Mazin Ahmed

Application and Infrastructure Security Engineering

Engineering Learnings from the CrowdStrike Falcon Outage

Secrets Patterns DB: Building Open-Source Regex Database for Secret Detection

Speaking at BlakcHat MEA 2022

DoS Attacks are Dead: Demystifying Practical DoS Attacks

Shennina Framework - Automating Host Exploitation with AI

Scan Terraform plans and changes with tfquery via SQL-powered framework

Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools

Attacking Modern Environments Series: Attack Vectors on Terraform Environments

Interview With the AppSec Podcast: Terraform Security

tfquery: Run SQL queries on your Terraform infrastructure

DDoS is not Dead: Building a Scalable DDoS Framework

Interview with Sectastic Podcast: How I started, What is FullHunt, and How are Security Startups in the GCC Region

Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom

Bad Marketing: COVID-19 and Cyber Security

The Path for Testing Path Traversal Vulnerabilities with Python

OhMyZsh dotenv Remote Code Execution

Book Review: WASEC By Alessandro Nadalin

Practical Approaches for Testing and Breaking JWT Authentication

[Research] Overview of the Application-Level Security of the Swiss Evoting System

Backchannel Leaks on Strict Content-Security Policy

Practical Protection Against DNS Rebinding Attacks

Creating an Emojis PHP WebShell

Using HTML Attribute Separators for Bypassing WAF XSS Filters

Bypassing CSP by Abusing JSONP Endpoints

[Book Review] ModSecurity Handbook - 2nd Edition

Starting in InfoSec - 101

Using Ubuntu .DESKTOP as a Malware Vector

Exploiting Misconfigured Apache server-status Instances with server-status_PWN

Bug Bounty Hunting - Swiss Cyber Storm 2016

Backup-File Artifacts: The Underrated Web-Danger

Google UI-Redressing Bug That Discloses The User's Email Address

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

Why Prebuilt Security Browsers are Bad: Introducing Firefox Security Toolkit

Evading All Web-Application Firewalls XSS Filters

Bypassing Google Password Alert with One Line of Code

Facebook Messenger Multiple CSRF Vulnerabilities

Summary of HSTS Support in Modern Browsers

My Experience with eBay Bug Bounty Program

W3 Total Cache's W3TotalFail Vulnerability That Leads to Full Defacement (CVE-2014-9414)

Session Hijacking in Instagram Mobile App via MITM Attack [0-DAY]

My Story with Onavo (a Facebook's Acquisition)

Cross-Site Scripting on Wikileaks

PHP Code Execution on Bugcrowd

SQL Injection and Cross-site Scripting at the website of the University of Calgary

Open Redirector on Google.com

Acknowledged By Oracle