rafay@hirafay: ~ — zsh — 80x24 _
rafay@hirafay:~$ whoami
 ____      _    _____ _   __   __
|  _ \    / \  |  ___/ \  \ \ / /
| |_) |  / _ \ | |_ / _ \  \ V / 
|  _ <  / ___ \|  _/ ___ \  | |  
|_| \_\/_/   \_\_|/_/   \_\ |_|  
>
> building offensive tooling. breaking roms. hunting bounties. living in the terminal.
STATUS: ● ONLINE LOC: /dev/multan SHELL: zsh UPTIME: 00:00:00
./projects ./experience ./shell ./contact ./github
rafay@hirafay:~$ ls -la ./projects/
// FEATURED_PROJECTS

cipher [v2.6.0]

drwxr-xr-x electron/next.js/supabase ~ deployed@vercel

recon cockpit + live fleet-control dashboard. remote kill/lock, WSL toggle (powershell ⇄ kali), categorized recon launcher, real-time device telemetry. supabase backend w/ RLS policies + secure claim_device() function. v2.6.0 running live.

electronnext.jssupabasereal-timec2-style

hackerone recon

-rwx------ osint/recon/bugbounty ~ active

enterprise target recon w/ subfinder + httpx + burp suite. wordpress security audits, subdomain enumeration, API testing. responsible disclosure workflow. slider revolution CVE + DoS vector identification.

reconosintburpbugbounty

android modding

drwxr-xr-x kernelsu/rom/root ~ s20-ultra

custom rom dev on galaxy s20 ultra. kernelsu + LSPosed + zygisk. dual-boot: iOS-themed daily driver (slot A) + AOSP pentest rig (slot B). build.prop spoofing, EFS backup, secure boot workflows.

kernelsurom-devlsposedroot
rafay@hirafay:~$ cat ./experience.log
// EXPERIENCE_&_SKILLS

cipher — lead dev

electron / next.js / supabase / real-time c2

architected + shipped through v2.6.0. live fleet control, remote device mgmt (kill/lock), WSL toggle integration, recon launcher w/ 50+ categorized commands. supabase backend w/ RLS, secure device claiming, live telemetry. vercel deploy w/ github CI/CD.

bug bounty hunting

hackerone / osint / vuln research

active recon + vuln assessment. subfinder, httpx, burp suite, manual testing. wordpress audit identifying slider revolution CVE, woocommerce misconfigs, DoS vectors. API enumeration + subdomain mapping + responsible disclosure.

android & kernel dev

custom roms / kernel modding / device control

rom building + kernel modification. kernelsu on s20 ultra w/ dual-boot config. LSPosed modules, zygisk, build.prop spoofing, secure boot bypass. guided hyperOS downgrade on redmi 13c.

linux ricing & sysconfig

cachyos / hyprland / kali pentest setup

hyprland WM on cachyos (everforest dark, waybar, kitty, hyprlock). published dotfiles @ github/Hirafay/Rafay-Hyprland-Arch. built nullos (arch-based distro). portable kali/blackarch USB for fieldwork.

rafay@hirafay:~$ ./shell --interactive
// LIVE_SHELL

> you got a shell. type a command. try help.

rafay@hirafay: interactivetty1
type 'help' to see available commands. this shell is real — poke around.
rafay@hirafay:~$
hint: try help, ls, cat cipher, whoami, sudo, clear
rafay@hirafay:~$ ./contact.sh --connect
// ESTABLISH_CONNECTION

> open to security projects, research collabs, and consulting.

# EMAIL
rafay@hirafay.com
# GITHUB
github.com/Hirafay
# HACKERONE
hackerone profile
# YOUTUBE
@Nyoblox
rafay@hirafay:~$
● built by rafay // no frameworks // pure html/css/js // hosted @ hirafay.com