Research
Find and validate vulnerabilities, coordinate disclosure, and document the public record.
Researcher’s ledger
Abdullah Kareem
known as CyberKareem
Security Researcher
and Penetration Tester
I’m Abdullah Kareem—CyberKareem—a penetration tester and offensive security researcher working across web, mobile, infrastructure, and coordinated vulnerability disclosure.
Working method · 02
Find and validate vulnerabilities, coordinate disclosure, and document the public record.
Conduct authorized testing across web, mobile, infrastructure, and Active Directory.
Turn technical impact into clear remediation, practical tools, and useful writing.
Available engagements · 03
Defined-scope, authorized testing with reproducible evidence, prioritized reporting, and a clear remediation path.
Public evidence · 04
Malformed Content-Type values could bypass an upload-extension blocklist and create stored XSS on affected storage adapters.
JsonView authorization rules could be bypassed for JsonUnwrapped properties during deserialization, enabling unauthorized writes.
A privileged workflow_run chain could execute untrusted fork code in a secret-bearing deployment context.
A local-first attack-surface intelligence workbench for engagement triage.
Opens the project on GitHub in a new tabP—02A dependency-free username and email-handle generator for authorized defensive workflows.
Opens the project on GitHub in a new tabAdditional repositories remain outside the featured set until their documentation, safety claims, and example data complete a public-readiness review.
Writing archive · 06
The Medium archive is being recovered and reviewed before it becomes an owned library on cyberkareem.com. Only the audited migrated count will be published; new CVE writeups will join the approved labs, tooling, and security-engineering material.
Enterprise foundation · 07
Before moving into dedicated penetration-testing and security research roles, I spent eight years working across enterprise IT, infrastructure, and security operations at UNAMI.
That foundation shapes the work today: validate impact carefully, communicate it clearly, and make remediation useful to the people responsible for fixing the system.
Read the full backgroundChoose the right path
Commercial enquiries begin with fit and scope. Vulnerability reports begin with a safe private channel. Neither path starts with sensitive detail in public.