HackerOne · nmsr
bash — nmsr@root: ~
nmsr@root:~$ whoami

Samidu Nimsara // nmsr

nmsr@root:~$ cat /etc/identity

Role: Application Security Researcher & Bug Bounty Hunter

Origin: Sri Lanka

Handle: hackerone.com/nmsr

Focus: Application Security · Offensive Security · Threat Intelligence · Pentesting

nmsr@root:~$
nmsr@root:~$ cat about/README.md
Samidu Nimsara
Hunting bugs actively

Samidu Nimsara

// @nmsr on HackerOne  ·  @samidunimsara on GitHub

Security Researcher from Sri Lanka.

[+]
Application Security

Web application penetration testing, OWASP Top 10, API security flaws

[+]
Offensive Security

Vulnerability assessment, exploit development, defensive remediation

[+]
Security Research & Bug Bounty

Bug Bounty Hunter, vulnerability disclosure , exploit analysis

[+]
Threat Intelligence

OSINT (Open Source Intelligence), attack surface mapping, digital footprints . recon

# Timeline

2024
Application Security Researcher — HackerOne
nmsr@root:~$ cat blog/posts.json | jq .
broken-access Jan 28, 2024

Exploiting Unprotected Functionality to Access User Profiles

How searching for legacy applications and leveraging URL history archives led to unauthorized access and modification of sensitive user profiles, earning a $500 bounty.

nmsr@root:~$ ./read.sh --post=1
auth-bypass Feb 2024

Bypassing authentication on a private HackerOne target

Analyzing JWT verification flaws and signature validation vulnerabilities to elevate privileges from guest to administrator.

nmsr@root:~$ ./read.sh --post=2
recon Nov 2023

The power of JS analysis in API security assessment

My workflow for harvesting hidden endpoints and API credentials from minified Webpack chunks using custom regex pipelines.

nmsr@root:~$ ./read.sh --post=3
nmsr@root:~$ ./contact.sh -- nmsr@wearehackerone.com