Jobyer Ahmed · Founder, Bytium
Penetration Testing, Red Teaming & Security Research
Finding what attackers would find, before they do. I run penetration testing, red team engagements, and vulnerability research for teams that cannot afford to be wrong.
OSCE³
Offensive Security Certified Expert 3 (OSEP + OSWE + OSED)
Verified on credential.net9 industry certifications
Verified on CredlyWhat I do
Hands-on offensive security
A focused set of engagements, scoped jointly and run by me end to end. No shelfware, no boilerplate, no junior hand-off.
Penetration Testing
Hands-on testing of web apps, APIs, networks, and cloud to find and prove the exploitable paths before attackers do.
- Web, API & network
- Manual depth, not just scans
- Retest-ready reporting
Application & API Security
Source-driven review of applications and APIs that catches the logic and access-control flaws scanners miss.
- Secure code review
- Auth & access control
- Threat modeling
Red Team Operations
Goal-oriented adversary emulation that tests people, process, and technology end to end.
- Assumed-breach & full-scope
- MITRE ATT&CK aligned
- Detection validation
CVEs
Credited disclosures
Vulnerabilities found in production software and disclosed responsibly to the affected vendors.
- CVE-2026-7783SQL InjectionPerfex CRM ≤ 3.4.1May 4, 2026
- CVE-2026-7782Authorization Bypass in Clients::projectPerfex CRM ≤ 3.4.1May 4, 2026
- CVE-2025-3219Stored XSS in Project DiscussionPerfex CRM 3.2.1Jan 1, 2025
- CVE-2025-2974Stored XSS in /contract contentPerfex CRM ≤ 3.2.1Jan 1, 2025
- CVE-2024-9031Cross-site scriptingCodeCanyon CRMGo SaaS ≤ 7.2Jan 1, 2024
- CVE-2024-9030Stored Cross-Site ScriptingCodeCanyon CRMGo SaaS 7.2Jan 1, 2024
Posts
Latest notes
Research writeups, engagement learnings, and the occasional opinion.
Engagements
Need an attacker's perspective?
I take a small number of engagements per quarter. If yours is time-sensitive, mention it in the note.