Hi, I am Mukul Lohar 👋 I am a Senior Product Security Engineer with expertise in threat modeling, secure code review, and penetration testing across large-scale cloud and on-prem systems. Beyond my professional work, I am deeply passionate about the intersection of space security and emerging technologies in AR/VR, exploring how immersive systems and critical infrastructures can be secured for the future. With a proven track record in bug bounty research for companies like Facebook and Google, I bring both hands-on technical depth and forward-looking curiosity to every challenge I take on.
Exploring
Learning Now
- Smart Contract
- Secure System Design
- Explore Hacking in Undiscovered areas
- Assembly
- AR/VR
- ThreeJS , Android XR
ResearchCVE
CVE-2025-66021
XSS bypass on OWASP Java HTML Sanitizer Library
NVDPOC
Reading List
- Designing Secure Software by Loren Kohnfelder
- Hacking The Art Of Exploitation By jon erickson
- Practical Reverse Engineering By Bruce Dang
- Programming from the Ground Up By Jonathan Bartlett
- Mastering Linux Security by Donald A. Tevault
- Zero Trust Network by Evan Gilman & Doug Bart
- DNS Security Management
- Building Multi-Tenant SaaS Architectures by Tod Golding
Open Source
- Renix
RFC & Papers
- The MD5 Message-Digest Algorithm
- CyberGym: Evaluating AI Agents’ Cybersecurity Capabilities with Real-World Vulnerabilities at Scale
- The Security Architecture of the Chromium Browser
- Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks
- kvm: the Linux Virtual Machine Monitor
- Securing the AI Software Supply Chain
Work Experience
Blog
Connect
Feel free to contact me at mukul.lohar@tokopedia.com