Cybersecurity researcher & developer

Noman Nasir Minhas

I build offensive security tools, analyze threats, and share practical knowledge that helps defenders and builders strengthen the digital world.

Explore my workView profile
15+
Tools & Projects
40+
Technical Articles
5+ YRS
Security Research

Featured work

View all projects

Nanga Rootkit

featured

Process Behavior Monitoring SwissKnife

Windows SSDT hook framework that streams syscalls, file I/O, registry mutations, WFP network events, and DLL loads as structured JSONL. 34 hooked syscalls, minifilter for file ops, registry callbacks, 14 WFP ALE callouts, and direct-syscall detection for malware analysis and offensive research.

CWindows KernelWDKSSDTWFP
source open source

Goofy

featured

Golang Version Manager

Cross-platform Go version manager for Windows, macOS, and Linux. Installs and switches multiple Go toolchains side-by-side with shimmed binaries, per-shell/per-directory/global resolution, and zero elevation required. Bootstrap is idempotent and self-healing.

GoCLICross-platformShim
source open source

Rust Vulnerability Scanner

featured

Nuclei Compatible Vulnerability Scanner

Enterprise-grade, Nuclei-compatible vulnerability scanner written in Rust. Async tokio runtime, governor-based rate limiting, SOCKS/TLS support, YAML template execution, DNS resolver via trust-dns, and Tera-rendered reports.

RustTokioNucleiYAMLReqwest
source open source

MS Edge Dumper

Simple Edge Password Dumper

Proof-of-concept Go tool that extracts and decrypts credentials stored by Microsoft Edge. Reads the Login Data SQLite store, unwraps the AES master key via DPAPI, and prints decrypted entries — strictly for authorized defensive research.

GoWindowsDPAPISQLite
source open source

HTTP Proxy

Layer-7 HTTP Proxy for Network Analysis

Single-binary Go HTTP relay for pivoting through a jumpbox into internal networks. Forwards requests to a destination passed via the `relay_url` query parameter, strips hop-by-hop headers, and uses a tuned client with connection pooling and HTTP/1.1 enforcement.

GoHTTPNetworkingPivoting
source open source

File Blinder

Windows DLL Injection & File-Access Toolkit

Windows process instrumentation toolkit for authorized security research. Hooks 32 Win32/NT APIs via MinHook inline detours to make blocked paths invisible to a target process, enable DLL search-order hijacking from user-writable directories, protect ntdll.dll from tampering, and capture process/network behavior — built for red-team ops and detection engineering.

RustWindowsDLL InjectionMinHookWin32/NT API
source open source
Technologies & interestsRustGoLinuxWindowsReverse EngMalware AnalysisCloud SecurityAutomation
user@nnm:~$ keep building, keep learning.
03. RESEARCH

Research Archive

An indexed research ledger covering post-quantum security, connected systems, malware analysis, and distributed infrastructure.

  1. R-012024

    Edge-Computing-Based Scheme for Post-Quantum IoT Security for e-Health

    AU: NN Minhas, K MansoorPUB: IEEE Internet of Things Journal, 11(19), 31331-31337
    Post-QuantumIoTe-HealthEdge Computing
    Citations13
  2. R-022024

    Post-Quantum Authentication Scheme for IoT Security in Smart Cities

    AU: N MinhasPUB: Preprints
    Post-QuantumIoTSmart CitiesAuthentication
    Citations12
  3. R-032023

    Distributed Ledger Technologies for Electronic Health Care: Iota-Based Remote Patient Monitoring and Telemedicine System

    AU: NN Minhas, MW Mubeen, H KhawajaPUB: Computer, 56(10), 31-39
    DLTIOTAHealthcareTelemedicine
    Citations04
  4. R-042023

    Using Internet of Things Application for Energy-Efficient and Lightweight Internet of Drones Networks

    AU: NN Minhas, M NaveedPUB: IT Professional, 25(4), 21-28
    IoTDronesEnergy-Efficient
    Citations02
  5. R-052024

