Warning: Undefined variable $current_theme in /www/wwwroot/0xAhmadYousuf/index.php on line 8
Ahmad Yousuf - Security Researcher · Post-Quantum Cryptographer
Available for research collaborations

Security Researcher
& Cryptographer

Cryptography researcher, backend engineer, and open-source builder from Bangladesh. I design post-quantum trust systems, build production APIs, and create tools that give people control over their own cryptographic operations. Founder of QudsLab. Published on quantum-resistant key architecture.

Read My Research Get in Touch
About

The Researcher Behind the Cryptography

I started learning cyber-security in 2019 inside a Bangladeshi grey-hat community, learning XSS, SQL injection, and the art of reading broken web applications. By 2020 I had moved into competitive CTF playing and fallen deep into cryptography and symmetric ciphers, asymmetric PKI, steganography, and the elegant mathematics that underlies all of it.

I earned a Master's degree in Islamic Studies from Madrasah (2023) while simultaneously building production backend systems at TarunSoft and later WriteBiz. That dual track classical scholarship alongside computer science, it shaped how I approach problems: methodically, with patience, and with respect for depth.

In 2025 I founded QudsLab, a research lab for post-quantum cryptographic systems. My first published paper, "The Quantum Reset" (2026), argues that NIST's ML-KEM/ML-DSA standards solve the algorithm problem but leave the deeper trust problem - centralized entropy and opaque key generation - completely unaddressed.

I also build tools. PrivacyRipper is my open-source browser fingerprinting library, designed to be a free, transparent alternative to Fingerprint.js. And CTFRM is my CTF resource manager, currently paused while QudsLab reaches v1.

Timeline

The Journey

Seven years from a grey-hat community to founding a post-quantum research lab.

2019
CyberSec Beginnings
Grey-Hat Community · Bangladesh
Joined a Bangladeshi grey-hat hackers community. Mastered XSS injection, SQL injection, and foundational web vulnerability exploitation techniques.
First Skills
XSS SQL Injection Web Recon OSINT Burp Suite
2020
CTF & Deep Cryptography
Self-Directed
Transitioned to competitive CTF playing. Began deep study of cryptographic algorithms — symmetric, asymmetric, hash functions, steganography, and advanced ciphers.
Mastered
Symmetric Ciphers Asymmetric PKI Hash Functions Steganography CTF Strategy
2021
National CTF & TryHackMe Paths
eGov Bangladesh / TryHackMe
Competed in the Bangladesh Government CTF (free edition). Earned multiple TryHackMe path completions. Explored all major OWASP Top 10 vulnerabilities hands-on.
Certifications & Tools
OWASP Top 10 Network Scanning Privilege Escalation TryHackMe Paths
2022
Python, Django & Security Tools
International CTFs & Self-Built Projects
Mastered Python in 2 months, then Django. Built AI-powered Q&A bots, port scanners, SOCKS4/5 proxies, and email security testing tools. Competed internationally at CrewCTF, NAHAMCON, VISHWACTF, CYBERYAMI, and OFPPT.
Built & Competed
Python Django Port Scanners SOCKS Proxies International CTFs
2023
Master's Degree & TarunSoft
Madrasah / TarunSoft
Earned Master's in Islamic Studies. Joined TarunSoft as Django Developer, promoted to QA Test Engineer. Founded CTFRM. Deepened PHP, SQL, and advanced cryptography expertise via internships.
Professional Growth
Master's Degree QA Engineering PHP MySQL CTFRM
2024
WriteBiz Backend Developer
WriteBiz (October)
Joined WriteBiz as Backend Developer. Building scalable API systems, deepening expertise in security-hardened backend architecture and post-quantum cryptography.
Engineering
REST APIs Security-Hardened Architecture PQC Research Redis Docker
2025
QudsLab Founded
QudsLab · Research Lab (July 2025)
Established QudsLab — a cryptographic research lab focused on post-quantum systems, client-side entropy collection, seed-rooted key derivation, and distributed trust models.
Lab Focus
ML-KEM ML-DSA HKDF Client-Side Entropy Distributed Trust
2026
"The Quantum Reset" Published
QudsLab / Zenodo
Published landmark research paper proposing a new PQC architecture: client-side entropy collection, seed-rooted key derivation, and distributed trust away from centralized servers.
doi.org ↗
Published
Research Paper Zenodo DOI Post-Quantum Architecture
Expertise

What I Do Best

Seven years of continuous learning across security, cryptography, and backend engineering.

