Penetration Testing
Web, API, and network penetration testing with clear remediation guidance and practical findings.
- Web Apps
- API
- Network
Focused on offensive security — web, network, and cloud penetration testing, reverse engineering, and vulnerability research. I also mod games in my spare time, which usually means poking at the same binaries and memory structures from a different angle. I help find the weaknesses in systems before someone else does.
I'm Md. Nahidul Islam, also known as fumioryoto. I work in cybersecurity, focused mainly on web application security, penetration testing, and reverse engineering. Most of what I do involves taking applications apart to understand how they actually work, then looking for the places where that logic breaks down. That includes VAPT across web, network, and cloud environments (AWS, Azure), reverse engineering with Ghidra, x64dbg, and Cheat Engine, and OSINT investigations when a project calls for it. I also write my own scripts and tools when the ones available don't do what I need. Outside of client work, I mod games — mostly using the same reverse engineering skills, just pointed at a different kind of target. Digging through a game's memory or binary to figure out how it ticks scratches the same itch as security research, just with less paperwork. I have a development background, which shapes how I look at security problems. I'm less interested in just proving a vulnerability exists and more interested in understanding why it exists — what got missed during design or implementation that made it possible. That's usually reflected in how I write things up too: less checklist, more explanation. I keep experimenting with new frameworks, tools, and attack surfaces, mostly because that's how you stay relevant in this field, but also because it's genuinely what I enjoy doing.
Web, API, and network penetration testing with clear remediation guidance and practical findings.
Complete malware cleanup, hardening, and recovery steps to help prevent reinfection.
Fast restoration, forensic review, and safe relaunch support for compromised websites.
Comprehensive audits, vulnerability validation, and prioritized remediation planning.
Theme and plugin hardening, login protection, and maintenance for WordPress sites.
Discreet digital investigation and evidence review for internal incidents, fraud checks, and corporate risk analysis.
Add your projects and work. Saved entries appear in the Projects section automatically.
Your saved projects appear here and in the Projects section above.
Add your professional experience and achievements. Entries appear in the Experience section automatically.
Saved experience entries appear here and in the Experience section above.