__  __ _____ __  __  ____  _    _ _____ _______
  |  \/  |_   _|  \/  |/ __ \| |  | |_   _|__   __|
  | \  / | | | | \  / | |  | | |__| | | |    | |
  | |\/| | | | | |\/| | |  | |  __  | | |    | |
  | |  | |_| |_| |  | | |__| | |  | |_| |_   | |
  |_|  |_|_____|_|  |_|\____/|_|  |_|_____|  |_|
SESSION_ESTABLISHED // WELCOME, VISITOR

MD MONZURUL ISLAM

|

I build systems that hold up under pressure - Zero Trust architectures, hardened APIs, the odd browser extension at 2AM. Between deployments I read Kafka, Dostoevsky, and Camus, brew pour-over coffee, and occasionally cry at anime finales. This archive is the story of all of it.

↓ scroll to begin, or try the terminal
NODE: DHAKA_BD // 23.81°N 90.41°E
UPTIME: 00:00:00
↑↑↓↓←→←→BA — try it sometime
VOLUME 00ORIGIN STORY
~/about/me.sh
$ whoami
> aspiring cybersecurity researcher & engineer

$ cat interests.txt
> threat detection, browser security tooling,
> authentication systems, API security,
> privacy-preserving systems

$ cat guilty_pleasures.txt
> Kafka, Dostoevsky, Camus, V60 coffee,
> cyberpunk anime, the occasional 3AM CTF

$ echo $MISSION
> "translate complex security challenges into
>  practical, human-readable implementations"
TAP TAP TAP

It starts, as most things do, with a keyboard and too much curiosity. I got into security by looking at systems I used every day and asking why they trusted what they did — analyzing network traffic, questioning default configurations, and seeing how fragile our foundations can be.

"Security isn't a feature you patch on later; it's the foundation you lay from day one."

Finding vulnerabilities is only half the equation; the real craft is building defenses that endure. That obsession drives me to design perimeterless architectures and secure APIs built to stay standing when compromised.

VOLUME 01FIELD LOG

A running log of where I've deployed. Chronological. Mostly true.

MAY 2026 — PRESENT · DHAKA, BANGLADESH

Software Developer — Ledgercross

Blockchain & Cloud Solutions
  • Developed and maintained core software modules for enterprise blockchain solutions.
  • Collaborated on smart contracts and decentralized modules, ensuring secure and efficient transaction processing.
FEB 2026 — MAY 2026 · DHAKA, BANGLADESH

Software Developer Trainee — Ledgercross

Blockchain & Cloud Solutions
  • Analyzed decentralized system architectures to understand data flow and consensus in multi-tenant blockchain environments.
  • Assisted in cloud infrastructure implementation and performed unit testing for blockchain protocols.
JUNE 2026 — PRESENT · DHAKA, BANGLADESH

Cybersecurity Researcher & Research Associate — Arché Intelligence Lab

  • Conduct advanced cybersecurity research on threat analysis, system vulnerabilities, and secure data architectures.
  • Collaborate with cross-functional teams to develop security frameworks and publish findings under the Arché Intelligence initiative.
VOLUME 02INTELLIGENCE LOGS

Classified-adjacent research. Declassified for this archive.

FILE_01 // THESIS Submitted to IEEE S&P

Hardware-Based ZTA Framework with Adaptive MFA

Final Year Thesis

Spearheaded a research team of five to design a device-bound Zero Trust authentication framework using TPM-backed proof-of-possession and OpenID Connect. Implemented contextual access decisions with session risk scoring, adaptive MFA enforcement, and policy-driven authorization.

"The perimeter is dead. Identity, bound to hardware, is the new boundary."
TPMOIDCRISK SCORINGADAPTIVE MFA
FILE_02 // INDEPENDENT FINAL STAGE

Open Banking API Security

Independent Research — Ongoing

Empirical analysis of Open Banking API implementations to identify privacy gaps and session-hijacking vectors. Built proof-of-concept attack simulations using JavaScript, cURL, and Keycloak to evaluate token misuse and replay scenarios, then documented practical mitigations.

