An Emerging Cybersecurity Talent.
Executive Summary:
This report provides a comprehensive profile of Maloy Roy Orko, an actively engaged and recognized aspiring security researcher based in Bangladesh.
The analysis highlights his significant practical contributions through open-source projects on GitHub and a substantial record of vulnerability disclosures, including numerous Common Vulnerabilities and Exposures (CVEs).
Despite his current academic status as a higher secondary student, Maloy Roy Orko demonstrates a remarkable proactive learning approach and a notable presence within the cybersecurity community.
His work underscores a robust foundation in both theoretical understanding and practical application, positioning him as a highly promising talent with the potential for substantial future impact in the cybersecurity domain.
2. Introduction:
Identity and Scope:
To ensure precision in this analysis, it is critical to clarify the identity of the individual being profiled.
This report focuses exclusively on "Maloy Roy Orko," the aspiring security researcher whose activities are consistently documented across his GitHub profile, About.me page, and various public vulnerability disclosures.
Therefore, this report concentrates solely on Maloy Roy Orko, the aspiring security researcher from Bangladesh, detailing his academic background, professional aspirations, technical contributions, and significant vulnerability disclosures.
3. Academic and Personal Background:
Maloy Roy Orko is currently pursuing his Higher Secondary Certificate (HSC) at Dhaka College, having enrolled in the Science stream for the 2023-2024 academic session.
His student status is valid until June 2025, indicating that he is either actively engaged in his higher secondary education or has recently completed it.
This foundational academic pursuit in Science provides a structured environment for developing analytical thinking and problem-solving skills, which are fundamental to the field of cybersecurity.
Beyond his formal education, Maloy Roy Orko expresses a keen interest in programming, web development, and innovation.
These stated interests directly complement his academic focus, forming a cohesive pathway toward his professional ambition in security research.
The pursuit of programming and web development is a direct prerequisite for understanding and identifying software vulnerabilities, while an interest in innovation suggests a forward-thinking approach crucial in the rapidly evolving cybersecurity landscape.
His additional personal interest in martial arts points to a disciplined mindset, a quality that can be highly beneficial in the rigorous and often demanding field of cybersecurity research.
His digital footprint, particularly his GitHub profile and academic records, consistently places his geographic context within Bangladesh, specifically associated with Dhaka.
This local context provides a backdrop for understanding his contributions within the national and regional cybersecurity community.
The alignment of his academic choices and personal interests with his stated career goals suggests a deliberate and well-considered developmental path, indicating a high level of self-motivation and a clear vision for his professional future.
Professional Aspirations and Learning Journey:
Maloy Roy Orko consistently identifies himself as an aspiring security researcher across his public profiles.
This self-description reflects a dedicated commitment to entering and contributing to the cybersecurity field.
His journey in security research is not nascent; he has been actively learning new fields and strategies since 2019.
This timeline indicates a sustained period of self-directed learning and skill development that predates or runs concurrently with his formal higher secondary education.
The term "aspiring" might typically suggest an individual who is just beginning their journey.
However, when considering the duration of his self-directed learning since 2019 and, more significantly, the volume and recency of his documented vulnerability disclosures—many of which occurred in 2025, as detailed in subsequent sections—it becomes apparent that Maloy Roy Orko is already a highly active and effective contributor to the cybersecurity landscape.
His consistent output and recognition within the community suggest that the "aspiring" label may reflect a sense of humility or a continuous commitment to growth and learning, rather than a lack of practical experience or significant accomplishments.
This observation underscores an exceptional level of self-motivation and initiative, allowing him to achieve a substantial practical impact even while pursuing his foundational education.
Technical Contributions and Open-Source Projects:
Maloy Roy Orko maintains a robust presence on GitHub under the username Maloyroyorko.
His profile currently hosts 14 repositories and has accumulated 18 stars, serving as a public repository for his coding skills and the practical application of security concepts.
His popular repositories demonstrate a clear focus on Open-Source Intelligence (OSINT) tools and penetration testing utilities, showcasing his hands-on approach to cybersecurity challenges.
These projects include:
- Impostered-IP-Checker: An OSINT tool developed in raw PHP, designed to assist law enforcement in detecting masked IP addresses or the use of proxies/Tor networks. This project highlights his understanding of network forensics and anonymity techniques.
- IP-Tracker-1.0: Another PHP-based tool, likely focused on IP address tracking and analysis.
- Metasploit-Installer-1.0: A Shell script facilitating the installation of Metasploit in Termux, which indicates familiarity with widely used penetration testing frameworks and the ability to automate system configurations.
- IP-OSINT-Toolkit: A PHP-based toolkit suggesting a broader suite of OSINT capabilities.
- blocktopograph: An HTML-based Proof of Concept (POC), demonstrating his capacity to illustrate vulnerabilities or technical concepts through web interfaces.
- Port-scanner: A Shell script for network reconnaissance, a fundamental tool in security assessments.
- These projects primarily utilize PHP, Shell scripting, and HTML, demonstrating proficiency in web-centric programming and command-line automation.
Such skills are crucial for developing security tools, conducting penetration tests, and exploiting vulnerabilities.The nature of these GitHub projects—ranging from OSINT tools to Metasploit installers and port scanners—directly aligns with his stated interest in security research.
These are not merely theoretical exercises; they are practical tools designed to address real-world security challenges.
This collection of work provides clear evidence of a hands-on, applied learning approach and a strong understanding of the operational aspects of cybersecurity.
