Hack Red Con 2024
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Reframing the “Success” of an Offensive Test: Taking a Risk-Based Approach
Celina StewartOct. 25
My name is Ahmed Hassan, and I currently reside in Vienna, Austria. I have been working in the field of Penetration Testing and Cybersecurity as an Engineer and Consultant for the past 6 years. During my career, I have had the privilege of delivering numerous talks and presentations, including participation in the Arab Security Conference in Egypt and attendance at BlackHat events in Saudi Arabia and the UAE.
I had the honour to be a speaker in: Arab Security Conference 2024 (EGYPT) ConstraTech 2024 (EGYPT) Talk in Arab Security Conference 2023 (EGYPT) Online Webinar with Eng. Mohamed Khreesha - How to start your Career in Cyber Security as a Penetration Tester ? Cyber Security Webinar at Rabdan Academy government University in Dubai 2x Times iExperts UK Talk about Web Application Penetration Testing (English) Webinar about Cyber Security for Ain Shams University (EGYPT) mutiple online Webinar about Web Application Penetration Testing and Cyber Security Talk about Cyber Security in Arab Open University (EGYPT) Online Webinar for Universities regarding Cyber\ Security Awareness Training for Companies/Banks (for example BAWAG Austria Bank) also based in Austria CEH, CND Instructor Course (online and onsite in the Netherlands, London, Saudi Arabia (Goverment Entity) and UAE) -> of course I have covered other Courses about Security and specifically Penetration TestingI have also successfully identified various vulnerabilities in government and organizational systems worldwide. Some notable examples include: Sparkasse (Austrian Bank)
Abu Dhabi Commercial Bank (Egypt) - API Penetration Testing Austro Arab Chamber of Commerce (Austria) OPEC (Austrian Website) ÖBB (AustrianFederal Railways) SAP - I identified three vulnerabilities and am listed on their Hall of Fame. United Nations (UN) - You can find my achievements in their Hall of Fame by searching for Ahmed Hassan. Government Technology Agency of Singapore (GovTech) MTN Group (Received recognition on Hackerone) UK Government U.S. Department of State - I discovered seven vulnerabilities, including Stored XSS, SQL Errors, and SQL Injection. NASA Indian Government - I identified a Stored Cross-Site Scripting (XSS) vulnerability. Philippine Government - I discovered a Reflected Cross-Site Scripting (XSS) vulnerability. CERT-EU (Computer Emergency Response Team for EU institutions) - You can find my achievements in their Hall of Fame by searching for Ahmed Hassan. Scottish Government - Multiple vulnerabilities identified. New Zealand Government Huawei - I identified stored XSS and a File Upload Restriction Bypass. Drexel University of Texas at Austin - My contributions can be found by searching for Ahmed Hassan on their bug bounty program. HP (Hewlett Packard) - Two vulnerabilities identified. Lego - Acknowledgment received via email. Lufa - Security contributions made (https://montreal.lufa.com/en/security). Radica Software University of Cambridge - Acknowledgment for PDF File Security.
Stkkr.nl - Recognized in their Website Hall of Fame. Nokia Oracle - Acknowledgment via email and Hall of Fame listing on their website. Kuula Contributions on Hackerone. Bosch - You can find my achievements on their website's Hall of Fame by searching for Ahmed Hassan. Lenovo - Acknowledgment received via email. Philips Technische Universität Dresden (German University) SDN.nl Netherlands SAP EC-COUNCIL BBC
Additionally, I have successfully identified 50 CVEs, some of which are listed in my personal GitHub repository. You can review them here: https://github.com/ahmedvienna/CVEs-and-Vulnerabilities/tree/main
My LinkedIn Account: https://www.linkedin.com/in/ahmed-hassan-79559487/
Best regards
Ahmed Hassan
I would be honored to present on the methods through which Cyber Security Consultants and Penetration Testers can discern CVEs within Open Source Projects. This presentation aims to empower individuals in enhancing their skill sets and obtaining potent CVEs. Furthermore, it will underscore the notion that no Open Source Project is impervious to Cyber Security Vulnerabilities before usage.
