AKasem1

Analyzes cloud IAM vulnerabilities across AWS, Azure, and GCP, focusing on external exploitation and privilege escalation techniques.

Identifies and exploits API security misconfigurations, including mass assignment, JWT vulnerabilities, and CORS issues.

Identifies and mitigates LLM/AI feature bugs, focusing on security vulnerabilities like prompt injection and data exfiltration.

Identifies vulnerabilities in MFA/2FA implementations through various bypass techniques, enhancing security assessments.

Identifies and exploits SAML/SSO vulnerabilities, enhancing security assessments against XML Signature Wrapping and other attack patterns.

Detects server-side template injection vulnerabilities across various templating engines, enabling escalation to remote code execution.

Explores Microsoft 365 Entra ID attack vectors, providing insights for credential attacks and user enumeration scenarios.

Detects client SOC patches and attacker activity during red-team engagements, converting observations into actionable findings.

Provides a comprehensive toolkit for authorized external red-team and bug-bounty reconnaissance, including probes, wordlists, and discovery techniques.

Enhances red team operations by instilling a mindset that prioritizes offensive testing and thorough engagement strategies.

Facilitates the creation of structured red-team reports for client engagements, ensuring clarity for both technical and non-technical stakeholders.

Analyzes and exploits vulnerabilities in SSL VPN appliances, providing a comprehensive attack matrix for various platforms.

Enhances bug-bounty submissions by ensuring proper evidence hygiene, focusing on sensitive data redaction and secure evidence capture protocols.

Identifies and exploits ASP.NET vulnerabilities, focusing on deserialization issues and security misconfigurations.

Provides a comprehensive taxonomy for identifying and exploiting account takeover vulnerabilities across various attack paths.

This skill aids in identifying and exploiting authentication bypass vulnerabilities, enhancing security assessments for web applications.

Identifies and validates cloud infrastructure misconfigurations across AWS, GCP, and Azure to enhance security posture.

Identifies and exploits file upload vulnerabilities, including RCE, XSS, and SSRF, using various bypass techniques for security testing.

Identifies and exploits HTTP request smuggling vulnerabilities by analyzing inconsistencies in header parsing between proxies and servers.

Identifies NTLM information disclosure vulnerabilities in internet-exposed IIS/SharePoint/Exchange servers for enhanced security assessments.