Career Timeline
I’m thrilled to announce a significant milestone in my cybersecurity journey: the successful completion of 100 penetration tests spanning network infrastructure, web applications, APIs, Chrome extensions, and mobile applications. This achievement is a testament to the dedication and hard work I’ve put into enhancing digital security across a broad spectrum…Read More
🍥 I Never Give Up, Never Go Back on My Word – That’s My Cybersecurity Way! 🍥 I’m incredibly honored and humbled to share that I’ve been awarded the “Cybersecurity Samurai of the Year” by BSides Bangalore. This recognition is a milestone in my cybersecurity journey and has filled me with…Read More
PikaTwoo is an exceptionally challenging machine on Hack The Box, described as an “absolute monster of an insane box” by Sheeraz. The journey through PikaTwoo involves a series of complex steps, starting with exploiting a vulnerability in OpenStack’s KeyStone to leak a username. The attacker then discovers an Android application…Read More
I’m thrilled to announce the launch of our brand-new podcast, hosted in partnership with Cobalt! Our journey kicks off with an electrifying first episode that you won’t want to miss. Dive into the riveting world of Red Teaming vs. Penetration Testing as we unravel the intricate details with Saad, a…Read More
At the c0c0n XV conference, an annual cybersecurity and hacking event renowned for gathering experts and enthusiasts from across the globe, I had the privilege of presenting my research on the integration and effectiveness of automated code review systems at scale. My study focused on the utilization of Semgrep, a…Read More
The amount of detail and effort he has put into that Bug bounty hunter path is phenomenal. Any beginner starting his hacking journey could pass the exam if he went through the Bug bounty hunter path. It covers all the basic, intermediate and advanced concepts while hacking web applications. The…Read More
Finding #bugs in #Wordpress plugins & every codebase effectively! 💡Shreya & Sheeraz will present their research on finding WordPress plugin #vulnerabilities like SQLi, XSS & LFI in bulk by using an open-source tool semgrep to write custom rules that ran over 80k WordPress plugins + learn in-depth about secure code practices Find out more➡️ https://www.youtube.com/watch?v=RvKLn2ofMAo
I’ll be presenting a drone hacking workshop at seasides along with Mohd Arif and Adlin Seedon D.. Join us at Seasides conference Introduction to Drone Hacking Hardware Introduction Software Introduction Operational Courtesies / Polite Piloting Safety & Rules and Laws Case Study: Tello Learning LAB 01: Setting Up Tello and Software Core UAV…Read More
Hey Everyone I will be speaking about Kubernetes 101 in Hack The Box’s Cyber Apocalypse CTF talks. This workshop will be an overview of Kubernetes and some basic building blocks/concepts from a total beginner’s perspective. There are no prerequisites. Register yourself if you haven’t for the CTF Let’s hack the universe!.…Read More
Curated a blog about Dirty Pipe with Devansh Khare on hack the box. Give it a read if you are looking to understand the underlying function of how Dirty Pipeworks, How to exploit it and how to mitigate it. over here https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-2022-0847 #hackthebox #dirtypipe #securityresearch #tech
I just finished solving HailStorm AWS cloud lab from Hack The Box. This lab is so Elegantly put together by Suresh Narvaneni. It starts off with an unprivileged external attacker trying to get a hold of a simulated enterprise environment. Which is heavily using AWS services for its infrastructure. We get a…Read More
Curated a blog about Dirty Pipe with Devansh Khare on hack the box. Give it a read if you are looking to understand the underlying function of how Dirty Pipeworks, How to exploit it and how to mitigate it. over here https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-2022-0847 #hackthebox #dirtypipe #securityresearch #tech
The lab is something that anyone looking to test or improve their AD and general penetration skills should definitely try. Ben Rollin has done some extremely impressive work create it and i will push you approach it as a real pentest. It took me about 3-4 months juggling with work. I learnt…Read More
Completed the dante lab on hack the box it was a fun experience pretty easy.
