[EXCLUSIVE PROGRAMS] [BUG BOUNTY LIST ] [HACKTIVITY] | |
Account [RegistrationRole [Anonymous] Researcher: 1093 Advisories: 900 Documents: 32 Videos: 178 Date: 27.08.2016 TZ: 10:07

[ Home ] [ Mobile ] [ Vendor ] [ Web-Application ] [ Remote ] [ Local ] [ Websites ] [ Documents ] [ Videos ] [ Search ] [ FAQ ]

Vulnerability Lab - Core Researchers & Representatives

A listing of our public working members. Feel free to contact us ... new ideas, creative projects, events, audits/penetration tests, bug bounty programs or famous wargames/contests/challenges. The website is only a short review of some public vulnerability laboratory members in the internal core research team. Listed below are only verified core research team members taht represent the community.

 

Benjamin Kunz Mejri (33) is active as a penetration tester and security analyst for private and public security firms, hosting entities, banks, isp(telecom) and ips. His specialties are security checks(penetrationtests) on services, software, web applications, malware analysis, underground economy, government protection or reverse engineering, lectures, presentations and workshops about IT-security. During his work as a penetration tester and vulnerability researcher, many famous open- or closed source applications, software and services were formed more secure. In 1997, Benjamin K.M. founded a non-commercial and independent security research group called, "Evolution Security Research Group".

In 2010 he founded the company "Evolution Security GmbH". In 2007 the new Vulnerability Lab Program estabished as the transparent legal european initiative for vulnerability researchers, analysts, bug bounty hunters, penetration testers and serious hacker groups. Benjamin K.M. identified zero-day vulnerabilities in well known products from companies such as DELL, AT&T, Barracuda, Mozilla, Kaspersky, Sony, McAfee, Google, Oracle, Fortinet, Microsoft, Apple, PayPal, Skype, Facebook, United Airlines & SonicWall. He participated in multiple bug-bounty/research/developer programs, manage interviews (2) (3), solve important security jobs and joined to famous events/contests. In may 2012 Ben discovered 3 critical session vulnerabilities affecting 670 & 350 million user accounts of the skype, xbox live and msn hotmail account service. Ben provides also exclusive exploitation sessions & excellent security talks. Mejri is listed in wikipedia since the year 2016.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Chokri B.A. (32) is a student in programming and network administration at the University of Technology and Computer Science in Tunis(Tunesia). Chokri has been worked in the security field since 2007/2008 & works very active on the arabic security scene. Chokri is specialised on in the field of penetration testing, vulnerability research, underground-economy & crypto-analysis. He is also very talented on new exploitation technics, de/encryption & web-service hacking.

  • C/C++, Perl & VB.NET
  • HTML, JS & PHP
  • Penetration Tests and Vulnerability Research

He joined the Vulnerability-Lab Research Team in 2008 & is official part of the admin team and located in the new/free tunesian security scene. He is also a part of the contest team & navigates it. Chokri has solved & won several wargaming contests like the Tunis Security Days Contest by I&M(Gov) in 2009/2011. Chokri discovered 2011 multiple vulnerabilities in famous websites and services like TRUSTe Seals, Drupal, DIS Banking , XeroBank , International Atomic Energy Agency (IAEA), La Poste FR or USGS Gov. In 2012 Chokri was involved in the disclosure process of 3 critical microsoft skype 0day vulnerabilities. Ben Achour is well known for excellent audit sessions and stable 0day vulnerability releases.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Ismail Kaleem (27) is a web application penetration tester with experience in intrusion detection bypass and filter evasion techniques. He started his career by working for the Maldivian government as a IT Security Consultant. He has conducted greybox penetration testing for sensitive government organizations in maldives which include the central prison network, Offender Management System (Police), Government Email Management System or Trade Information System. He has expertise in the following fields ...

  • Firewalls, Virtual Firewalls and Networking
  • Penetration Tests and Vulnerability Research
  • Digital Forensics

He has joined the Evolution Security Team in 2013 and started his first vulnerability releases in may 2013. He discovered several vulnerabilities in Facebook and became part of the facebook whitehat security program. In 2012 to 2013 since may ismail kaleem released several critical vulnerabilities in the Linkedin Network social network and Blackberry.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Lawrence Amer (27) is Penetration tester with high experience in doing deeper exploitation and over 6 years of practical knowledge in the information security field. He started his Career as Linux Server Engineer in online learning Academy located in Sweden. Then he started to find vulnerabilities in web applications, participate in bug bounty programs, besides doing local penetration tests for companies.

