Resume

Ehsan Nezami
[Senior Security Researcher · Cyber Security Expert · Application Security]
[ehsan@nezami.me][ehsan.nezami@owasp.org] [nezami.me


SUMMARY
IT Security Expert with a demonstrated history of working in Information Security and Software Engineering. Skilled in Cyber Security, Programming, and Reverse Engineering, OWASP contributor and Open Source Developer.


WORK EXPERIENCE
[2017] - [Present]
[CYBERSECURITY RESEARCHER] [ZDRESEARCH LLC]
[ZDResearch (ZD) is an advanced vulnerability research / penetration testing team and I start working from 2017 as a Senior Security Researcher and Full Stack Developer] [zdresearch.com]
·         Exdemy (Online Training System with Automated DRM Service) [exdemy.com]
·         National Collegiate Cyber Defense Competition [zdresearch.com]
·         AntiPHP (Novel PHP Dynamic Sandbox and Malware Detector) [antiphp.com] [R&D Phase]
·         Scadapot ICS Honeypot Framework  [https://scadapot.com/#slider]


[2016] – [2017]
[CHIEF INFORMATION SECURITY OFFICER] [FARANEGAR KNOWLEDGEWARE COMPANY LLC]
[Work as CISO, despite it was a startup company, I do all leadings on my own also worked as a developer and managing content producer, UI, UX, Developers, Security Researchers teams.] [faranegarcompany.com]


[2015] – [PRESENT]
[OWASP Contributor]
[Worked as IT Security Expert Volunteer, Open Source Developer, Security Researcher and contributor in OWASP Iran chapter.] [https://www.owasp.org/]
·         [Contributor of OWASP Nettacker Project - OWASP Nettacker is an open source software in Python language which lets you automated penetration testing and automated Information Gathering. This software can be run on Windows/Linux/OSX under Python.] [https://www.owasp.org/index.php/OWASP_Nettacker]
[OWASP Honeypot]
·         [OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.]



[2014] – [PRESENT]
[SECURITY RESEARCHER – VOLUNTEER] [OFFSEC RESEARCH OPEN COMMUNITY]
[Security Researcher at OFFSEC Research, First Iranian Cyber Security Magazine. Offensive cybersecurity researching group comprised of world-renowned hackers and security experts.] [offsec.ir]
·         Online Magazine
·         Security Researching
·         Blogging
·         First Annual Cyber Security Conferences
·         Workshop Organizing


[2013] – [2015]
[PENTESTER] [RED TEAM] [FREELANCE]
[Worked as penetration tester leader and red teamer with multiple companies, banks and datacenters]



[2010] – [2012]
[SECURITY RESEARCHER – VOLUNTEER] [RED TEAM]
[Consultant and guides as security management for server email systems and penetration testing in CICT of Iran]

EDUCATION
[2016] – [2017]
[INFORMATION SECURITY TECHNOLOGY ENGINEERING] [uast.ac.ir INSTITUTE]
[Bachelor's degree]
[2009] – [2014]
[INFORMATION TECHNOLOGY ENGINEERING] [uast.ac.ir INSTITUTE]
[IT Associate Degree]
[2006]

[SOFTWARE TECHNOLOGY ENGINEERING] [Diploma]



CERTIFICATION
[2013]
Certified Ethical Hacker (CEH 7)


ACTIVITIES

·         Accepted for Black Hat Asia Arsenal 2019 [blackhat.com]
·         GSoC 2019 mentor (Google Summer of Code) [owasp.org]
·         OWASP Honeypot Leader [github.com]
·         OWASP Nettacker Contributor [github.com]
·         Sqlmap Contributor [github.com]
·         WPscan Contributor [github.com]
·         Organize OFFSECCONF 2017 [offsec.ir]
·         Organize Hack Dat Kiwi CTF 2015 [2015.hack.dat.kiwi]
·         Reverse engineering on PHP files [nezami.me]
·         Programming  full automate WIFI security testing tool with Python,QT,Zenity,Yad  (WPS/Crack)
·         make new Linux like Kali with new squash files and boot also persistence mode capability
·         Configuration of ciphered currency mining systems using RIG and ASIC devices
·         Website Security Testing and Vulnerability Reporting :
       - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17220
       - https://nvd.nist.gov/vuln/detail/CVE-2019-17220?cpeVersion=2.2
       - https://www.exploit-db.com/exploits/17807/
-  https://cxsecurity.com/issue/WLB-2011050028
-  https://cxsecurity.com/issue/WLB-2012010230
-  https://cxsecurity.com/issue/WLB-2012040070
-  http://irfantoor.com/exploits/show?id=18045
- https://packetstormsecurity.com/files/154701/Rocket.Chat-Cross-Site-Scripting.html
- https://packetstormsecurity.com/files/100511/CMS-Of-Saudi-SQL-Injection.html
- https://packetstormsecurity.com/files/100516/W-Techno-Shell-Upload.html
- https://packetstormsecurity.com/files/100812/Saudisoftech-SQL-Injection.html
- https://packetstormsecurity.com/files/130588/vBulletin-4.2.2-Remote-Code-Injection.html
- https://vulners.com/zdt/1337DAY-ID-16027




EXPERTISE
Penetration Testing (White/Black Box) (Web, Mobile Apps, API, Network, etc.), Securing Services, Security Code Review, Research and Development, Monitoring and Network Security, Programming and Creating Tools, Data Integrity & Disaster Recovery, Backup Services, Virtualization & Cloud Technologies, Risk Assessment & Impact Analysis. 


HOBBIES
GitHub, CTF, writing code, listening to music, Watching movies, Driving, Social networks, and Thinking.


SKILLS
·         Language
§  Persian (Native)  

·         Computer Skills
§  Hacking
§  Code Audit
§  Web Security
§  Malware Analysis

·         Reverse Engineering
§  Malware Analyzing
§  Sandbox & Analysis Lab

·         Programming Languages
§  Python
§  PHP
§  Perl
§  Bash
§  C++

·         Security/Penetration Testing
§  Low Level Analysis
§  Web Application
§  Client
§  Operating Systems

·         Virtualization
§  VMWare WorkStation
§  VMWare ESXI
§  VMWare Fusion

·         Operating System
§  Windows
§  Linux Red Hat
§  CentOS
§  Ubuntu

·         Database
§   MySQL
§   SQLite

·         Managing Servers
§  Secure Linux Servers
§  iptables
§  CSF
§  Build Unique Services
§  Monitoring
§  Create Backup Services

§  English (intermediate)


§  Network Security
§  Forensic
§  Crypto
§  Kernel Hacking


§  Shellcoding
§  AV Bypass


§  JavaScript
§  C#
§  Java
§  HTML
§  CSS


§  Network
§  Server
§  Services
§  Social Engineering


§  Virtual Box
§  KVM
§  Qemu
§   


§  Debian
§  Kali
§  iOS
§  Android


§   MS SQL Server


§  pfsense
§  Snort
§  Windows Firewall
§  Active Directory
§  modsecurity