Additionally, I intend to share with the audience my successfully accepted and submitted CVE, wherein I was able to commandeer an entire Web Application and assume control over the entire system as an attacker. I was able to detect over than 50 CVEs. I would love to present the ways and possibilities how to detect CVEs in Open Source Projects as this was and is still a big question in the whole Cyber Security Community worldwide.
While there have been talks on identifying CVEs in applications previously, my presentation offers a comprehensive journey from inception to completion. Beginning with the selection of an Open Source Application from a pool of over 200 Open Source Applications, I address the common challenge of setting up necessary tools to download and run the application locally—a hurdle often faced by many Cyber Security Consultants and Penetration Testers.
Moving forward, I guide participants through the process of identifying 2-3 vulnerabilities within the chosen application, emphasizing the importance of professional documentation for subsequent reporting to the responsible team. This aspect distinguishes my presentation, as it provides practical insights into every stage of the CVE identification process.
Furthermore, I navigate attendees through the steps of initiating contact with the responsible team, demonstrating where and how to communicate effectively for optimal professionalism and CVE validation.
Concluding the presentation, I shed light on the expected response following CVE acceptance, thus offering a comprehensive understanding of the entire process—from selecting an Open Source Application to reporting vulnerabilities and obtaining a valid CVE.
Notably, this presentation fills a gap by providing a holistic approach that encompasses each step in the CVE identification process, a feat not fully covered in previous presentations.
Abstract
For quite some time, numerous individuals within the cyber security domain, as well as those outside of it, have been inquiring about my methods for identifying CVEs within Open Source Projects. This inquiry is particularly common among companies seeking to hire Cyber Security Consultants and Penetration Testers, who aim to enhance their proficiency in detecting zero-day vulnerabilities within such projects.
In my session, I will meticulously introduce a step-by-step process, commencing from the initial stage of identifying a suitable Open Source Application, and progressing towards the identification of vulnerabilities. This will culminate in the acquisition of a valid CVE.
Presentation Outline
1. Introduction
2. Process / Methodology
a. What is a CVE?
i. Where can you find a suitable Open Source Application for Testing?
ii. Installing the Open Source Application (in less than 5 min)
iii. Starting the Application -> Going through it
b. Start a Live Hunting for several Vulnerabilities
i. More technical in Detail like (XSS, SQLi, IDOR etc.) -> Attack Scenarios
c. After identifying some Vulnerabilities we will start with the Reporting Process
i. How and where can you report the identified Vulnerabilities?
ii. Showing the correct Websites & Contact Details
d. Submitting the Vulnerabilities to the responsible Team
e. Waiting fort he Response & Acceptance
f. Questions from the audience & further Explanations (Q&A)?
Detailed Outline
• I will commence my presentation by illustrating the impact of CVEs on organizations, drawing from a real-life engagement where I compromised an entire company by exploiting a specific Fortinet CVE. This will be substantiated with a presentation of the Proof of Concept and the associated CVE for Fortinet.
• Before delving into the specifics, I will provide an overview of what a CVE (Explanation) is and its purpose.
• Following this, I will discuss the significance of Open Source Projects while acknowledging their susceptibility to vulnerabilities, thereby underscoring the necessity for thorough testing prior to deployment in any environment.
• Transitioning into my own experience, I will narrate how I identified over 50 CVEs across various platforms such as huntr.dev and sourcecodester, while providing insights into these platforms.
• Addressing a common inquiry encountered across my social media accounts, I will elaborate on the process of identifying a suitable program for uncovering vulnerabilities and obtaining a CVE assignment.
• Next, I will guide attendees through the sourcecodester website, where we will select a fitting Open Source Application from a repository of over 200 globally available options.
• Subsequently, I will address the challenge of locally installing the chosen applications, presenting user-friendly tools to facilitate this process.
• Upon completing the installation, we will explore potential vulnerabilities like XSS and discuss the immediate reporting protocols to the responsible team.
• Live documentation of identified vulnerabilities will follow, emphasizing the importance of this step.
• We will then explore the avenues for reporting the documented vulnerabilities and what to anticipate post-submission of our findings.
• In conclusion, I will summarize the entire process, paving the way for a Q&A session to address any lingering queries.
