Résumé
An awesome person
> Download as PDF
EXPERIENCE
Security Consultant- Ernst & Young(EY) July 2019 to Present
Currently Working as a Security Analyst supporting Technology Consulting Team(A&P) on MENA & EMEIA Regions . Responsible for conducting penetration testing of wide variety of applications.
Project & Tasks Handled
- Performed Mobile(iOS/Android) application security assessment for world largest health and beauty retail group.
- Experienced with tools like Frida, Objection, Drozer , Mobsf ,Passion fruit required for Mobile Application Pentesting
- Performed network and web application penetration testing exercise for clients various sector(banking,retail )across MENA and EMEIA
- Performed penetration testing of desktop applications (Thick Clients)
- Security assessment of Citrix restricted environment applications
- Provide best practice suggestions to developers on fixing issues
- Trained colleagues on mobile (iOS/Android) application security assessments
- Developed a Hardware HID For Red Team Assessments
Information Security Consultant - Netsentries June 2018 to July 2019
Worked as Penetration Tester. Responsible for conducting penetration testing of wide variety of applications.
Project & Tasks Handled
- Conducted onsite assessments – travel to client site and perform assessment based on client requirement and scope.
- Conducted Security assessments for several Banking Mobile, Web and Infrastructures across GCC
- Performed Red Team Assessment in one of the Leading Bank in Dubai
- Conducted Spear Phishing Activities – OSINT, Advanced Social Engineering.
- Performed Mobile application PT (BlackBox, GreyBox)
- Performed Web application PT (BlackBox, GreyBox)
- Performed Firmware Analysis of Point of Sale Devices
- Conducted External and Internal Infrastructure penetration tests
- Developed Modules for SIEM Product based on ELK Stack
- Developed a Python based Automated tool for Firmware Analysis and Exploitation.
Technology Expertise
- Mobile Application Security(Android/iOS)
- Mobile Application Testing Frameworks – Frida, Drozer, Passionfruit, Objection
- Mobile Application Tools – Mobsf, dx2jar, Apktool, Jadx
- Web Application Security
- Network Penetration Testing
- Firmware Analysis – Binwalk, Firmwalker, Firmadyne
- Hardware Penetration Testing – UART, JTAG, SPI, I2C
- Programming Languages – Python, C, Dart
- Exploitation Tools – Metasploit, Empire, Koadic
- Web Application Scanners – Burp Suite Pro, ZAP
- Vulnerability Assessment tools – Nexpose, Nikto, OpenVas
- Network sniffers – Wireshark , TCPdump
Achivements
- Awarded CVE-2020-6170 for finding a critical vulnerability.
- Successfully Enrolled My Exploit in Google Exploit DB: 47961
- Bounty Awarded for finding Critical Issue in France Leading Mobile Application – BlaBlaCar, BlaBlaBus
- Hall of the Fame Awarded for finding security issues in below Apps
- Ibotta
- Lime
- Deezer
- DailyMotion
- Acknowledgment received from SaudiCERT, OmanCERT, IndianCERT for finding Critical RCE
- RedLogger – Next Generation HID Device Selected for Presentation in DEFCON Kuwait
- Speaker at Google Dev Fest 2019 on Breaking Into Android Apps
- Part of Volunteering team at DEFCON 2020, RedTeam Village
- Core Organizer YASCON 2020
*****
When solving problems dig @ roots, instead of just hacking at the leaves.
made with ☕ and 🛠️