Mazin Ahmed
Cyber Security Engineer (Offensive Security)
Home
Blog
About
Projects
Awards
Press
Hire Me
CV
Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools
Attacking Modern Environments Series: Attack Vectors on Terraform Environments
Interview With the AppSec Podcast: Terraform Security
tfquery: Run SQL queries on your Terraform infrastructure
DDoS is not Dead: Building a Scalable DDoS Framework
Interview with Sectastic Podcast: How I started, What is FullHunt, and How are Security Startups in the GCC Region
Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom
Bad Marketing: COVID-19 and Cyber Security
The Path for Testing Path Traversal Vulnerabilities with Python
OhMyZsh dotenv Remote Code Execution
Book Review: WASEC By Alessandro Nadalin
Practical Approaches for Testing and Breaking JWT Authentication
[Research] Overview of the Application-Level Security of the Swiss Evoting System
Backchannel Leaks on Strict Content-Security Policy
Practical Protection Against DNS Rebinding Attacks
Creating an Emojis PHP WebShell
Using HTML Attribute Separators for Bypassing WAF XSS Filters
Bypassing CSP by Abusing JSONP Endpoints
[Book Review] ModSecurity Handbook - 2nd Edition
Starting in InfoSec - 101
Using Ubuntu .DESKTOP as a Malware Vector
Exploiting Misconfigured Apache server-status Instances with server-status_PWN
Bug Bounty Hunting - Swiss Cyber Storm 2016
Backup-File Artifacts: The Underrated Web-Danger
Google UI-Redressing Bug That Discloses The User's Email Address
Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks
Why Prebuilt Security Browsers are Bad: Introducing Firefox Security Toolkit
Evading All Web-Application Firewalls XSS Filters
Bypassing Google Password Alert with One Line of Code
Facebook Messenger Multiple CSRF Vulnerabilities
Summary of HSTS Support in Modern Browsers
My Experience with Ebay Bug Bounty Program
W3 Total Cache's W3TotalFail Vulnerability That Leads to Full Defacement (CVE-2014-9414)
Session Hijacking in Instagram Mobile App via MITM Attack [0-DAY]
My Story with Onavo (a Facebook's Acquisition)
Cross-Site Scripting on Wikileaks
PHP Code Execution on Bugcrowd
SQL Injection and Cross-site Scripting at the website of the University of Calgary
Open Redirector on Google.com
Acknowledged By Oracle
rss
facebook
twitter
github
gitlab
youtube
mail
spotify
lastfm
instagram
linkedin
google
google-plus
pinterest
medium
vimeo
stackoverflow
reddit
quora
quora
