Whoami - Resume
date
Mar 13, 2024
slug
about
status
Published
tags
Life
Friends
summary
whoami /all
type
Page
Amine El.Sassi - Zwx
Tunisia
+216 28025561
GitHub | elsassiamine@gmail.com
Professional Experience
Cyber Security Consultant
Feb 2023 – March 2024
Trustable, Tunis, Tunisia
- Led and executed comprehensive Penetration Testing Assessments for prominent European enterprises.
- Conducted Code Review missions.
- Web/mobile application penetration testing
- Developed critical tools, including a Penetration Testing Reporting Tools, DevSecOps pipelines, and Automated Security Scanner.s
Cyber Security Specialist
Aug 2022 – May 2023
VegaNext Inc, California, USA (Remote - Contractual)
- Executed Infrastructure Penetration Testing for major supply chain companies in the USA.
- Conducted assessments of web applications
- Demonstrated expertise in system administration, managing Windows and Linux servers.
- Oversaw vulnerability management and assessment.
Cyber Security Consultant
Oct 2021 – Oct 2022
Pwn and Patch, Tunisia
- Conducted internal penetration testing assessments for banks and industries across Africa and Europe.
- Collaborated on Web and Cloud Penetration Testing missions, including assessments of Azure AD, AWS, and Google Cloud.
- Developed tools to streamline enumeration and exploitation processes.
- Participated in hardware and IoT devices penetration testing missions.
Research Experience
Remote Code Execution in Helpspot - CVE-2023-50978
Oct 2023 – Present
W&M Security Team, Security Researcher and CTF Player
- Uncovered an arbitrary unauthenticated deserialization vulnerability in Helpspot software
- Development of a fuzzer for PHP frameworks
- Successful creation of an exploitation chain (pop chain) in WordPress
Education
Higher Institute of Informatics of Tunis
Sept 2019 – Jul 2022
- Bachelor's in Embedded Systems and Internet of Things with a specialization in Cyber Security.
- Member of the CTF Team.
Certifications
- Certified Red Team Professional (CRTP) - Pentester Academy
- API Security - Pentester Lab
- Web Application Security - Pentester Lab
- Code Review - Pentester Lab
- Advanced Web Application Pentesting (EWPTXv2) - INE
Awards & Honors
- Defcon Finalist 2023 with Straw Hats Team.
- BUUCTF TOP 10 Players.
- Ranked 1st in CTFtime - Project Sekai 2022.
- 1st Place in the Tunisian National Cybersecurity Challenge - SupCom, Hackfest 2021.
- Award of Authors for writing Web and Binary Exploitation challenges - Esprit, Securinets 2022.
Other Interests
- CTF, Bug Bounty, Exploit Development, Web Development, Binary Exploitation, Code Review, DevSecOps.
Specialized Skills
- Strengths : Application Security, Cloud infrastructure, Active Directory, and Internet of Things.
- Web Development: Nodejs, PHP native, Flask, Django, FastAPI, Java Spring Boot.
- Programming: C, Rust, Golang, Java, C++
Languages
- Arabic: Native
- French: Professional
- English: Professional