Hassan Khan Yusufzai's Portfolio

Open Source Security Projects Contributions

🔒 Supply chain Security and Attacks: Presented a research on BlackHat MEA on NPM JS attack takeover vulnerability at scale.
🕵️ Open Source Secret Scanning: Presented a research in BlackHat MEA where hardcoded secrets were scanned in open source packages.
💎 Ruby On Rails Research: Vulnerabilities like Dependency confusion were tested at scale.
🌐 WordPress Research: Source code audit scanning and company attribution to the wordpress plugins was performed.

🛠️ Vulnhub-Dr34d-Writeup - Created a vulnerable linux based machine with real life user and root level exploitation.
🔍 s1domains - Do subdomain scanning like agent 47.
🔒 fraudCheck - Identify bad IPs for easy categorisation.
🔍 easyxss - A simple threading-based tool to find reflection in parameters of multiple URLs for cross-site scripting identification.
🔒 s1domains - A simple and very easy to install linux based subdomain enumeration tool.
🔍 RailsResearch - Extensive Ruby On Rails research and dependency confusion vulnerability scanning on scale
🔍 Exploitation Script of CVE-2022-31814 - Updated Exploit - pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)

🔒 npm-account-hijacking-scanner - Identify NPM dependencies vulnerable to account hijacking.
📧 Extraction of NPM Emails using NPM APIs
🔒 rails-research - Public Research for Security Research at scale.
🔒 GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project ( Gemfile.lock ) and notifies you about their latest version.
📧 Extract Ruby Gems in one go

🎓 Offensive Security Certified Professional (OSCP) - Certification Verification link
🎓 Offensive Security PWK course Certification (PWK)
🎓 Elearn Junior Penetration Tester
🎓 Huawei - HICP Certification