Hi, I'm
Ehtesham Ul Haq
Penetration Tester and Bug Bounty Hunter with a passion for identifying vulnerabilities and enhancing system security. Dedicated to safeguarding businesses by conducting real-world testing and in-depth research to stay ahead of evolving cyber threats.
About
From a bug bounty hunter to a full-time security researcher, my journey has been driven by determination, curiosity, and an unwavering commitment to learning. Along the way, I’ve had the privilege of collaborating with exceptional clients and skilled researchers, which inspired me to establish The Hidden Finds—a trusted name in delivering state-of-the-art web security solutions. Join me in uncovering hidden vulnerabilities and building a more secure digital world.
Skills
Work Experience
CEO & Founder
CEO & Founder
The Hidden Finds
.
Full-Time
Sep 2020 to Present
.
4 yrs 5 mos
Karachi Division, Pakistan
Sep 2020 – Present
Security Researcher - Bugcrowd
Security Researcher
Bugcrowd
Freelance
Nov 2018 - Present · 6 yrs 3 mos
Nov 2018 – Present
Security Researcher - HackerOne
Security Researcher
HackerOne
Freelance
Oct 2018 - Present · 6 yrs 4 mos
Oct 2018 – Present
Education
Bahria University
Bahria University
Bachelor's degree, Computer Science
Certifications and Trainings
Lorem ipsum Tester
This is the heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit sed do. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do Lorem ipsum dolor sit amet, consectetur adipiscing elit.
2019 – Present
Lorem ipsum Tester
This is the heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit sed do. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do Lorem ipsum dolor sit amet, consectetur adipiscing elit.
2019 – Present
Lorem ipsum Tester
This is the heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit sed do. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do Lorem ipsum dolor sit amet, consectetur adipiscing elit.
2019 – Present
Bugcrowd Statistics
Ehtesham Ul Haq
HackerOne Statistics
Ehtesham (ehtesham98)
Discover My Blogs
I’ve dedicated countless hours to Bug Bounty Hunting and Penetration Testing, uncovering high-impact vulnerabilities that enhance security. Below are some of my most significant discoveries. For more in-depth insights, check out my latest blogs.
Low Hanging Bugs often pays well
Bugs with Minimal Impact These are vulnerabilities that generally lack significant impact, such as missing security headers, open redirects, or content spoofing. Personally, I don’t focus on these types of issues and wouldn’t recommend prioritizing them in your bug-hunting journey.
Missing Rate Limit on Several Endpoints $1300
In this blog post, I’ll share the journey of uncovering a rate-limit vulnerability on multiple endpoints that ultimately enabled an account takeover. Let’s dive into the details!
UUIDs: A False Sense Of Security
Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.
CLICKJACKING TO OBTAIN LOGIN CREDENTIALS
Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share with them some insights regarding my bounties, so I thought what better way to do it…than doing a write-up.
Add Your Heading Text Here
Some Companies I’ve reported vulnerabilities to and received acknowledgments from
Badges:
Get in Touch
Want to chat? Just send me a message with a direct question on LinkedIn and I’ll respond.
OR
Email me at: info@thehiddenfinds.click