Post-Quantum Cryptography

Designing quantum-resistant systems using ML-KEM and ML-DSA. Research-level understanding of NIST PQC standards, key encapsulation, and digital signatures. Published on the trust gap in PQC migration.

ML-KEM ML-DSA CRYSTALS-Kyber CRYSTALS-Dilithium Lattice Crypto

Applied Cryptography

Deep expertise in classical and modern cryptographic systems — symmetric encryption, asymmetric PKI, hash functions, MACs, steganography, and key derivation. Familiar with 700+ algorithms.

AES-GCM RSA/ECC HKDF/Argon2 SHA-3/BLAKE3 ZKP Basics

Backend Engineering

Building production REST APIs with Django and PHP. Database design, Redis caching, payment gateway integration, LLM-powered features, and security-hardened architecture.

Django PHP REST APIs MySQL/Redis LlamaCPP

Security Research

Peer-reviewed published researcher. "The Quantum Reset" (2026) proposes a new architectural trust model for post-quantum migration — client-controlled entropy, auditable derivation.

Published PQC Trust Models Entropy HNDL Defense

CTF & Platform Dev

Active CTF competitor since 2019 across 9+ international competitions. Also building CTFRM — a platform for organizing CTF writeups, team resources, and challenge databases.

Web Crypto Forensics OSINT Platform Dev

Open Source & Tools

Building open-source libraries and utilities: PrivacyRipper (browser fingerprinting), port scanners, SOCKS5 proxies, browser automation with Playwright, AI-integrated bots, and OSINT tools.

JavaScript Python Playwright Automation OSINT
Open Source

Built in the Open

Real repositories from my organisations and personal work - tools and libraries built for the community.

QudsLab Founder

Cryptographic research lab building post-quantum infrastructure that users can fully audit and trust — entropy, keys, and derivation live on-device.

PQChub

Cross-platform Post-Quantum Cryptography binary generator. Wraps NIST-finalized ML-KEM / ML-DSA into a clean CLI and library interface.

Python
PQC ML-KEM
NextSSL

Crypto archive and safety-profile toolkit — planned algorithms, strict defaults, SSL/TLS support, cross-platform targets (Android, iOS, macOS, Linux).

Multi
SSL/TLS Cryptography
dpqc

Developer's PQC library. Clean Python API over post-quantum primitives for direct integration into applications.

Python
PQC Library
Proof-of-work

Multi-hash Proof-of-Work experiment for curious devs — supports SHA-256, Blake3, and custom chaining strategies.

Python / C
PoW Hashing
Cloudflared

Lightweight Python library + bin to expose local apps via Cloudflare Tunnel. Zero-config, Termux-friendly.

Python
Cloudflare Tunnel
tor-versions

Automated tracker for the latest Tor Expert Bundle versions and download links. Stays current via CI runs.

Automated
Tor Automation
dpow

Developer's Proof-of-Work library. Simple, embeddable PoW for use in Python projects and experiments.

Python
PoW Library
dtor

Developer's Tor library — slim wrapper around the Tor control protocol for building anonymity tooling in Python.

Python
Tor Anonymity
CTFORION Owner

CTF team and security-tools org. Building infrastructure for competitive hacking, privacy tooling, and open-source security utilities.

Privacy-RIP

Developer-crafted tracking barrier. Blocks and intercepts fingerprinting scripts, analytics, and cross-site tracking payloads in the browser.

JavaScript
Privacy Fingerprinting
CTFD

Modified CTFd fork optimized for Windows server deployment. Adds Windows-native process management and startup scripts.

Python
CTF CTFd
POS

PHP Object Server — lightweight PHP micro-server exposing OOP objects as REST endpoints for rapid API prototyping.

PHP
PHP REST
FileServer

PHP microservice file storage server. Simple HTTP-based file management with authentication and directory listing.

PHP
PHP Microservice
ctforion.github.io

CTFORION CDN and public JavaScript library host. Serves shared scripts and tools across CTFORION projects.

JavaScript
CDN JavaScript
Personal

Personal open-source projects — tools, experiments, and utilities built for the community.

PHP-Error-Log-Viewer ★ 5

Professional PHP error log viewer. Real-time log monitoring, filtering by severity, and clean UI — drop-in for any PHP project.

