can add at insert statement ??
    for example i have web (vulnerable) for security test purpose. the form is only for insert statement for example “contact us”. it have 4 field and i set one field can be injected (no filtering character). now what we can do with this hole ?? if there’s is a page that display data from “contact us” then i can do more about SQli and lookup the result of injection , but the condition is not. there is no display page result for injection. may be you know ? need explain more , thank you ๐Ÿ™‚

  8. Hello! I read your all posts and I was surprised because of your knowledge and your writing skils(Your posts are easy to understand. You are a good teacher to me! ๐Ÿ™‚ ).
    I’ve been learned about XSS.
    I have a question about XSS. Would you like to response about my question?
    Could we bypass XSS filter even if we can’t use (it will remove in website), and encoding such as %lt or some unicode? (I got various fuzz date for XSS but I can’t find about this!)
    It is impossible to bypass ? ๐Ÿ™
    Thank you for reading my comment. I will wait your re-comment!
    (I want to send e-mail to you but I couldn’t find it. So I left a reply here. Sorry! Probably this is not good with this category…)

    • Hello Sunari,

      Thanks for the feedback ๐Ÿ™‚ Nothing is impossible ๐Ÿ˜‰ yes you can depending on how the filter is coded by the developer ๐Ÿ™‚

  9. Hello Osanda

    Can you send me your email , if you dont mind . I have an issue to discuss with you please

    BR

    Anuradha

  10. Hi brother, I’m a C#, WPF, WCF developer and hope to enter the ethical hacking field. Let me know first of all where should I get my start. I have not an idea to follow some degree or course. I want to learn this alone. Please give me support!

  11. godak asai aiye hacking iganaganna
    โ€โ€โ€;;;;;;โ€ฆpatan ganna thanak kiyala denavada//

  12. Hello,

    Thank you for your blog, amazing resources for those who are starting in the cybersecurity path.
    Could you advise me, please?

    I am deciding three courses to do exam of certifications in three cybersecurity courses in elearnSecurity PTP v5 and OSCP.

    1.The other course would be between these other courses:
    masptv2 ihrpv1 mapv1 rep dfp

    2. how match OSCE to a course in elearnsecurity? probably PTX? If it is similar to any course like PTX, If I would have to choose my investment in one, which one would you recommend me?

    Thank you

Leave a Reply to Tom Raw Cancel reply