Hassan Khan Yusufzai's Portfolio
Open Source Security Projects Contributions
- 🔒 Supply chain Security and Attacks: Presented a research on BlackHat MEA on NPM JS attack takeover vulnerability at scale.
- 🕵️ Open Source Secret Scanning: Presented a research in BlackHat MEA where hardcoded secrets were scanned in open source packages.
- 💎 Ruby On Rails Research: Vulnerabilities like Dependency confusion were tested at scale.
- 🌐 WordPress Research: Source code audit scanning and company attribution to the wordpress plugins was performed.
Speaking Experience
- 🎤 Presented in BlackHatMea, Riyadh 2022 - BlackHat MEA
- 🎤 Presented in BlackHatMea, Riyadh 2023 - BlackHat MEA
- 🎤 ThreatCon2023, Nepal
- 🎤 Eyesopensecurity, Virtual Conference
- 🎤 DevSecCon, Canada
- 🎤 TheSaSCon, KasperSky, Thailand
- 🎤 AllDayDevops, Virtual Conference
- 🎤 Conf42 DevSecOps 2023, Virtual Conference
Open Source Contributions & CVEs
- 🔍 CVE-2022-1556
- 🔍 CVE-2022-1559
- 🔍 CVE-2022-1557
- 🔍 CVE-2022-1560
- 🔍 CVE-2022-1391
- 🔍 CVE-2022-1392
- 🔍 CVE-2022-1396
- 🔍 CVE-2022-1390
- 🔍 Command Injection Vulnerability in Rising 1.0.2
Tools
- 🛠️ Vulnhub-Dr34d-Writeup - Created a vulnerable linux based machine with real life user and root level exploitation.
- 🔍 s1domains - Do subdomain scanning like agent 47.
- 🔒 fraudCheck - Identify bad IPs for easy categorisation.
- 🔍 easyxss - A simple threading-based tool to find reflection in parameters of multiple URLs for cross-site scripting identification.
- 🔒 s1domains - A simple and very easy to install linux based subdomain enumeration tool.
- 🔍 RailsResearch - Extensive Ruby On Rails research and dependency confusion vulnerability scanning on scale
Security Research
- 🔒 npm-account-hijacking-scanner - Identify NPM dependencies vulnerable to account hijacking.
- 📧 Extraction of NPM Emails using NPM APIs
- 🔒 rails-research - Public Research for Security Research at scale.
- 🔒 GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project ( Gemfile.lock ) and notifies you about their latest version.
- 📧 Extract Ruby Gems in one go
Blogs
- ✍️ Medium Blog
- ✍️ Main Website
Certifications
- 🎓 Offensive Security Certified Professional (OSCP) - Certification Verification link
- 🎓 Offensive Security PWK course Certification (PWK)
- 🎓 Elearn Junior Penetration Tester
- 🎓 Huawei - HICP Certification