PHP
PHP Debugging
BDIX ★ 5

Bangladesh BDIX test-server checker. Scans and benchmarks BDIX-peered servers to find the fastest local content routes.

Python
Python Networking
TapLang ★ 2

TapLang DSL — a domain-specific language with a custom interpreter. Experiments in language design, tokenizing, and AST evaluation.

Python
Language Design DSL
GhostTool

Developer utility hub — aggregates common security and dev tools into a single browser-based interface for fast access.

JavaScript
JavaScript DevTools
Privacy-Destroyer ★ 1

Browser fingerprinting and tracking utility. Collects entropy signals (canvas, audio, WebGL, fonts) for device identification research.

JavaScript
Fingerprinting Privacy
DockTor ★ 1

Dockerized Flask app routing traffic through the Tor network. One-command anonymous HTTP proxy with Docker + stem.

Python
Docker Tor
QudsLab

A cryptographic research lab building the infrastructure for post-quantum systems that ordinary people can trust - because the entropy, keys, and derivation logic live entirely on their devices.

Website Research Paper
Jul 2025
Founded
PQC
Focus Area
Open
Source

Why Post-Quantum Trust Matters

NIST finalized ML-KEM and ML-DSA - the algorithm problem is largely solved. But the trust problem - who generates the keys, where entropy comes from, who can audit the process - remains completely unaddressed.

QudsLab is building the answer: open-source tools that prove cryptographic operations happened correctly, on your device, with your entropy.

Client-side entropy collection and auditable seeding
Seed-rooted HKDF key derivation trees
Distributed trust - no single server controls your keys
Defense against "harvest now, decrypt later" (HNDL) attacks
Open-source, verifiable, peer-reviewed
Research

Research

Peer-reviewed proposals at the intersection of cryptographic trust, quantum resistance, and key architecture.

Proposal QudsLab / Zenodo 2026 CC BY-SA 4.0

The Quantum Reset

Addresses the "trust gap" in post-quantum cryptographic migration. While NIST has finalized ML-KEM and ML-DSA standards, current strategies leave centralized server-side key generation and opaque entropy sourcing intact. This paper proposes a new architectural foundation: client-side entropy collection, seed-rooted key derivation, and distributed trust — shifting control from servers to user-controlled endpoints.

Post-Quantum Cryptography Entropy Trust ML-KEM ML-DSA HKDF Seed-Rooted Derivation Distributed Trust HNDL Threat
doi.org ↗
DOI 10.5281/zenodo.19884292
Credentials

Certificates & Experience

31 credentials across CTF competitions, courses, training programs, and work experience.

