If you've received a signed document from me, click on the key above to download it, then run the following commands:
gpg --import <key_name>.asc
gpg --verify <file_name>.signed --output <file_name>
Hi, I'm Owais. I'm a Security Researcher. I believe in solving complex problems with simple solutions. I love breaking things down and exploring them in-depth, and contributing to open-source stuff.
Connect with me
Donation link
▲⋅▼⋅▲⋅▼⋅▲
May 2024
Secretsnitch is a tool I wrote to help bug bounty hunters grab hundreds of secrets from multivariate sources in a matter of seconds.
This tool can catch millions of secrets across GitHub, GitLab, Bitbucket, Dockerhub etc. It helped me catch tons of AWS Secrets, mongodb production credentials and several others for fintech companies, government departments etc.
April 2024
Started working on Piiscout with Othman Ali Khan, who helped with regional PII definitions for Saudi Arabia, and Abhijeet Ingle, who helped with the regional PII dorks for Maharashtra, India.
November 2023
!سلام عليكم، سعوديه .شكراً للاستقبال
Presented Octopii v2 and BucketLoot with Umair in Riyadh, Saudi Arabia. Met tons of people, learned a myriad of new stuff from them.
I was also interviewed about my journey in cybersecurity and some of my experiences there!, which they were kind enough to publish.
June 2023
Some people I knew started getting a flurry of phishing credit card links in their emails and text messages. This was the inspiration for AntiSquat, an AI-powered phishing domain finder and typosquatting detector that can help organizations catch similar-looking domain names.
AntiSquat gets featured at BlackHat Arsenal USA 2023. Presented that and BucketLoot with Umair.
Unfortunately, I never got a chance to work on the second version of the tool, so I left it alone.
January 2023
Authored “Detection and Classification of Personally Identifiable Information in Images Using Artificial Intelligence,” based on PII research conducted at RedHunt Labs.
October 2022
Got my Bachelor’s degree from KLS Gogte Institute of Technology. Made some amazing friends. What a fun four years.
College taught me the concept of makeshift/workarounds/jerryrigging/hacks, or as Hindi speakers call it - “जुगाड़”. Finding quicker solutions to problems irrespective of the status quo helps you generate alternate and unique perspectives on how things work. For example, folding your clothes and keeping them under your bed while sleeping overnight to “iron” them, reusing an old laptop as a gaming console or home server, hanging up wet curtains to use them as passive air-conditioning, using your backpack as dumb-bells, gluing things together, you name it!
August 2022
Octopii gets featured at BlackHat Arsenal USA 2022.
March 2022
Wrote Octopii, an AI-powered Personally Identifiable Information (PII) scanner powered by Haar Cascades, Tesseract, Optical Character Recognition (OCR) and NLTK.
I came across this problem when I was performing some research at work. Since we collect IP addresses and such, I received one, where Apache directory listing was enabled. It belonged to a small business, and it had pictures of hundreds of Indian government ID (Aadhaar, PAN, drivers’ licenses). I was looking for an open-source tool that helped me automate the detection of these resources and couldn’t, and so I tried making one. The first version was terrible, since I was tackling the problem incorrectly. In order to train a model on images of PII, I need…images of PII! Which is not something that is easy to obtain. So I took the alternate route in v2, which was scanning text already present on PII and approximating metadata about it. This worked and had far less computation and labor involved.
Octopii was mentioned on Intigriti’s Bug Bytes Newsletter and on Daniel Miessler’s Unsupervised Learning podcast, gained a lot of unexpected traction in the GitHub, OSINT and Kali Linux communities and is currently RedHunt Labs’ most active repository. I was also thrilled to learn that I made it to the Hackers of India community thanks to all the love you showed to it.
January 2022
Joined RedHunt Labs as a Security Researcher. Managed deployments and infrastructure for the Research team. Worked with ElasticSearch, Logstash and Kibana. Wrote and debugged several security tools in Golang and Python. Learned a lot from Somdev, Pinaki and Umair.
July 2021
My second ever reverse-engineering/port. This one was a bit more difficult than I expected, so I left it alone. A lot of people starred it and were willing to fund it though. If you’d like to contribute, contact me or fork the project.
Lenovo basically cheaped out on their hardware and tried to use Shenzhen Goodix fingerprint scanners because they’re cheap. However, this OEM hasn’t made anything open source or available online, making Linux compatibility of these scanners an absolute nightmare.
March 2021
Worked on backend, infrastructure, data protection policies and system design with Stephen, Ross and Kuda on project HomieBot.
February 2021
Founding member of keyspace.cloud, along with Rohan and Nimish.
Wrote the official Android app for it.
November 2020
Wrote my first library, GetPerms. Nothing special, was just curious to see how many permissions can an Android app read from other Android apps. To my surprise - a lot! To a point where you can almost “fingerprint” people’s phones.
Fortunately, Google fixed this in Android 11.
February 2020
Wrote a completely standalone two-factor authentication app for Android Wear / Wear OS. Google pulled their Authenticator out of the Wear Play Store and I needed an offline 2FA authenticator because my G Watch W100 doesn’t have WiFi. Released it on GitHub to help others in my situation.
The app is now unexpectedly unique, in that it can read data from USB, perform encrypted Wi-Fi transfers from devices that are several generations old and can import from several password managers, irrespective of platform or manufacturers, meaning that any Android-based device can run the app, without any pairing required.
Gained unexpected popularity and got mentioned on Reddit a bit.
September 2019
Wrote FTPSetup for Android and openTransmit for iOS, two utilities to make data transfers between iOS 11+ devices and Linux distros more seamless.
December 2018
Graduated from Polytechnic school after failing math for 4 semesters.
Turns out math is not as difficult as it seems. Everyone has a style of learning, and mine was through visualization, as opposed to rote memorization of techniques and formulae. I sat down and went back to the basics of arithmetic, what numbers are, and the concepts of statistics and calculus, deriving everything from scratch. I also tried seeing how of these would plot on a graph, and how incorporating this into my daily life made it easier.
This philosophy of skillsets being interoperable and transferable helped me immensely (for example: realizing that summations in statistics are for loops, that Wi-Fi and cellular signals used Fourier Transforms, Material Design animation used interpolation in calculus etc.), and made the universe around me feel beautiful and alive. For the first time, everything made sense.
This nearly 8 year long struggle with math reminds me of Claudia Mueller and Carol Dweck’s locus of control experiment.
November 2017
My initial Polytechnic school final year project I made with Nelson. Got rejected because it wasn’t “CS enough” (whatever that means).
The idea was to link large distances with lasers so that I could have calls with my friends in the neighborhood without worrying about cell phone bills. A prototype of this worked, though it sounded extremely attenuated. I thus got the idea of submitting it as a project, but they rejected it and imposed upon us the idea of some strange app.
February 2014
Performed my own automation setup, with a Raspberry Pi 1A, IFTTT, Tasker and a Belkin Wemo switch.
I later realized how many attack vectors it had and how important educating yourself first is important, especially before exposing your home devices on the internet.
December 2013
My first major project, an attempt at reverse-engineering and porting some very popular features from the first ever Moto X. Became top Moto G repo of the week on XDA Developers.
Archived here (Please don’t roast me, I was a kid trying to look cool)
© Copyright 2023 Owais Shaikh. All rights reserved.