    A Survey on Quantum Cryptography, its Protocols, Applications, and Challenges

    AU: N MinhasPUB: Preprints
    Quantum CryptographySurveyProtocols
    Citations00
  6. R-062024

    Using ASCON-Based Fuzzy Hashing for Efficient Malware Analysis

    AU: N Minhas, M NaveedPUB: Preprints
    ASCONFuzzy HashingMalware Analysis
    Citations00
  7. R-072022

    iTrace: When IOTA Meets COVID-19 Contact Tracing

    AU: W Ghazanfer, NN Minhas, M Rauf, A AnjumPUB: IT Professional, 24(1), 56-62
    IOTAContact TracingCOVID-19
    Citations00
Archive integrity: verifiedResearch record operational
04. CAPABILITIES

What I Work In

A capability matrix spanning offensive operations, systems engineering, defensive architecture, and forward-looking cryptography.

Runtime stack09 TOOLCHAINS AVAILABLE
Rust
Go
C
C++
C#
Python
Zig
PowerShell
x86 ASM

CAP-01 / PRIMARY

Offensive Security

86

Readiness

Infrastructure VAPT92%
Web Application Pentesting88%
API Security Testing85%
Exploit Development85%
Attack Surface Management82%

CAP-02 / ACTIVE

Reverse Engineering & Forensics

86

Readiness

Malware Reverse Engineering90%
Windows Internals88%
Code Security Audits86%
Vulnerability Management88%
Network Forensics78%

CAP-03 / HARDENED

Architecture & Hardening

84

Readiness

Secure System Design86%
API Security Engineering88%
IAM & Compliance78%
Defensive Controls Design82%

CAP-04 / RESEARCH

Post-Quantum & Future

74

Readiness

Post-Quantum Cryptography78%
Quantum Computing72%
Kyber / Dilithium75%
IoT & Edge Crypto72%
05. OPERATIONS LOG

Career Graph

A chronological mission log of offensive security, defensive engineering, malware research, and systems development.

Experience sequenceDESCENDING / PRESENT TO ORIGIN
  1. 2024 — Present

    Cyber Security Engineer · Cytomate

    Active assignment
    Doha, Qatar

    Red Team Operator at Cytomate Solutions and Services in Doha, Qatar. Adversary emulation, infrastructure VAPT, exploit development, and building the Psiberus autonomous simulation platform. Co-inventor on USPTO patent 18/530,422.

    Red TeamQatarAdversary EmulationPsiberus
  2. 2023 — 2024

    Security Software Developer · Shifa International Hospitals

    Mission archived
    Islamabad, Pakistan

    Built internal security tooling and hardened critical healthcare infrastructure in Pakistan. Code security audits, API security, and defensive engineering across a regulated environment.

    Defensive EngAPI SecurityHealthcare
  3. 2021 — 2023

    Malware Researcher · Chunkworks

    Mission archived
    Netherlands / Remote

    Analysed real-world malware samples at Chunkworks in the Netherlands — reversing packers, unpacking malware families, and studying evasion techniques. Published IEEE research on post-quantum cryptography.

    Malware RENetherlandsIEEEPQC
06. BLOG

Latest Research

Deep-dive technical analysis, tool releases, and security research findings.

Nanga: Process Telemetry from the Syscall Layer

May 26, 202615 min read

A kernel-driver approach to malware dynamic analysis that captures process telemetry below user-mode evasion, at the syscall layer.

malware-analysiswindows-internalskernelsecurity-researchdynamic-analysisssdtrootkitreverse-engineering
0+Public Git Commits
0+Repositories
0Industry Certifications
0+Years in Security
07. CONNECT

Let's Connect

Got an interesting vulnerability, a research idea, or a red-team scenario worth chasing? Reach out.

Handle

@sheldon

Noman Nasir Minhas · Doha, Qatar