Hafiz Shamnad

Kerala, India Joined on Jan 28, 2026 https://hafiz-shamnad.vercel.app/

Cover image for Day 21 — The Heist in Milliseconds — Cracking NovaPay with a Race Condition TOCTOU Attack

Hafiz Shamnad

Mar 9

Day 21 — The Heist in Milliseconds — Cracking NovaPay with a Race Condition TOCTOU Attack

#cybersecurity #webdev #programming #python

7 min read

Want to connect with Hafiz Shamnad?

Create an account to connect with Hafiz Shamnad. You can also sign in below to proceed if you already have an account.

Create Account

Already have an account? Sign in

Cover image for Day 20 — A Deep Dive into Open Redirect Vulnerabilities in Flask – From Exploitation to Ironclad Fixes

Hafiz Shamnad

Mar 8

Day 20 — A Deep Dive into Open Redirect Vulnerabilities in Flask – From Exploitation to Ironclad Fixes

#cybersecurity #python #webdev #programming

6 min read

Cover image for Day 19 — How I Built a File Integrity Monitor in Python to Detect File Tampering

Hafiz Shamnad

Mar 7

Day 19 — How I Built a File Integrity Monitor in Python to Detect File Tampering

#python #linux #cybersecurity #devops

10 min read

Cover image for Day 18 — Building a Linux Vulnerability Analyzer

Hafiz Shamnad

Mar 6

Day 18 — Building a Linux Vulnerability Analyzer

#linux #programming #python #cybersecurity

6 min read

Cover image for Every Hacker Should Build This Active Directory Lab

Hafiz Shamnad

Mar 5

Every Hacker Should Build This Active Directory Lab

#showdev #linux #cybersecurity #beginners

8 min read

Cover image for Day 17 — I Built a Vulnerable API to Demonstrate a Mass Assignment Attack

Hafiz Shamnad

Mar 4

Day 17 — I Built a Vulnerable API to Demonstrate a Mass Assignment Attack

#api #python #cybersecurity #linux

3 min read

Cover image for Day 16 — I Bypassed My Own Flask Login (And Fixed It Properly)

Hafiz Shamnad

Mar 3

Day 16 — I Bypassed My Own Flask Login (And Fixed It Properly)

#python #programming #cybersecurity #webdev

5 min read

Cover image for Day 15 — I Built PassAudit : A Real-Time Password Security Analyzer (and it revealed how predictable we are)

Hafiz Shamnad

Mar 2

Day 15 — I Built PassAudit : A Real-Time Password Security Analyzer (and it revealed how predictable we are)

#programming #python #cybersecurity #security

6 min read

Cover image for Day 14 — I Built ProcWatch : A Linux Process Security Scanner for Forensics & Incident Response

Hafiz Shamnad

Mar 1

Day 14 — I Built ProcWatch : A Linux Process Security Scanner for Forensics & Incident Response

#linux #cybersecurity #python #programming

4 min read

Cover image for Day 13 — I Stopped Trusting File Names and Started Inspecting Files (SafeOpen v2)

Hafiz Shamnad

Feb 27

Day 13 — I Stopped Trusting File Names and Started Inspecting Files (SafeOpen v2)

#python #linux #cybersecurity #security

4 min read

Cover image for Day 12 — I Built a File Safety Checker in Python (and Accidentally Learned How Malware Tricks Humans)

Hafiz Shamnad

Feb 25

Day 12 — I Built a File Safety Checker in Python (and Accidentally Learned How Malware Tricks Humans)

#python #beginners #linux #cybersecurity

3 min read

Cover image for Day 11 — I Built My Own SIEM-Style Log Analyzer (LogGuardian) in Pure Python

Hafiz Shamnad

Feb 24

Day 11 — I Built My Own SIEM-Style Log Analyzer (LogGuardian) in Pure Python

#learning #linux #python #cybersecurity

3 min read

Hafiz Shamnad

Feb 23

When Points Matter More Than Learning

#socialmedia #college

3 min read

Hafiz Shamnad

Feb 23

Day 10 — Building a Legitimate Pentesting Tool – The HTTP Security Header Scanner

#cybersecurity #python #programming #tooling

3 min read

Hafiz Shamnad

Feb 22

Day 9 — Secret-Scout : Building a Secrets Detection Tool for Secure Codebases

#cybersecurity #tooling #python #cli

5 min read

Cover image for Day 8 — Insecure Direct Object Reference (IDOR) Vulnerability in Web Applications: A Practical Demonstration with Flask