Bangladesh National CTF 2021 certificate
eGov Bangladesh
Bangladesh National CTF 2021
National cybersecurity competition organized by the Bangladesh government. Multi-category challenges including crypto, web, and binary.
2021
eGov University CTF 2021 certificate
eGov University
eGov University CTF 2021
University-level national cybersecurity challenge run by Bangladesh eGov institute.
2021
Advent of Cyber 2021 certificate
TryHackMe
Advent of Cyber 2021
25-day cybersecurity challenge series. Covered web hacking, log analysis, OSINT, and cryptography fundamentals.
2021
CrewCTF 2022 certificate
CTF Crew
CrewCTF 2022
International CTF competition. Solved cryptography, pwn, and web application challenges against global teams.
2022
CyberYami CTF 2022 certificate
CyberYami
CyberYami CTF 2022
Regional competitive hacking event with focus on offensive security and cryptographic challenges.
2022
NahamCon CTF 2022 certificate
NahamSec
NahamCon CTF 2022
Major international CTF by NahamSec. Strong focus on web exploitation, cryptography, and forensics.
2022
OFPPT CTF 2022 certificate
OFPPT
OFPPT CTF 2022
International security challenge. Multi-discipline competition testing offensive and defensive capabilities.
2022
VishwaCTF 2022 certificate
VishwaCTF
VishwaCTF 2022
International multi-category CTF competition. Challenges spanning crypto, steganography, pwn, and reversing.
2022
CTFtime Annual Rating certificate
CTFtime.org
CTFtime Annual Rating
Cumulative competitive rating across multiple international CTF events logged on CTFtime.org.
2022
Pre-Security Path certificate
TryHackMe
Pre-Security Path
Foundational cybersecurity path: networking basics, Linux CLI, web fundamentals, and security concepts.
2021
Complete Beginner Path certificate
TryHackMe
Complete Beginner Path
Comprehensive beginner curriculum covering Linux, web app security, cryptography, and basic scripting.
2021
Web Fundamentals Path certificate
TryHackMe
Web Fundamentals Path
Web application security path: OWASP Top 10, XSS, SQLi, IDOR, authentication bypass, and Burp Suite.
2022
Jr Penetration Tester certificate
TryHackMe
Jr Penetration Tester
Full penetration testing methodology: recon, exploitation, privilege escalation, post-exploitation, and reporting.
2022
Offensive Pentesting Path certificate
TryHackMe
Offensive Pentesting Path
Advanced offensive security: Active Directory attacks, Buffer Overflow exploitation, and custom payload development.
2022
CompTIA Pentest+ Path certificate
TryHackMe
CompTIA Pentest+ Path
CompTIA Pentest+ preparation: planning, recon, exploitation, and compliance reporting aligned to exam objectives.
2023
Python Developer certificate
SoloLearn
Python Developer
Core Python programming: data structures, OOP, file I/O, and automation scripting fundamentals.
2022
Complete Python Bootcamp certificate
Udemy
Complete Python Bootcamp
In-depth Python from basics through Django web development, automation, and scripting.
2022
Java (Basic) certificate
HackerRank
Java (Basic)
Java fundamentals: OOP, collections, exceptions, and standard library usage.
2023
SQL (Advanced) certificate
HackerRank
SQL (Advanced)
Advanced SQL: window functions, CTEs, complex joins, aggregations, and query optimization.
2023
Avirtix Engineer certificate
Avirtix
Avirtix Engineer
Virtualization and enterprise IT infrastructure engineering certification.
2023
Ethical Hacker Essential certificate
CodeRed
Ethical Hacker Essential
Core ethical hacking: reconnaissance, scanning, exploitation, and professional reporting standards.
2022
Android App Pentesting certificate
CodeRed
Android App Pentesting
Android application security: APK reverse engineering, Frida hooking, and mobile exploitation.
2022
Android Bug Bounty certificate
CodeRed
Android Bug Bounty
Mobile bug bounty methodology: attack surface mapping, CVSS scoring, and professional report writing.
2022
Dark Web & OPSEC certificate
CodeRed
Dark Web & OPSEC
OPSEC fundamentals, Tor network architecture, and cryptocurrency basics for security researchers.
2022
Cisco Labs Crash Course certificate
CodeRed
Cisco Labs Crash Course
Cisco networking: routing protocols, switching, VLANs, and network packet analysis.
2023
Juniper SRX Router Config certificate
CodeRed
Juniper SRX Router Config
Enterprise network security: Juniper SRX firewall policy configuration via J-Web interface.
2023
Arduino & IoT Security certificate
CodeRed
Arduino & IoT Security
Embedded systems and IoT security: Arduino programming and Bluetooth communication protocols.
2023
Django Developer certificate
TarunSoft
Django Developer
Backend Django development: REST APIs, database schema design, deployment automation, and server configuration.
2023
QA Test Engineer certificate
TarunSoft
QA Test Engineer
Quality assurance engineering: test plan design, automated testing frameworks, and CI/CD pipeline integration.
2023
Python Developer Intern certificate
Remote
Python Developer Intern
Python internship: automation scripts, REST API integration, data processing pipelines.
2023
Backend Developer certificate
WriteBiz
Backend Developer
Full-stack backend development: PHP, Python, REST API design, database management, and security hardening.
2024–Present
Tools & Stack

Technology Arsenal

Languages Python PHP JavaScript HTML / CSS Bash C (basics)
Frameworks & Libraries Django Flask Django REST Playwright LlamaCPP Payment APIs
Cryptography ML-KEM / ML-DSA AES / ChaCha20 RSA / ECC HKDF / Argon2 SHA-3 / BLAKE3 Steganography Stream Ciphers Diffie-Hellman ECDSA / EdDSA ZKP (basics)
Databases MySQL PostgreSQL SQLite Redis Typesense Elasticsearch
DevOps & Tools Git Docker Linux Nginx Selenium GitHub Actions

Let's Build Something Secure

Looking for a backend engineer, cryptography researcher, or security consultant?
I'm open to collaborations, research partnerships, and contract work.

Start a Conversation
Contact

Get in Touch

Have a research question, a project idea, or want to work together? I respond to every serious inquiry.

Location
Bangladesh