Summary

Cybersecurity Consultant & 0day Researcher with extensive experience in Information Technology.

Adaptable, and calm in crisis situations.

Ability to communicate technical language into non-technical language to help others learn, understand. Driven by a desire to find solutions to business problems, and resolve issues quickly with cost effective and

sometimes novel ways.

Currently acting as a a Cyber Security Consultant, and have held roles in Code Review , Internal / External Penetration Testing , Firmware Analysis.

Work Experience

Thales

CyberSecurity Consultant

January 2018 - Now

  • Perform formal penetration tests on web-based applications, networks and computer systems.
  • Conduct physical security assessments of servers, systems and network devices.
  • Design and create new penetration tools and tests.
  • Probe for vulnerabilities in web applications, fat/thin client applications and standard applications.
  • Pinpoint methods that attackers could use to exploit weaknesses and logic flaws.
  • Research, document and discuss security findings with management and IT teams.

Henceforth

Penetration Tester

November 2016 - January 2018

  • Create new tests to identify vulnerabilities across several systems.

  • Use physical security tests and identify areas that need physical protection.

  • Find vulnerabilities in popular, common software as well as proprietary applications Pinpoint entry points for hackers.

  • Use social engineering to identify improvement for security awareness.

KAZAR

Source Code Auditor

June 2016 - October 2016

  • Assist development teams in preparing code for auditing.
  • Analyze source code on a line-by-line basis Review authentication, authorization, session and communication mechanisms.
  • Conduct penetration testing to determine high-risk and low- risk vulnerabilities - Identify issues that could result in unauthorized access or leaking of sensitive information.
  • Understand the subtleties of commercial and open source licensing.
  • Review third party commercial and/or open source libraries. Deliver audit results to development and legal teams.

FSD

Penetration Tester

June 2015 - May 2016

  • Performed network Web Apps and system penetration testing.
  • Researched and analyzed known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.
  • Created written reports, detailing assessment findings and recommendations.
  • Provided oral briefings to leadership and technical staff, as necessary.
  • Provided occasional, assistance with the development and maintenance of internal Red Team methodology, to include training program.

Skills

  • Python, C , PHP , Assembly

    Firmware Analysis

    Patch Diffing

    Exploit Development (x86 , x64 , MIPS)

    Fuzzing

    Code Analysis

    Reverse Engineering

CVEs & Public Vulnerabilities

  • Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)

  • Microsoft Windows 10 Local Privilege Escalation

  • Lenovo Power Management Driver Buffer Overflow (CVE-2019-6192)

  • Microsoft Windows 10 scrrun.dll Active-X Creation / Deletion Issues

  • pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection (CVE-2019-16701)

  • AVCON6 Systems Management Platform Remote Root

  • EyesOfNetwork 5.1 Remote Command Execution

  • LW-N605R Remote Code Execution

  • FutureNet NXR-G240 Series ShellShock Command Injection (CVE-2014-6271)

More: https://www.exploit-db.com/?author=8856

Achievements

Bug Bounty - Hall Of Fame

  • Intel Hall Of Fame (Bug Bounty)

  • Google Hall Of Fame (Bug Bounty)

  • Lenovo Hall Of Fame

  • Offensive Security Hall Of Fame (Bug Bounty)

  • AT&T Hall Of Fame (Bug Bounty)

  • Delen Private Bank Hall Of Fame (Bug Bounty)

  • Netgear Hall Of Fame (Bug Bounty)

  • Symantec Hall Of Fame (Bug Bounty)

  • Wordpress Hall Of Fame (Bug Bounty)

  • Zoho Hall Of Fame (Bug Bounty)

Education

Al Maghreb El Aarabi

baccalauréat

2018 - 2018

Languages

Language

English

Very Good

Language

Arabic

Mother Tongue

Language

French

Good

Language

German

Good