HASHIR SAMI KHAN — OFFENSIVE SECURITY × AI

I BREAK WHAT'S INSECURE. & I BUILD WHAT'S INTELLIGENT.

Penetration tester and AI engineer. I find the holes in systems before attackers do, and I build tools to help close them. These days a lot of that work is on AI itself.

VIEW THE WORK GET IN TOUCH
04+
YEARS OFFENSIVE
10+
PUBLISHED WRITEUPS
40+
CERTIFICATIONS
200+
CLIENTS SERVED
01/WHO I AM

I BUILD BOLD
DIGITAL SYSTEMS &
BREAK THEM TOO.

I'm Hashir, a self-taught penetration tester, red teamer, and security researcher who also engineers AI and pentests it. Four-plus years finding the things real attackers would, in systems for banks, fintechs, healthcare, government, and big tech.

I publish what I learn as writeups right here. I build like an attacker and break like an engineer. The work I like best sits right between the two, and that's where I'm putting my time.

PAKISTAN-BASED · AVAILABLE WORLDWIDE · TWO CONTINENTS · 4+ YEARS · 40+ CERTIFICATIONS · 10+ PUBLISHED WRITEUPS

CURRENT FOCUS
  • Bug Bounty & Vuln ResearchOFFENSIVE
  • Mobile App PentestingiOS · ANDROID
  • Red-Team SimulationADVERSARY
  • GenAI App PentestingAI · SECURITY
  • LLM Tooling for SOCAI · ENG
  • Prompt-Injection ResearchAI · RED TEAM
02/THE WORK

FOUR TRACKS
RUNNING IN PARALLEL.

01
BUG BOUNTY
& WRITEUPS
WRITEUPS·WRITEUPS·WRITEUPS·WRITEUPS·WRITEUPS
OFFENSIVE · 10+ PUBLISHED

Bugs from real engagements, written up so other people can use them: Telerik RCE bounties, iOS and Android pentest guides, file-upload exploits, Cloudflare tunnel abuse, SSRF and XSS. All here, in full.

Read the archive
02
GENAI APP
PENTESTING
PROMPT INJECTION·JAILBREAKS·EXFIL·ABUSE·PROMPT INJECTION
AI × SECURITY · OWASP LLM TOP 10

I test GenAI apps the way an attacker would: prompt injection, jailbreaks, data leaks, guardrail bypass, and the odd ways agents get abused. Better to catch it before your users do.

Test my AI app
03
AI TOOLING
FOR SECURITY
AGENTS·RAG·AUTOMATION·SOC·AGENTS
AI ENGINEERING · LLM APPS

LLM tools for security teams: search over threat-intel data, agents that help triage alerts, and scripts that boil long reports down to what actually matters.

Spec a build
04
SECURITY
RESEARCH
POCs·TOOLING·OSINT·RECON·POCs
RESEARCH · OPEN SOURCE

Vulnerability research, proof-of-concepts, and small offensive tools. I put most of it on GitHub for anyone to use.

View GitHub
I break, I build, I report. In this work, trust is the only thing that really counts.
Hashir
Self-Taught · Pakistan · Worldwide
04/RECOGNITION

HALL OF FAME &
ACKNOWLEDGEMENTS.

These organizations have credited me for reporting real security bugs, 18 so far. They include US federal agencies and companies like Toyota and Red Bull, across HackerOne, Bugcrowd, and Intigriti.

Acknowledgement
US Department of Justice
Acknowledged for reporting valid security vulnerabilities.
Acknowledgement
US Department of Energy
Acknowledged for reporting valid security vulnerabilities.
Responsible Disclosure
US Department of Defense
Valid vulnerabilities reported via the DoD program on HackerOne.
Hall of Fame
US City of Los Angeles
Top 20 researchers — City of Los Angeles program (HackerOne).
Responsible Disclosure
Millennium Challenge Corporation
Valid vulnerabilities reported via VDP on Bugcrowd.
Acknowledgement
Toyota
Helped them secure their org by finding and reporting security bugs.
Responsible Disclosure
Red Bull
Valid security bugs — Red Bull VDP on Intigriti.
Acknowledgement
Epic Games
Helped them secure their org by finding and reporting security bugs.
Hall of Fame
American Airlines
Top hackers — American Airlines program (HackerOne).
Responsible Disclosure
DocuSign
Valid security bugs — DocuSign VDP on Bugcrowd.
Hall of Fame
ServiceNow
Top 25 hackers — ServiceNow program (HackerOne).
Hall of Fame
TradingView
Top hackers — TradingView program (HackerOne).
Hall of Fame
Vodafone
Top hackers — Vodafone program (HackerOne).
Hall of Fame
Playtika
Top hackers — Playtika program (HackerOne).
Hall of Fame
ArenaNet
Top 25 hackers — ArenaNet bug bounty (HackerOne).
Hall of Fame
APNIC
Top 20 researchers — APNIC program (HackerOne).
Responsible Disclosure
University of Cambridge
Valid security bugs reported via the university VDP.
Acknowledgement
Texas Tech University
Helped them secure their org by finding and reporting security bugs.

More acknowledgements added as disclosures are published.

05/FAQ

QUESTIONS,
ANSWERED.

What does Hashir Sami Khan do?
Hashir Sami Khan (p4n7h3rx) is a self-taught penetration tester, red teamer, and security researcher who also builds AI and tests how secure it is. He finds bugs in web, mobile, API, and cloud systems before attackers do, and lately spends a lot of that time on AI systems specifically.
What is AI and LLM security testing?
It means testing GenAI apps the way an attacker would: trying prompt injection, jailbreaks, data leaks, and guardrail bypasses, and looking for the odd ways AI agents get misused. It maps to the OWASP LLM Top 10. The point is to catch these problems before the app goes live.
Which industries has Hashir worked with?
For more than four years he has assessed systems for banking, fintech, healthcare, government, and technology organizations across two continents.
What can I hire Hashir for?
Penetration testing, red-team simulation, mobile (iOS and Android) and web application assessments, GenAI/LLM application security testing, and custom AI tooling for security teams.
How can I get in touch?
Email blazefrost18@gmail.com or use the contact form on this page. Replies usually come within a day.
06/CONNECT

LET'S TALK
ABOUT YOUR
TARGET.

Pentest, red-team, a GenAI app you want tested, or an AI build. Tell me what you're working on and I usually reply within a day.