SEC_RESEARCHER // BUG_HUNTER

PASINDU

β–ˆ

Software Engineering student & aspiring cybersecurity researcher. Building skills in web app pentesting, network security, and bug bounty hunting. Active on PortSwigger Academy, HackTheBox & TryHackMe.

View Projects GitHub β†—
Available for Bug Bounty
Sri Lanka
2nd Year CS Student
01 //

Arsenal

πŸ”
Web Application Security
SQL Injection
72%
XSS
68%
IDOR / Auth Bypass
55%
Burp Suite
65%
🌐
Network & Infrastructure
Nmap / Recon
75%
Metasploit
50%
Wireshark / MITM
60%
WiFi Security
58%
βš™οΈ
Tools & Platforms
Kali Linux Burp Suite Metasploit Aircrack-ng Nmap Gobuster Nikto Hydra SQLmap OSINT Tools Active Directory Splunk / SIEM
πŸ’»
Programming
Java Python Bash / Shell HTML / CSS / JS SQL PHP
02 //

Projects & Labs

bash β€” pasindu@kali
β”Œβ”€β”€(pasinduγ‰Ώkali)-[~/projects]
└─$ ls -la --color=auto
drwxr-xr-x cybersec-notes/
drwxr-xr-x bug-bounty-recon/
drwxr-xr-x ctf-writeups/
-rwxr-xr-x portswigger-labs.md
-rw-r--r-- htb-machines.md
└─$ cat status.txt
# Currently: Active learning mode β€” bug bounty prep in progress
[ βœ“ ] 15 weeks of structured cybersec notes pushed to GitHub
[ βœ“ ] PortSwigger Web Security Academy β€” in progress
[ ~ ] First bug bounty submission β€” coming soon
PRJ-001 // GITHUB
Cybersecurity Learning Notes
15+ weeks of structured self-study notes covering Linux, Networking, Metasploit, Burp Suite, OSINT, Active Directory, MITM attacks, SIEM tools, and bug bounty methodology. Published on GitHub as an open knowledge base.
Linux Networking Metasploit OSINT Active Directory
● ACTIVE
PRJ-002 // PORTSWIGGER
Web Security Academy Labs
Completing PortSwigger Web Security Academy labs focusing on OWASP Top 10 vulnerabilities β€” SQL injection, XSS, CSRF, SSRF, XXE, IDOR, and authentication bypass. Documenting solutions and methodology for each lab.
SQLi XSS CSRF SSRF Burp Suite
● ACTIVE
PRJ-003 // HACKTHEBOX
HackTheBox Machine Writeups
Pwning beginner to intermediate HackTheBox machines. Each writeup covers full kill chain: reconnaissance β†’ exploitation β†’ privilege escalation β†’ root. Practicing real-world pentesting methodology in a legal environment.
Nmap Gobuster Privilege Escalation Post-Exploitation
β—Ž LEARNING
PRJ-004 // BUG BOUNTY
Bug Bounty Preparation
Building a custom recon automation toolkit. Setting up scope analysis, subdomain enumeration, and vulnerability scanning pipelines. Preparing for first submissions on HackerOne and Bugcrowd.
Recon Subdomain Enum HackerOne Bugcrowd
β—Ž IN PREP
03 //

Learning Journey

2023 β€” WEEK 01-04
Foundations: Linux & Networking
Started structured cybersecurity self-study. Linux command mastery, TCP/IP stack, OSI model, subnetting. Set up Kali Linux in VMware.
2023 β€” WEEK 05-08
Offensive Tools: Nmap, Metasploit
Learned network scanning, enumeration, and exploitation basics with Metasploit. Practiced on TryHackMe rooms legally.
2024 β€” WEEK 09-12
Web App Security: Burp Suite & OWASP
Deep dive into Burp Suite, intercepting traffic, OWASP Top 10 vulnerabilities. Started PortSwigger Academy labs. Learned OSINT methodology.
2024 β€” WEEK 13-15
Advanced: AD, SIEM & Bug Bounty Roadmap
Active Directory attacks, SIEM tools (Splunk), MITM techniques. Built personal bug bounty methodology. Started HackTheBox machines.
2025 β€” NOW
Bug Bounty Prep & University SE Studies
Dual-tracking: completing university Software Engineering degree while actively preparing for first bug bounty submissions. Building recon automation tools.
04 //

Contact

⌨
GitHub
github.com/pasindu
β—ˆ
LinkedIn
linkedin.com/in/pasindu
βœ‰
Email
pasindu@email.com
⬑
TryHackMe
tryhackme.com/p/pasindu