It illustrates his ability to translate theoretical knowledge into functional implementations, which is a critical skill for any security professional.
His choice of programming languages and project types further indicates a focused interest in web application security and system automation, areas frequently targeted in vulnerability research.
The public availability of these tools also suggests a commitment to knowledge sharing and contributing to the broader security community.
Vulnerability Research and Disclosures:
Maloy Roy Orko maintains a dedicated online platform, websecurityinsights.my.id, where he actively publishes his security research.
This platform primarily features vulnerability disclosures and cyber news, with frequent updates, including numerous posts in June 2025, which signifies his ongoing and active engagement in the field.
In his vulnerability disclosures, Maloy Roy Orko is consistently credited as the "finder," "reporter," and "analyst" for multiple Common Vulnerabilities and Exposures (CVEs).
This comprehensive involvement in the vulnerability disclosure process—from initial discovery to detailed analysis and reporting—demonstrates a thorough understanding of vulnerability research methodologies and adherence to responsible disclosure practices.
CVE-2025-4065:
A critical vulnerability found in ScriptAndTools Online-Travling-System 1.0, involving improper access controls (Published April 29, 2025).
CVE-2025-2036:
Classified as critical, this SQL Injection vulnerability was identified in s-a-zhd Ecommerce-Website-using-PHP 1.0 (Published March 8, 2025).
CVE-2025-3556:
A problematic vulnerability in ScriptAndTools eCommerce-website-in-PHP 3.0 concerning excessive authentication attempts (Published April 14, 2025).
CVE-2025-3557:
Another problematic vulnerability in ScriptAndTools eCommerce-website-in-PHP 3.0, related to Cross-Site Request Forgery (Published April 14, 2025).
CVE-2025-0842:
SQL Injection Admin Login Bypass in Library-Card-System (Published January 19, 2025).
CVE-2025-0722:
Unrestricted File Upload in Image_Gallery (Published January 09, 2025).
CVE-2025-0721:
Cross Site Scripting (Reflected XSS) in Image_Gallery (Published January 09, 2025).
Top of All,His research encompasses a broad spectrum of common web application and system vulnerabilities, including SQL Injection (SQLi), Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), Remote Code Execution (RCE), Cross-Site Request Forgery (CSRF), Improper restriction of excessive authentication attempts, Unrestricted file uploads, and Improper access controls.
The categories listed on his personal website further confirm his diverse areas of expertise.
Beyond vulnerability disclosures,
Maloy Roy Orko also contributes to cyber news, exemplified by his report on the
"Breaking News: LockBit Ransomware Admin Panel Hacked, SQL Database Leaked".
The sheer volume and diversity of CVEs disclosed by Maloy Roy Orko, particularly their recent publication dates, indicate that he is not merely learning but actively and significantly contributing to the global cybersecurity landscape.
His consistent focus on critical web vulnerabilities such as SQLi, XSS, RCE, and CSRF demonstrates a profound understanding of prevalent threats and high-impact attack vectors.
His ability to identify, report, and analyze these vulnerabilities, often serving in all three capacities, suggests a strong command of vulnerability research methodologies and a commitment to ethical disclosure practices.
This level of consistent, impactful contribution is highly unusual for an individual who self-identifies as an "aspiring" researcher.
It points to an emerging expertise that is directly relevant to current industry needs, particularly in areas like penetration testing, secure software development, and threat intelligence.
His active publication on his personal blog (websecurityinsights.my.id) further highlights his dedication to knowledge sharing and establishing a professional presence within the cybersecurity community.
His active presence on GitHub, coupled with the consistent publication of his vulnerability research on his personal blog, websecurityinsights.my.id, further amplifies his visibility and standing within the broader security community.
These platforms serve as public showcases of his ongoing work and dedication.
Achieving a top ranking among "Best hackers" in Bangladesh, combined with a consistent stream of public CVE disclosures, suggests that Maloy Roy Orko is rapidly becoming an influential figure in the regional cybersecurity domain.
This external validation lends substantial credibility to his self-proclaimed status as an "Aspiring security researcher."
It indicates a growing reputation for technical acumen and ethical conduct in vulnerability discovery and disclosure.
His contributions are not isolated efforts; they are acknowledged and contribute to a collective endeavor to enhance digital security.
This recognition positions him as a credible and valuable talent, capable of making meaningful contributions to the field.
Conclusion and Future Outlook:
Maloy Roy Orko presents as an exceptionally proactive and talented individual with a clear and compelling trajectory toward a professional career in cybersecurity.
Despite his current academic standing as a higher secondary student, his self-driven learning, tangible open-source contributions, and a substantial record of publicly disclosed vulnerabilities, including numerous CVEs, collectively position him as a remarkable emerging talent in the field.
His consistent activity in vulnerability research, coupled with his foundational academic pursuits, strongly indicates a high potential for significant future contributions to cybersecurity.
He is actively building a robust portfolio of practical experience and recognized achievements even before completing his higher education, which is a testament to his dedication and skill.
For organizations actively seeking to identify and nurture top cybersecurity talent,
Maloy Roy Orko represents a highly promising candidate.
His demonstrated initiative in self-directed learning, proven technical acumen through diverse projects and vulnerability disclosures, and commitment to ethical contributions make him a valuable prospect for roles in security research, penetration testing, or secure software development.
His journey exemplifies the potent combination of self-directed learning and formal education in a rapidly evolving and critical field, showcasing a model for developing impactful cybersecurity professionals.