Whoami - Resume

date
Mar 13, 2024
slug
about
status
Published
tags
Life
Friends
summary
whoami /all
type
Page
Amine El.Sassi - Zwx
Tunisia
+216 28025561
GitHub | elsassiamine@gmail.com

Professional Experience

Cyber Security Consultant
Feb 2023 – March 2024
Trustable, Tunis, Tunisia
  • Led and executed comprehensive Penetration Testing Assessments for prominent European enterprises.
  • Conducted Code Review missions.
  • Web/mobile application penetration testing
  • Developed critical tools, including a Penetration Testing Reporting Tools, DevSecOps pipelines, and Automated Security Scanner.s
Cyber Security Specialist
Aug 2022 – May 2023
VegaNext Inc, California, USA (Remote - Contractual)
  • Executed Infrastructure Penetration Testing for major supply chain companies in the USA.
  • Conducted assessments of web applications
  • Demonstrated expertise in system administration, managing Windows and Linux servers.
  • Oversaw vulnerability management and assessment.
Cyber Security Consultant
Oct 2021 – Oct 2022
Pwn and Patch, Tunisia
  • Conducted internal penetration testing assessments for banks and industries across Africa and Europe.
  • Collaborated on Web and Cloud Penetration Testing missions, including assessments of Azure AD, AWS, and Google Cloud.
  • Developed tools to streamline enumeration and exploitation processes.
  • Participated in hardware and IoT devices penetration testing missions.

Research Experience

Remote Code Execution in Helpspot - CVE-2023-50978
Oct 2023 – Present
W&M Security Team, Security Researcher and CTF Player
  • Uncovered an arbitrary unauthenticated deserialization vulnerability in Helpspot software
  • Development of a fuzzer for PHP frameworks
  • Successful creation of an exploitation chain (pop chain) in WordPress

Education

Higher Institute of Informatics of Tunis
Sept 2019 – Jul 2022
  • Bachelor's in Embedded Systems and Internet of Things with a specialization in Cyber Security.
  • Member of the CTF Team.

Certifications

  • Certified Red Team Professional (CRTP) - Pentester Academy
  • API Security - Pentester Lab
  • Web Application Security - Pentester Lab
  • Code Review - Pentester Lab
  • Advanced Web Application Pentesting (EWPTXv2) - INE

Awards & Honors

  • Defcon Finalist 2023 with Straw Hats Team.
  • BUUCTF TOP 10 Players.
  • Ranked 1st in CTFtime - Project Sekai 2022.
  • 1st Place in the Tunisian National Cybersecurity Challenge - SupCom, Hackfest 2021.
  • Award of Authors for writing Web and Binary Exploitation challenges - Esprit, Securinets 2022.

Other Interests

  • CTF, Bug Bounty, Exploit Development, Web Development, Binary Exploitation, Code Review, DevSecOps.

Specialized Skills

  • Strengths : Application Security, Cloud infrastructure, Active Directory, and Internet of Things.
  • Web Development: Nodejs, PHP native, Flask, Django, FastAPI, Java Spring Boot.
  • Programming: C, Rust, Golang, Java, C++

Languages

  • Arabic: Native
  • French: Professional
  • English: Professional
 
 

© Amine Elsassi 2021 - 2024