How I Became the #1 Security Researcher on the DHS VDP (10/2024 — 4/2025)

It started with checking my visa petition status online. Six months later, I was the #1 security researcher for the Department of Homeland Security, responsible for 8 out of 11 critical vulnerabilities found across their systems from October 2024 to April 2025. I will tell you how this happened and the systematic approach that made it possible.

In this talk I will cover code fingerprinting, domain enumeration, source code scanning, client-side JavaScript analysis, and creative information gathering through Google Dorking. I'll share the techniques and scripts I used, demonstrate these methods on lab targets, and walk through my experience of how pattern recognition enabled systematic vulnerability discovery.