Hafiz Shamnad

Feb 21

Day 8 — Insecure Direct Object Reference (IDOR) Vulnerability in Web Applications: A Practical Demonstration with Flask

#webdev #cybersecurity #devchallenge #vulnerabilities

6 min read

Cover image for Day 7 — Cross-Site Request Forgery (CSRF) in Flask: Account Takeover via Session Riding & Proper Mitigation

Hafiz Shamnad

Feb 20

Day 7 — Cross-Site Request Forgery (CSRF) in Flask: Account Takeover via Session Riding & Proper Mitigation

#cybersecurity #webdev #python #vulnerabilities

6 min read

Hafiz Shamnad

Feb 19

Day 6 — I Built a Profile Picture Upload… and turned My Website into a Malware Host

#cybersecurity #webdev #vulnerabilities #website

3 min read

Hafiz Shamnad

Feb 18

Day 5 — Intentionally Building and Breaking an SSTI Vulnerability (Flask + Jinja2)

#webdev #cybersecurity #python #learning

4 min read

Cover image for Day 4 — I Built a Program That Caught a Reverse Shell

Hafiz Shamnad

Feb 17

Day 4 — I Built a Program That Caught a Reverse Shell

#challenge #cybersecurity #python #programming

3 min read

Cover image for Day 3 — Building a Computer That Keeps Evidence

Hafiz Shamnad

Feb 16

Day 3 — Building a Computer That Keeps Evidence

#cybersecurity #python #productivity #devchallenge

4 min read

Cover image for Day 2 - Teaching Nmap to Think Like a Pentester (Python + Regex)

Hafiz Shamnad

Feb 15

Day 2 - Teaching Nmap to Think Like a Pentester (Python + Regex)

#cybersecurity #python #programming #regex

2 min read

Cover image for Day 1 — Back to Scratch: Relearning Python Without Autopilot

Hafiz Shamnad

Feb 14

Day 1 — Back to Scratch: Relearning Python Without Autopilot

#python #cybersecurity #networking #vim

2 min read

Hafiz Shamnad

Jan 28

Two Critical n8n Vulnerabilities: Sandbox Escapes Leading to Full Remote Code Execution

#cybersecurity #devplusplus #devops

4 min read

Forem

Hafiz Shamnad

Badges

Writing Debut

Day 21 — The Heist in Milliseconds — Cracking NovaPay with a Race Condition TOCTOU Attack

Want to connect with Hafiz Shamnad?

Day 20 — A Deep Dive into Open Redirect Vulnerabilities in Flask – From Exploitation to Ironclad Fixes

Day 19 — How I Built a File Integrity Monitor in Python to Detect File Tampering

Day 18 — Building a Linux Vulnerability Analyzer

Every Hacker Should Build This Active Directory Lab

Day 17 — I Built a Vulnerable API to Demonstrate a Mass Assignment Attack

Day 16 — I Bypassed My Own Flask Login (And Fixed It Properly)

Day 15 — I Built PassAudit : A Real-Time Password Security Analyzer (and it revealed how predictable we are)

Day 14 — I Built ProcWatch : A Linux Process Security Scanner for Forensics & Incident Response

Day 13 — I Stopped Trusting File Names and Started Inspecting Files (SafeOpen v2)

Day 12 — I Built a File Safety Checker in Python (and Accidentally Learned How Malware Tricks Humans)

Day 11 — I Built My Own SIEM-Style Log Analyzer (LogGuardian) in Pure Python

When Points Matter More Than Learning

Day 10 — Building a Legitimate Pentesting Tool – The HTTP Security Header Scanner

Day 9 — Secret-Scout : Building a Secrets Detection Tool for Secure Codebases

Day 8 — Insecure Direct Object Reference (IDOR) Vulnerability in Web Applications: A Practical Demonstration with Flask

Day 7 — Cross-Site Request Forgery (CSRF) in Flask: Account Takeover via Session Riding & Proper Mitigation

Day 6 — I Built a Profile Picture Upload… and turned My Website into a Malware Host

Day 5 — Intentionally Building and Breaking an SSTI Vulnerability (Flask + Jinja2)

Day 4 — I Built a Program That Caught a Reverse Shell

Day 3 — Building a Computer That Keeps Evidence

Day 2 - Teaching Nmap to Think Like a Pentester (Python + Regex)

Day 1 — Back to Scratch: Relearning Python Without Autopilot

Two Critical n8n Vulnerabilities: Sandbox Escapes Leading to Full Remote Code Execution