  • Vulnerability Assessment and Vulnerability Research
  • Linux Server Administration & Management & Hosting
  • PHP, JS & Python Programming

Lawrence is known for reporting medium to critical severity vulnerabilities in Ebay Inc, SAP, Sony, Adobe, Microsoft, Huawei, Sophos, Blackberry, Chamlio, Trend-Micro and Yahoo. Amer scored in several public and private programs of the scene during the year 2015 since 2016.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Ibrahim M. El-Sayed (24) solved in 2012 his Bachelor of Science, in Computer Engineering on the American University of Cairo (Egypt)[AUC]. He started in 2007 finding security vulnerabilites in government web applications & military services. He is specialised on the field of web application penetration testing, vulnerability research & security videos. He is also reporting security issues in web-applications like content management systems, shops, control panels or famous software.

  • Penetration Tests and Vulnerability Research
  • MacOs, Linux and Windows Server Administration
  • C & C++ Object

In 2011 to participate as final team on the ACM-ICPC International Collegiate Programming Contest. In 2011 he also solved successfully the Cairo Security Camp. In 2013 is team from egypt was under the top5 finalists of the international ATAST CTF. He joined the VL Security Research Team in March 2012 & is a stable member of the contest team. The Storm discovered in 2011 multiple critical severity vulnerabilities in web-applications like switchvox asterisk, landshop, jpm article or b2evolution. In 2012 Ibrahim El-Sayed participated multiple times successful in the PayPal Inc , AT&T & Barracuda Networks bug bounty program.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Milan Solanki (23) is a web penetration tester with great experience in client-side attacks & server-side and over 2 years of practical knowledge in the information security field. He started his career as a freelance web application penetration tester.

  • Web Application Penetration Tests
  • Vulnerability Assessment and Vulnerability Research
  • Filter Evasion & Filter Bypass
  • PHP, HTML & Java

Milan has joined the Evolution Security Team in 2015 and started his first vulnerability releases in April 2015. He discovered several vulnerabilities in Paypal, Apple, AT&T, United Airlines, Barracuda Networks, Western Union, BlackBerry, Ifixit, ING NL, Launchkey, Lastpass, Motorola, Piwik, Sony, Twitter & Sophos. Between 2015-2016 Milan Solanki identified and discovered over 50 client side and server-side vulnerabilities in famous famous product series around the globe.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Ebrahim Hegazy (23) is a web penetration tester with high experience in client side attacks and over 6 years of practical knowledge in the information security field. He started his career as a linux server engineer in saudi arabian hosting company. After that, he moved to web application penetration testing. Currently, Ibrahim is information security advisor at one of the leading hosting and security companies in Egypt. He conducts advanced trainings in web, is a master of client side attacks and hosts secure infrastructures for big companies.

  • Web Application Penetration Tests (Client Side)
  • Linux Server Administration & Management & Hosting
  • PHP, ASPX & JAVA

Ebrahim also called "Zigoo" was also a speaker in CSC2012 conference and Isecur1ty pod-cast about "Cyber Warfare in the Middle East in depth". Between 2011-2013 Ebrahim identified and discovered over 100 client side and server-side vulnerabilities in diffrent vendors and products around the globe. He also got acknowledged and rewarded by many high-profile vendors, such as Google, Microsoft, Adobe, PayPal, Yahoo, Ebay, Yandex, AT&T, Barracuda and Avira.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

SaifAllah benMassaoud (22) is a student of maintenance technician in micro computer systems in Kelibia (Tunisia). SaifAllah has been works in the security field since 2009/2010 for various famous security companies. He is penetration tester with experience in doing deeper exploitation and over 6 years of practical knowledge in the information security sector. He is also very talented on the web-service sector and performs stable security audits.

