Raining CVE's on wordpress plugins using Semgrep Slide Deck
Here are the slide deck for the Nullcon Talk me and Shreya presented. Presentation for nullcon 2022Download And here are
Read More> Hello, I am
Chief Technology Officer @ PwnedLabs
AI & Offensive Security Researcher | Lead Pentester @ Cobalt | OSCP, CRTP, CREST Certified
7+ years in offensive security, specializing in AI/LLM pentesting — breaking chatbots, copilots, and agentic systems. Delivered 245 pentests across AI, cloud, web, mobile, API, internal, external, and thick client. Found 1,592 vulnerabilities. Authored 300+ machines & labs on HackTheBox. Discovered 28+ CVEs. Previously at SolarWinds and Hack The Box.
Prompt injection, jailbreaks, agentic tool abuse, RAG attacks, OWASP LLM Top 10
Active Directory attacks, lateral movement, Kerberoasting, persistence
OWASP Top 10, SQL injection, XSS, SSRF, authentication bypass
AWS, Azure, GCP assessments, IAM misconfigurations, cloud pentesting
Android & iOS pentesting, reverse engineering, API security, OWASP MASVS
CVE discovery, exploit development, code review with Semgrep/CodeQL
Internal & external assessments, network segmentation, firewall bypass
Desktop app security, reverse engineering, memory analysis, DLL hijacking
Kubernetes, Docker security, container escapes, cluster hardening
SAST with Semgrep, CodeQL, manual code auditing, secure coding practices
Buffer overflows, ROP chains, heap exploitation, shellcode development
CI/CD security, pipeline hardening, secrets management, DAST integration
WiFi pentesting, WPA2/WPA3 attacks, rogue AP, Bluetooth security
Phishing campaigns, pretexting, vishing, security awareness training
Static & dynamic analysis, reverse engineering, threat intelligence
Open source intelligence, reconnaissance, attack surface mapping
Incident response, memory forensics, disk analysis, evidence collection
Real testimonials from LinkedIn
"Sheeraz is an amazing content engineer who would enhance any team. I was always impressed by his desire to learn, improve and lead. He evidenced determination and creativity."
"His unmatched passion and quick execution makes Sheeraz consistently deliver outstanding results. As his Manager, I'm proud he delivered every project on time professionally."
"Sheeraz should be recommended for any security work your organization requires. He is highly skilled and consistently produces high-quality work."
"Extremely passionate about his work, highly professional and a great guy to hangout with. Def a great guy to add to the team of cyber security professionals."
"I have had the pleasure of collaborating with Sheeraz on null community projects. His contributions to Codevigilant has been commendable. A true professional who brings passion and expertise to cybersecurity."
"Sheeraz is an amazing content engineer who would enhance any team. I was always impressed by his desire to learn, improve and lead. He evidenced determination and creativity."
"His unmatched passion and quick execution makes Sheeraz consistently deliver outstanding results. As his Manager, I'm proud he delivered every project on time professionally."
"Sheeraz should be recommended for any security work your organization requires. He is highly skilled and consistently produces high-quality work."
"Extremely passionate about his work, highly professional and a great guy to hangout with. Def a great guy to add to the team of cyber security professionals."
"I have had the pleasure of collaborating with Sheeraz on null community projects. His contributions to Codevigilant has been commendable. A true professional who brings passion and expertise to cybersecurity."
Here are the slide deck for the Nullcon Talk me and Shreya presented. Presentation for nullcon 2022Download And here are
Read More
Writeup on Shibboleth (Linux HackTheBox) | Initial foothold was through Zabbix code execution | Privesc was by exploiting vulnerable database
Read More
Writeup on Horizontall (Linux HackTheBox), w/o Metasploit, both user & root exploitation through enumeration & exploitation using CVE.
Read More
Writeup on Forge (Linux HackTheBox), w/o Metasploit, exploiting SSRF & SUDO permissions for privilege escalation.
Read More
Writeup on Previse (Linux HackTheBox), w/o Metasploit, exploiting command injection & PATH variable exploitation for Privilege escalation.
Read More
Writeup on Delivery (Linux HackTheBox) | email impersonation for initial foothold | enumeration & rule-based hash cracking for PrivEsc |
Read More$ cat contact_info.txt
email: hi@sheerazali.com
twitter: @BeingSheerazAli
github: pwnmeow
linkedin: beingsheerazali
$ _
Open to Security Engineer, Pentester, and Red Team roles. Available for freelance pentesting.