"APIs are the veins of modern software — secure them or bleed data."
OPEN BANKINGKEYCLOAKTOKEN REPLAYPoC
FILE_03 // INDEPENDENT MANUSCRIPT IN PREP

Adaptive Malware Containment System (AMCS)

Independent Research — Ongoing (Targeting Q1 Venue)

Designing an AI-driven, real-time runtime isolation system that shifts endpoint security from reactive process termination to continuous, proactive mitigation. Implementing a zero-overhead telemetry pipeline using eBPF kernel probes alongside Landlock LSM and cgroups v2 middleware to dynamically mutate process boundaries mid-execution. Developing a lightweight temporal machine learning engine to evaluate streaming system calls and data entropy, enforcing granular resource constraints and isolation rules based on dynamic risk scores.

"Don't kill the process. Cage it, watch it, and let it hang itself."
eBPFLANDLOCK LSMCGROUPS V2RUNTIME ISOLATIONTEMPORAL ML
VOLUME 03CONSTRUCT ARCHIVE

Things I've built. Click a card to expand the dossier.

DOSSIER_01 🔐

FrithX

React · TypeScript · Firebase

Modular, client-side, privacy-first cybersecurity toolkit — Threat Modeling, Zero Trust planning, and Privacy Notice generation, with local-first analysis that preserves user data sovereignty.

GRCZERO TRUSTPRIVACY-FIRST
VIEW SOURCE →
DOSSIER_02 👁️

DeepFake Detector

Python · JavaScript

AI-based browser extension detecting deepfake media in real time. Optimized asynchronous requests for low-latency scanning without disrupting normal browsing.

NEURAL NETFORENSICSEXTENSION
VIEW SOURCE →
DOSSIER_03 🛡️

Malicious URL Detector

JavaScript · HTML · VirusTotal API

Chrome extension identifying phishing and malware domains via VirusTotal reputation checks, with lightweight instant UI alerts for flagged URLs.

HEURISTICSNETWORK SECEXTENSION
VIEW SOURCE →
DOSSIER_04 🔨

Auction

Solidity · React · Web3

Decentralized auction platform with on-chain bid escrow and transparent settlement logic — smart contracts handling bid validation, timed closes, and trustless fund release to the winner.

SMART CONTRACTSBLOCKCHAINESCROW
VIEW SOURCE →
VOLUME 04CAPABILITY MATRIX

LANGUAGES

Python JavaScript TypeScript SQL Solidity HTML/CSS

TOOLS

Burp Suite Nmap Wireshark Metasploit Postman Git Remix Linux eBPF Draw.io

AUTH & IDENTITY

Keycloak OIDC JWT OAuth 2.0 TPM

FRAMEWORKS

React Node.js Firebase Streamlit Web3.js

SIGNAL DIAGNOSTICS

Python 94%
JavaScript 90%
Linux 85%
Problem Solving 96%
Patience 99%
TELEMETRY_CONSOLE // CAPABILITY_MONITOR
> SYSTEM SCANNER: ACTIVE
> NODE STATE: STABLE
> Hover over a capability node above to query telemetry link...
CERTIFICATIONS//
TryHackMe — Jr Penetration Tester Google — Foundations of Cybersecurity Google — Play It Safe: Manage Security Risks Google — Connect and Protect: Network Security IBM — JavaScript Backend Development Udemy — Ethereum & Solidity Coursera — Blockchain TryHackMe — Jr Penetration Tester Google — Foundations of Cybersecurity Google — Play It Safe: Manage Security Risks Google — Connect and Protect: Network Security IBM — JavaScript Backend Development Udemy — Ethereum & Solidity Coursera — Blockchain
VOLUME 05DIRECT LINK

Skip the scrolling. Talk to the archive directly. Type help to begin.

mimohit@archive: ~
Welcome to mimohit.sys — interactive shell v2.1.0
Type help for a list of commands.
mimohit@archive:~$
VOLUME 07RECOVERY MODE

Not everything is exploits and access control. Some of it is just... quiet.

COFFEE

V60 precision. Single origin Ethiopia, always. The ritual matters more than the caffeine.

📖

BOOKS

Kafka, Dostoevsky, Camus on rotation. Stories where the dread is the plot twist.

🎬

ANIME

Cyberpunk and psychological aesthetics. If it questions what's real, I'm probably watching it.

🌱

COMMUNITY

Volunteer Lead teaching underprivileged children · Former Senior Executive, BRAC Business Club · Duke of Edinburgh Award, Bronze.

"if you've read this far — thank you for staying a while. make yourself a coffee. i'll wait."