Inosh Matheesha

Inosh Matheesha

Cyber Security Undergraduate

Open for opportunities
13 Projects
SLIIT University
LK Location
Hello, I'm

Cyber Security Enthusiast

|

View Projects Get in Touch
USB HID Email Security Browser Extensions Python Pentesting

About Me

Who I am, what I do, and where I'm headed

Who I Am

Passionate Cyber Security undergraduate at SLIIT, specializing in web development and programming. I build tools to make the digital world safer — from BadUSB payloads to browser security extensions.

BadUSB Email Spoofing Security Tools Pentesting Extensions

Tech Stack

Python 40%
JavaScript 85%
PHP 85%
Pentesting 80%
C / C++ 80%
Networking 75%
Linux 80%
Nmap 75%
Wireshark 70%

Education

2023 – Present BSc (Hons) in IT Specialising in Cyber Security Sri Lanka Institute of Information Technology
6+ Projects

Security Projects Built

Explore

Featured Projects

Real-world security research and tools

ProMicro Payloads
Arduino BadUSB

ProMicro Payloads

Collection of Arduino-based USB HID payloads for cybersecurity education and authorized penetration testing.

View Code
SecureShopCTF
Python Research

SecureShopCTF

CTF challenge focused on web application security, including authentication, authorization, and data encryption.

View Code
FreebieGamesFinder
JavaScript Extension

FreebieGamesFinder

Chrome extension finding 500+ free games using FreeToGame API with smart search and caching.

View Code
Exam Scheduler
Kotlin Android

Exam Scheduler

Android app to organize exams and tasks with Jetpack Compose and Room database.

View Code
ZeNeOn ESP32 WiFi Framework
ESP32 WiFi Security

ZeNeOn-ESP32-WiFi-Framework

ZeNeOn is an ESP32-based WiFi security assessment framework that provides deauthentication attacks, Evil Twin AP creation, beacon flooding, packet capture, and Payload Injection.

View Code
Wordlist Generator
Python Tools

Wordlist Generator

Custom wordlist generation tool for security testing and password auditing.

View Code

My Articles

Insights on cybersecurity, ethical hacking, and security research

Medium Article

SecureShop CTF Room - Complete Walkthrough Guide

The SecureShop CTF lab is an educational cybersecurity challenge that mimics a vulnerable e-commerce web application. This walkthrough tutorial offers in-depth step-by-step procedures for the identification and exploitation of several security vulnerabilities related to the OWASP Top 10

CTF Walkthrough
Read More
Medium Article

OS command injection

OS command injection is also known as shell injection. It allows an attacker to execute operating system (OS) commands on the server that is running an application, and typically fully compromise the application and its data. Often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, and exploit trust relationships to pivot the attack to other systems within the organization.

OS Command Injection Walkthrough
Read More
Medium Article

File upload vulnerabilities

File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution.

File Upload Walkthrough
Read More
Medium Article

Path traversal

Path traversal, also known as directory traversal, is a type of vulnerability that occurs when an application fails to sanitize user input, allowing an attacker to access or modify files on the server. This can lead to unauthorized access to sensitive data, such as configuration files, source code, or even system files.

Path Traversal Walkthrough
Read More
Medium Article

XML external entity (XXE) injection

XXE injection is a type of attack that targets applications parsing XML input. It happens when the XML parser is configured to process external entities special references in XML that can load files or fetch resources from remote servers.

XXE Walkthrough
Read More
Medium Article

Cross-Site Scripting (XSS) | PortSwigger’s Apprentice Labs | Labs 1–9 Walkthrough

Cross-site scripting (XSS) is a type of attack that targets applications that display user input without proper validation or escaping. It allows an attacker to inject malicious scripts into a web page, which can then be executed by other users.

XSS Walkthrough
Read More
View All Articles on Medium

Get In Touch

Let's collaborate on something amazing

Contact Information

Location

Sri Lanka

Status

Open for opportunities