Web Application security testing, Vulnerability Assessment, mobile application penetration testing
Currently working as Security researcher in Hackerone and Red team member in synack platform
Now I have been working for about 6 years in the field of penetration testing and I was talented in
penetration testing, especially the field of bug bounty
Excellent communication skills with proven abilities in resolving complex networking, hardware &
software
Excllent in Mobile application penetration testing and decombiling the application and source code review also exported activities attack
Proficient in Linux operating system configuration, utilities and programming
Extensive knowledge of hardware, software, and networking technologies to provide a powerful
combination of
Great knowledge in OSI 7 Layers and how it work
Great knowledge in mobile application penetration testing tools like dex2jar and jadx and I created some automated tools for this and for web also
I've Created some tools in community also to helping in recon
Like HackerOne I still red team member in synack platform so I rewarded some exprience for network penetration testing and also I have acknoledgement from some Companies on the platform also a part time job
Vulnerability Assessment and Security Researcher
I have worked since 2016 on the hackerone platform and I have been honored by more than one public or
private program and also made good financial rewards and took the wall of honor in many programs on the
platform now my rank on egypt is the 2nd on the egypt country on hackerone leaderboard
https://hackerone.com/leaderboard/country
Also I acknoledgement from a lot of Bug bounty programs on hackerone and on external programs like : Google, MailRu, ebay, telekom +150
In 2020, I worked as a network penetration tester at Huawei Mobile, then I left after one year due to the lack of
comfort, but I also took the experience of her time to work as a network penetration tester
Web Application Penetration Testing
Network vulnerability scan and penetration testing
Mobile application penetration testing
Experience with tools like : Burpsuite Wireshark Nmap Hydra Sqlmap Metasploit Hydra nessus and other of my owner devoleped tools and community tools also
Real-time traffic analysis, network IDS and packet dissection
Wireless Penetration Testing - WPA, WPA2, WEP tration Testing - WPA, WPA2, WEP
Knowledge of operating systems, application software and cyber security tools Remote access support
Great knowledge and progrraming using PHP
Great knowledge and scripting using Python
Great knowledge and scripting using bash
Great knowledge and progrraming using Javascript
In penetration testing Web and android I've created some tools to help researchers in Recon and penetration testing proccess like: aboutsub
https://github.com/M359AH/aboutsub
aboutsub Is help researchers to find the ports opened on the subdomains so attacker/researcher may can use it for exploit some service or misconfiguration on some serivce on this port
https://github.com/M359AH/DepFine
DepFine it based on dependency confusion vulnerability so you give this tool the raw link of the package.json file and the tool will search for the dependencies and get the Vulnrable dependency allow attacker to claim it and takeover the dependency and this lead to RCE Vulnerability and I've founded on a lot of sites
I've found some vulnerability with a wonderful thinks so I have blog on medium to share my logic vulnerabilites with a new things like :
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d
This blog about Vulnerability I have found in some site RCE From file upload page but It's blind and I make it allow to access commands and see /etc/passwd from a blind RCE To full RCE Vulnerability
Also this is priveleges escalation I've found on private program on H1 Platform
https://medium.com/@Hossam.Mesbah/owner-is-lier-privileges-escalation-36ade728f2fb?source=your_stories_page
It gave the normal user the admin perrmissions and can delete the admin
Then the IDOR Vulnerability Blog maybe the manager is hacker is gave the normal user access to delete the admin from the project permanently
https://medium.com/@Hossam.Mesbah/maybe-the-manager-is-hacker-idor-d005f49aa0a3?source=your_stories_page
Also this CSRF Vulnerability allow attacker to exploit on the same Affected site without host his script on external website
https://medium.com/@Hossam.Mesbah/cross-site-request-forgery-critical-exploitable-in-infected-site-a271aedeed2f?source=your_stories_page
A
This is my links about my works and socials:
Hackerone: https://hackerone.com/m359ah
GitHub: https://github.com/M359AH
Twitter: https://twitter.com/m359ah
Medium : https://medium.com/@Hossam.Mesbah/
In penetration testing Web and android I've created some tools to help researchers in Recon and penetration testing proccess like: aboutsub
https://github.com/M359AH/aboutsub
aboutsub Is help researchers to find the ports opened on the subdomains so attacker/researcher may can use it for exploit some service or misconfiguration on some serivce on this port
https://github.com/M359AH/DepFine
DepFine it based on dependency confusion vulnerability so you give this tool the raw link of the package.json file and the tool will search for the dependencies and get the Vulnrable dependency allow attacker to claim it and takeover the dependency and this lead to RCE Vulnerability and I've founded on a lot of sites
I've found some vulnerability with a wonderful thinks so I have blog on medium to share my logic vulnerabilites with a new things like :
https://medium.com/@Hossam.Mesbah/ghost-let-me-inject-os-commands-rce-a6e71e54445d
This blog about Vulnerability I have found in some site RCE From file upload page but It's blind and I make it allow to access commands and see /etc/passwd from a blind RCE To full RCE Vulnerability
Also this is priveleges escalation I've found on private program on H1 Platform
https://medium.com/@Hossam.Mesbah/owner-is-lier-privileges-escalation-36ade728f2fb?source=your_stories_page
It gave the normal user the admin perrmissions and can delete the admin
Then the IDOR Vulnerability Blog maybe the manager is hacker is gave the normal user access to delete the admin from the project permanently
https://medium.com/@Hossam.Mesbah/maybe-the-manager-is-hacker-idor-d005f49aa0a3?source=your_stories_page
Also this CSRF Vulnerability allow attacker to exploit on the same Affected site without host his script on external website
https://medium.com/@Hossam.Mesbah/cross-site-request-forgery-critical-exploitable-in-infected-site-a271aedeed2f?source=your_stories_page
A
This is my links about my works and socials:
Hackerone: https://hackerone.com/m359ah
GitHub: https://github.com/M359AH
Twitter: https://twitter.com/m359ah
Medium : https://medium.com/@Hossam.Mesbah/