INITIALIZING SYSTEM
0%
DEVELOPER & SECURITY RESEARCHER

ARIF
CHOWDHURY

Systems developer and security researcher who builds things that don't break — and breaks things that weren't built well enough. Specializing in low-level systems, adversarial research, and infrastructure that scales.

View Projects Get In Touch
0
Languages
0
Projects
0
Years Exp
AVAILABLE FOR HIRE
SCROLL
01

SKILLS & STACK

PY
Python
95%
JV
Java
88%
C
C
90%
C++
C++
85%
RS
Rust
82%
JS
JavaScript
87%
CyberSec
92%
Systems
88%
arif@dev — bash — 80x24

arif@dev:~$ whoami

Arif Chowdhury — Systems Developer, Security Researcher

arif@dev:~$ cat skills.txt

Languages: Python, Java, C, C++, Rust, JavaScript

Security: Pentesting, Exploit Dev, Reverse Engineering, CTF

Tooling: GDB, Ghidra, Burp Suite, Wireshark, Metasploit, Docker, Linux

arif@dev:~$ ls certifications/

CEH  OSCP-in-progress  CTF-winner-2024  HackTheBox-Pro

arif@dev:~$

02

PROJECTS

PROJECT — 001

FASTKV

FastKV is a pure-Python, high-performance key-value database designed for durability, speed, and simplicity. It implements a log-structured merge-tree (LSM-tree) architecture similar to RocksDB/LevelDB, optimized for SSD storage with asynchronous compaction, bloom filters, and configurable durability modes.

Python Systems Storage Database
384
View Source
PROJECT — 002

SSHADOW

A real-time, browser-based Linux terminal powered by Node.js, WebSockets, xterm.js, and a secure Python CLI client. Built for remote access, development, learning, demos, and debugging.

Python NodeJS Red Team
271
View Source
PROJECT — 003

VULNSCAN

Python-based automated vulnerability scanner with CVE correlation, service fingerprinting, and custom exploit templates. Integrates with Shodan and NVD.

Python Security CVE
156
View Source
PROJECT — 004

MEMVAULT

Custom memory allocator in C with slab allocation, memory poisoning, and built-in heap corruption detection. Drop-in replacement for glibc malloc.

C Memory Systems
203
View Source
PROJECT — 005

NODEWATCH

Real-time network monitoring dashboard in JavaScript/Node.js with packet analysis, anomaly detection ML pipeline, and threat intelligence feeds.

JavaScript Network ML
119
View Source
03

ABOUT

I'm Arif Chowdhury, a systems developer and security researcher based in Dhaka. I write code in eight languages and break things in all of them.

My work lives at the intersection of low-level systems programming and adversarial security research — building the tools that defenders need and understanding the mindset that attackers use.

When I'm not hunting bugs or optimizing allocators, I write about systems internals, binary exploitation, and the philosophy of building resilient software. Security isn't a feature — it's a property.

2023 — NOW
Security Developer
FREELANCE / OPEN SOURCE
2021 — 2023
Backend Systems Developer
TECHCORP BD, DHAKA
2019 — 2021
Software Engineering Intern
STARTUP INCUBATOR, BUET
PENETRATION TESTING
Web, network, and binary exploitation across real-world environments and CTF competitions.
EXPLOIT DEVELOPMENT
ROP chains, heap feng shui, kernel exploits, and custom shellcode for x86/64 and ARM.
REVERSE DEVELOPERING
Malware analysis, firmware reversing, protocol reconstruction from binary artifacts.
SECURE SYSTEMS
Threat modeling, secure architecture design, and hardening for production systems.
htb_profile.json

{

  "handle": "arif_0x41",

  "rank": "Pro Hacker",

  "owns": { "user": 67, "root": 54 },

  "ctf_wins": ["BUET CTF 2024", "CyberDhaka 2023"],

  "karma": 4820

}

04

WRITING

APR 12, 2025
Binary Exploitation

Heap Grooming for Dummies: A Modern Glibc Exploitation Primer

A deep dive into tcache poisoning, safe-linking bypass, and constructing reliable primitives against modern glibc 2.38. Includes fully weaponized PoC.

CHeapCTF
MAR 3, 2025
Systems

Writing a Memory Allocator in C from Absolute Zero

Walkthrough of building MemVault — from sbrk() to slab caches to thread-local free lists. Benchmarking methodology and surprising results against jemalloc.

CMemoryPerformance
JAN 18, 2025
Rust

Why I Rewrote My C2 in Rust (And What I Learned)

Migrating PhantomShell from C to Rust: ownership as a security primitive, safe FFI patterns, and how the borrow checker caught three memory bugs I'd been living with for months.

RustCRed Team
DEC 5, 2024
Reverse Engineering

Dissecting a Real-World Ransomware Sample with Ghidra

Static and dynamic analysis of a LockBit-variant collected in the wild. Unpacking, string deobfuscation, and reconstruction of the encryption key schedule.

MalwareGhidraAnalysis
OCT 22, 2024
Network Security

Building an Anomaly Detection Pipeline with Python + eBPF

Using eBPF for kernel-level packet observation and feeding live features into an isolation forest model. Real-time threat detection without userspace overhead.

PythoneBPFML

LET'S TALK.

OPEN TO COLLABORATIONS, RED TEAM WORK, AND INTERESTING PROBLEMS

admin@arifdev.qzz.io
GitHub LinkedIn Facebook Twitter/X Resume PDF