  • Web Application Penetration Tests (Client- & Server-Side)
  • Vulnerability Assessment and Vulnerability Research
  • Filter Evasion & Filter Bypass

SaifAllah discovers as well bugs in famous web-services of Microsoft, Skype, Google, Apple, Facebook, Dell, Huawei, Adobe, Nokia, Blackberry, SAP and Trend-Micro. SaifAllah scored in several public and private programs of the security scene during the year 2014 until 2016. 2016 Saif had an important interview with the famous TV News Sender in Tunis (Watania 1-2 TV / Radio Cap FM / Tunivisions) to represent the international bug bounty scene. He join the lab team finally in 2016.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Ivan Montilla Miralles (26) is a security analyst who has been into the security field actively since 2005. He studies Computer Science in the New Professions Institute of Venezuela, and works as a Systems Manager for a production company. He also works for "Global Evolution" Research Team, moderating the contents of the Vulnerability-Lab. He enjoys reading about technology topics, specially those related with distributed computing and operative systems. Ivan is specialised in underground economy, vulnerability research, vulnerability analysis, documentation & management processes. Ivan M. is a ex- co-admin & moderator of the famous blackhat forums with location in south america.

He has joined the Evolution Security Research Team 2004 & is a stable researcher. He is also active in the private internal contest team & has solved several contests like "Create The Future" with the ESDP Simulation Project. He is currently learning the usage of Adobe Flex with Actionscript and MXML for the creation of Rich Internet Applications (RIA). He also does work with JS, Delphi, Basic & PHP. In 2013 Ivan had a famous interview with a venezuelan radio magazin. In 2013 Ivan had a famous live interview in karakas about it-security and cyberwar.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Ateeq Khan (38) is a Bachelor in computer science from Karachi University, Pakistan. He is a professional penetration tester / ethical hacker / IT Security Expert & over the past 14 years, he has been performing vulnerability assessment and penetration testing for local / international clients from around the world delivering according to the current industry standards and best methodologies.

  • Vulnerability Assessment
  • Filer Evasion & Filter Bypass
  • Penetration Tests and Vulnerability Research

Ateeq Khan is an active member of Pakistan’s infosec community and is regularly invited as a distinguished speaker at various international events including CSP’12, CSP’13, The Social Media Convention or the ICTN Asia. Ateeq has identified 0day vulnerabilities in Mozilla, Oracle Systems, Juniper, Microsoft, ESET Antivirus, Barracuda Networks, eBay, Parallels and recently became 2013 an active member of the Vulnerability Lab Research Core Team.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Mohamed Chamli (22) is a engineer student and a web application pentester and security researcher. He started his career with tunisian whitehat security team as a pentester. Chamli is trainer and represents new workshops about reverse-engineering and cryptography in arabish countries. He also work always in reverse engineering software and plays on many ctfs (capture the flag) with his team. He has an advanced experience in the following sections.

  • Web Application Penetration Tests (Client- & Server-Side)
  • Crypto Analysis & Steganography
  • Reverse Enigneering

He joined the Vulnerability Laboratory Research Team in 2016. He discovered serval vulnerabilities in many European Commission. Mohamed discovered many bugs in Mozilla, Openclassrooms, Sourceforge, Blackberry, Bitdefender or Eset. He released serval bugs to private security programs and is as well a new member of the government laboratory. He is a developer and created the CyberCrowl security tool. Next to that he is also president of the Esprit CyberSec Club.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Sascha Gurko (41) is electronic or creative art designer & student of a famous university near koeln in germany. Sascha is one of the old generation on the hardware hacking sector. He started his work & demonstrations in 2003 & expanded it fast on an international level. In 2009-2011 he visited different art galleries, art/design event shows, presentations & traveled around schweden, moscow, berlin, & usa.

  • Cyber/Electronic Art & Design
  • Micro-Controller
  • Hardware Hacking

Sascha doesn't belong to any wargaming or research group, but is still a valuable member of the research and development teams. His trustworthy and skillful character compliment his duties and responsibilities that work as a cornerstone for hardware hacking. Sascha is also a well known by thousends of users on youtube, vimeo & hardware design scene.

[ WWW ]
[ EMAIL ]
[ PGP ]

 

Public Database Reference(s):

Vulnerability Laboratory - Independent Vulnerability Database (EU)

PacketStorm Security - Vulnerability Database (UK)

Offensive Security - Full Disclosure Exploit Database (US)

SCIP CH AG - Bulletin Notification System (EU)

 


[MAGAZINE] [CHAT] [August] 24 Critical: 0 High: 8 Medium: 16 Low: 0 Best Researcher: [ZwX] Threat:

© EVOLUTION SECURITY GmbH ™