Skip to content

Md Sadikul
Islam

Md Sadikul Islam

Red Team Researcher

A results-driven Red Team Researcher with 6+ years of experience in penetration testing across web, mobile, APIs, Active Directory, and AI/LLM systems. Skilled in APT simulations, EDR and antivirus evasion, and custom offensive tool development. Recognized by 100+ organizations including Microsoft, Apple, NASA, and the U.S. Department of Defense, with 5 published CVEs.

ping@sadikulislam.com View Work
0
CVEs Assigned
0+
Findings
0+
Hall of Fame
01 — About

Who I Am

I am a results-driven Red Team Researcher with 6+ years of experience specializing in deep penetration testing and offensive security assessments. My expertise spans across web applications, mobile platforms, APIs, Active Directory environments, and the cutting-edge attack vectors of AI/LLM systems.

I specialize in executing realistic APT simulations, bypassing advanced EDR and antivirus systems, and developing custom offensive tools to systematically challenge defense postures. My security research has been recognized by over 100 industry-leading organizations—including Microsoft, Apple, NASA, and the U.S. Department of Defense—and has resulted in 5 published CVEs.

In addition to active operational assessments, I am highly committed to the global cybersecurity community. I serve on advisory boards, organize industry events, speak at tech conferences, and author custom CTF challenges to help train the next generation of cybersecurity talent.

// email ping [at] sadikulislam.com
// base Dhaka, Bangladesh
// status ● Available
// focus Red Team · AI Security
02 — Experience

Where I've Worked

Dec 2024 – May 2026
Beetles Cyber Security Ltd.

Red Team Researcher

  • Lead offensive simulations across network, web, API, mobile, Active Directory, and LLM/AI surfaces
  • On-premises red teaming assessments in bigger customer networks
  • Collaborating on the development of an internal AI/LLM platform to enhance and strengthen red team operations
  • Document and report findings and provide recommendations for mitigating vulnerabilities
  • Collaborate with R&D and sales teams to ensure all security requirements are fulfilled
Jun 2022 – Dec 2023
PentesterSpace

Penetration Tester

  • Executed network, API, and web application assessments uncovering critical vulnerabilities
  • Delivered detailed exploit narratives and mitigation plans to engineering teams
  • Provided subject matter expertise during live incident response and remediation cycles
Arsenal
Skills & Tools

Tools of the Trade

Burp Suite ProOWASP ZAPCobalt StrikeAcunetixNucleiAmassAssetfinderdirsearchWPScanHashcatSQLmapMetasploitMassDNSGauPostmanMobSFDrozerreFlutterFridaJadxNmapShodantcpdumpOpenVASNessusn8nPyTorchTensorFlowDockergitleaksCloudMappers3-inspectorTrivyPythonBashPowerShellHIPAANIST SP 800-53GDPR
00 — I Hacked

Hall of Fame

Responsible disclosures acknowledged by the world's leading organizations.

Microsoft
Apple
Amazon
U.S. DoD
NASA
Ubisoft
Canva
Walmart
CERN
Adobe
T-Mobile
Cambridge
Belastingdienst
Loom
SEEK
Ricoh
03 — CVEs

Vulnerability Disclosures

CVE-2024-46226
HelpDeskZ
Stored cross-site scripting (XSS) vulnerability in HelpDeskZ allowing persistent script injection via ticket fields.
CVE-2020-24061
Kasda Networks Inc.
XSS vulnerability on Firewall menu in Control Panel on KASDA KW5515 router firmware.
CVE-2025-25191
Intermesh
Stored XSS vulnerability via user's name field on Group Office groupware platform.
CVE-2025-27412
Yakamara Media GmbH
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in the Redaxo CMS.
CVE-2025-27411
Yakamara Media GmbH
Arbitrary File Upload vulnerability in Redaxo CMS enabling remote code execution via crafted uploads.
04 — Talks

Public Talks

Inside the Mind of a Hacker: A Guided Tour of Penetration Testing
IIUC Cyber Security Club 2025
Pentest 101: A Practical Guide to Penetration Testing
RedSentry Hacked101, UITS 2025
Hunting APT32: Inside the Cyber Shadows of Elite Hackers
Phoenix Summit 2025
Breaking Barriers: The Invisible Threat to Web Applications
BugHunt 2024
The Ultimate Blueprint for Account Takeover
RUET CyberFest 2024
05 — Certifications

Credentials

eWPTX
Web Application Penetration Tester eXtreme
MITRE
Foundations of Operationalizing MITRE ATT&CK
CAP
Certified AppSec Practitioner
07 — Education

Academic Background

BSc in Computer Science & Engineering
Uttara University
2022 – Present
  • Strong foundation in computer science theory and engineering principles
  • Practical skills in programming, software development, and system design
  • Advanced studies in computer security and machine learning practices
Relevant Coursework
Computer Security Software Engineering Machine Learning Database Systems Algorithm Design Communication Skills
06 — Community

Community & Services

Lifetime Member
Error Squad — Cyber Security Researchers
2018 – present
Advisory Board
Cyber Security Club, Uttara University
2024 – 2025
Strike Force Member
Yogosha
2023 – 2025
Organizer
Phoenix Summit
2024
Volunteer — CTF Author
FlagHunt
2023
Volunteer — CTF Author
RUET Cyber Fest
2024
Volunteer — CTF Author
RedSentry
2025
Volunteer — CTF Author
Cyber Invasion
2025
Host — Panel Discussion
Uttara University CyberCon25
2025
Volunteer — Anti Cheat
HackerOne BugHunt
2026