> Hello, I am

Sheeraz Ali

Chief Technology Officer @ PwnedLabs

AI & Offensive Security Researcher | Lead Pentester @ Cobalt | OSCP, CRTP, CREST Certified

7+ years in offensive security, specializing in AI/LLM pentesting — breaking chatbots, copilots, and agentic systems. Delivered 245 pentests across AI, cloud, web, mobile, API, internal, external, and thick client. Found 1,592 vulnerabilities. Authored 300+ machines & labs on HackTheBox. Discovered 28+ CVEs. Previously at SolarWinds and Hack The Box.

Sheeraz Ali
Location Bhopal, India
Focus AI & Offensive Security
Experience 7+ Years
245 Pentests Delivered
1,592 Vulnerabilities Found
28+ CVEs Discovered
300+ HTB Machines & Labs Built

./ career

PwnedLabs 2025 - Present

Chief Technology Officer

  • Architected and built the entire platform end-to-end, serving 40,000+ users
  • Building hands-on AWS, Azure, GCP, AI/LLM and Kubernetes attack labs, plus PwnCloud OS
  • Leading a cross-functional team of 6 developers and 2 security engineers; own security, infra, and budget
Cobalt 2022 - Present

Lead Pentester

  • 245 engagements: AI/LLM, Web, Mobile, API, Cloud, Internal, External, Thick Client
  • 1,592 vulnerabilities identified across Fortune 500 clients
  • Mentoring junior pentesters and reviewing assessment quality
  • Top performer with consistent 5-star client ratings
SolarWinds 2024 - 2025

Senior Security Engineer

  • Delivered 120+ internal pentests across the product portfolio
  • Built the pentest program from the ground up; set up and led the security team, mentoring 3 junior engineers
  • Cut mean vulnerability resolution time from ~3 months to 40 days
  • Threat modeling and secure architecture reviews under Secure-by-Design
Hack The Box 2020 - 2023

Content Engineer II

  • Authored 300+ vulnerable machines, challenges, and Pro Labs
  • Designed real-world attack scenarios: AD, Web, Cloud, Binary Exploitation
  • Created content used by 2M+ security professionals globally
  • Promoted from Content Engineer I to II within first year

./ certifications

OSCP Offensive Security Certified Professional
CRTP Certified Red Team Professional
CRTE Certified Red Team Expert
CRT CREST Registered Penetration Tester
CBBH Certified Bug Bounty Hunter
CPSA CREST Practitioner Security Analyst
CKA Certified Kubernetes Administrator

./ expertise

AI & LLM Pentesting

Prompt injection, jailbreaks, agentic tool abuse, RAG attacks, OWASP LLM Top 10

Red Teaming

Active Directory attacks, lateral movement, Kerberoasting, persistence

Web & API Security

OWASP Top 10, SQL injection, XSS, SSRF, authentication bypass

Cloud Security

AWS, Azure, GCP assessments, IAM misconfigurations, cloud pentesting

Mobile Security

Android & iOS pentesting, reverse engineering, API security, OWASP MASVS

Vulnerability Research

CVE discovery, exploit development, code review with Semgrep/CodeQL

Network Pentesting

Internal & external assessments, network segmentation, firewall bypass

Thick Client

Desktop app security, reverse engineering, memory analysis, DLL hijacking

Container Security

Kubernetes, Docker security, container escapes, cluster hardening

Source Code Review

SAST with Semgrep, CodeQL, manual code auditing, secure coding practices

Binary Exploitation

Buffer overflows, ROP chains, heap exploitation, shellcode development

DevSecOps

CI/CD security, pipeline hardening, secrets management, DAST integration

Wireless Security

WiFi pentesting, WPA2/WPA3 attacks, rogue AP, Bluetooth security

Social Engineering

Phishing campaigns, pretexting, vishing, security awareness training

Malware Analysis

Static & dynamic analysis, reverse engineering, threat intelligence

OSINT

Open source intelligence, reconnaissance, attack surface mapping

Digital Forensics

Incident response, memory forensics, disk analysis, evidence collection

./ recommendations

Real testimonials from LinkedIn

./ services

FREE

Career Mentorship

Discuss your security career path, certifications, or job search.

Book Call
PENTEST

Penetration Testing

Web, API, network, cloud, and mobile security assessments.

Get Quote

./ writeups

./ contact

contact.sh

$ cat contact_info.txt

email: hi@sheerazali.com
twitter: @BeingSheerazAli
github: pwnmeow
linkedin: beingsheerazali

$ _

Open to Security Engineer, Pentester, and Red Team roles. Available for freelance pentesting.