Mohammad Atwi

Security Researcher & Developer

Specializing in cybersecurity, AI, and full-stack development

Mohammad Atwi

About Me

Senior Full Stack Developer and Security Researcher with +9 years of expertise. Co-founder of Bugreader.com — the leading non-profit cybersecurity platform, and Semicolon Academy — Lebanon's premier cybersecurity training institute. Notable security findings in major platforms including Facebook, NASA, U.S. Department of Health (HHS.gov), and The Tor Project.

Experience

Technical Project Lead

Semicolon Academy · Part-time · Remote · Aug 2022 - Present

  • Develop and maintain the academy platform software, ensuring robust and scalable architecture
  • Design, build, and optimize the academy's website, focusing on user experience and performance
  • Design and implement efficient and secure databases, ensuring data integrity and availability
  • Develop advanced portals tailored for managers, instructors, students, and employees
  • Design and execute comprehensive cybersecurity strategies to safeguard platform assets
  • Integrate payment gateways seamlessly into the platform, ensuring secure transactions

Senior Product Software Developer

Layout International · Full-time · Beirut, Lebanon · Remote · Jan 2022 - Jun 2024

Clients: Community Impact (USA), The Japan Times (Japan), SCMP (China), Qatar Airways (Qatar), SRMG Media (KSA), Al-Roeya Media Group (UAE), Daily Sabah (Turkey), Assiyasa Newspaper (Kuwait), Al-Masry Al-Yaum (Egypt)

  • Lead new company software
  • Maintain and enhance software products
  • Debug and resolve software bugs
  • Plan and develop full-stack applications using Laravel, Vue.js, and other technologies
  • Write security scripts and tools to test and secure software
  • Test security reports, replicate issues, and apply fixes based on best security practices

Full Stack Developer

Bugreader · Self-employed · Aug 2019 - Present

  • Developing the platform, designing the UI/UX, structuring the database, creating APIs, and implementing security systems
  • Utilizing JavaScript, jQuery, Bootstrap, and CSS to craft the frontend pages
  • Employing PHP and MySQL for backend development and API creation
  • Creating custom cybersecurity tools to boost the platform's defenses

Full Stack Developer

Eduba · Full-time · Remote · Mar 2019 - Dec 2021

  • Planned and engineered secure RESTful web services for manipulating dynamic datasets
  • Planned the UX and developed the platform's front-end, including user and back office dashboards
  • Developed secure landing pages and online applications
  • Reviewed code, debugged problems, and corrected issues
  • Coordinated with other engineers to evaluate and improve the software

Web Developer

Semicolon · Full-time · Remote · May 2016 - Feb 2019

  • Gathering requirements from clients
  • Establishing development plans
  • Crafting the database structure
  • Creating APIs using PHP
  • Developing security tools and logging systems
  • Performed penetration testing on all products by searching for IDORs, XSS bugs, CSRF bugs, database injections, and other top OWASP vulnerabilities
  • Conducted comprehensive searches for logical and technical bugs utilizing specialized tools

Bug Bounty Hunter

Self-employed · Oct 2014 - Present

  • Tor Project Hall of Fame (2024) - Vulnerability allowing attackers to leak visited websites after closing Tor Browser
  • NASA's Hall of Fame (2023) - Vulnerability allowing attackers to halt the storage of any data sent by website visitors
  • US Department of Health and Human Services (2020) - SQL Injection and XSS
  • Alfa / Touch | Lebanon (2017) - Rate limit vulnerability bug allowing hackers to steal credits from any phone number
  • Lebanese University (2015) - Web server exploitation and rate limit vulnerabilities on login
  • Open-Source Project (2024) - moh85/qrphisher | Browser based QRLJacking attack tool

Bug Bounty Achievements

Critical Security Findings

Tor Project Hall of Fame (2024)

Discovered a critical vulnerability allowing attackers to leak visited websites after closing Tor Browser, potentially compromising user privacy and anonymity.

NASA's Hall of Fame (2023)

Identified a severe vulnerability that could have allowed attackers to halt the storage of any data sent by website visitors, potentially affecting critical space mission data.

US Department of Health and Human Services (2020)

Found SQL Injection and XSS vulnerabilities that could have compromised sensitive health data and patient information.

Notable Discoveries

Alfa / Touch | Lebanon (2017)

Uncovered a rate limit vulnerability that could have allowed hackers to steal credits from any phone number, potentially affecting millions of users.

Lebanese University (2015)

Discovered web server exploitation and rate limit vulnerabilities on login systems, protecting student and faculty data.

Open Source Contributions

Developed and maintains QRPhisher, a browser-based QRLJacking attack tool for educational purposes, helping security researchers understand and prevent QR code-based attacks.

Online Projects

Bugreader

The Leading Cyber Security Hub

  • Bug bounty reports and write-ups sharing
  • Community of 1,000+ researchers
  • Over $170,000 in bounties tracked
  • Share your research experiences
Visit Platform

Semicolon Academy

The Ultimate Hacking Learning Experience

  • Hands-on cybersecurity training
  • 1,000+ ethical hacking trainees
  • 5,000+ workshop participants
  • Industry-recognized certifications
Visit Academy

QRPhisher

Browser-based QRLJacking Tool

  • Educational QRLJacking demonstration
  • Pure JavaScript implementation
  • Supports multiple QR code formats
  • Open source security research tool
View on GitHub

Contact