Passed the CRTP Exam owned Active directory network from the pentester academy.
I got assigned 21 plus cve’s for WordPress 0 days finding SQL injections and other bugs in WordPress plugin repository
Pikaboo was my first hard box on HTB with 3 layers of abstraction. First exploit path traversal to get in nginx to get access to a admin panel to exploit LFI inclusion in order to get code execution via log poisoning FTP. Exploit ldap injection to get user pwnmeow and…Read More
Got bug killer badge for find a bug in Hack the box platform
I got my first CVE in video-embed-box Subscriber level SQLI. CVE-2021-24337. It was a union based SQLI which is also time based exploitability Disclosure link https://www.codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/
So first exploit published on Exploit DB found this during trying to find unintended ways to solve `Love` the box I made recently on @hackthebox_eu.
My first machine Love was selected and released on hackthebox. it is an intentionally vulnerable windows machine with common windows vulnerabilities and common privilege escalation.
International Capture the flag competition from OWASP Seasides. I completed under top 10 with 6th rank spot MachineHacker we completed this CTF with the top 6th place there were 530 players among which we ranked 6th. there were 29 challenges from which we completed 28 of 29
Continuing with our gratitude week, here we are with our next volunteer. Huge shoutout to @BeingSheerazAli for the selfless efforts and dedication. From technical help, designing posters or tshirts your support is omnipresent. Thank you very much for being part of family.
Got 50% ownership on hack the box machines and got pro hacker rank on hack the box https://www.hackthebox.eu/profile/157669 check out my profile
Got featured in The Times Of India for speaking at lock picking village at BSides Ahmedabad 2019 spoke in front of 400 people talking about lock picking physical security and red teaming. presented and hosted a lock picking village for practical hands-on experience for attendees.
After 3 months 61 machine’s solved finally got #hacker rank on Hack the box off to #ProHacker i am.
Presented how to work with owasp juice shop and exploit vulnerabilities in the web and how to stop that.
Helped people in contributing to opensource and made pull requests helped with understanding how open source works for hacktober fest 2019
Helped people with Git and GitHub getting started and how to use GitHub for project management.
This session will cover the open source pfsense. Will talk about – – Cover introduction to setting up firewall and – Blocking opening ports – Using an ids IPS on pfsense – Lock malicious sites – Setting up a VPN – Port knocking
Python workshop for collage students in BSSS Bhopal very base building in python for studentS.
Practice exercise of machine learnig after two other workshops on it orgnised for practise and problem solving .
workshop on python hands-on helped people with python core concepts and fundamentals of programming during the meet.
Got Featured in Yalgar times, peoples Samachar Bhopal for organising events free coding workshops for javascript and python in Bhopal Madhya Pradesh.
Orgnised machine learning workshop for GDG bhopal shareing for free.
Javascript Fundamentals and node js basics covered in this workshop helped people to get comfortable with javascript and good code writing practices in javascript.
This session will cover the open source pfsense. Will talk about – – Cover introduction to setting up firewall and – Blocking opening ports – Using an ids IPS on pfsense – Lock malicious sites – Setting up a VPN – Port knocking
Won 1st prize in sector 443 CTF yes the blue line in the chart is mine I scored around 1920 solving challenges of web. server exploitation, reversing and firmware reversing challenges.
Enumeration and information gathering in web applications using spidering and many more other methods practically getting out there and find ways in a web app.
Won another CTF in nullcon this was my second conference and the second ctf played in a conference. This was a blue team ctf we had to do malware analysis using checkpoint’s malware analysis and detection software made 1900 points and came first.
Won swag in Synopsys ctf at nullcon solved challenges for web and android app pentesting challenges all of them.
A detailed walkthrough of Basic Pentesting CTF. The goal is to develop an approach to Hacking with the help of CTF.
This was my first conference and the first CTF I ever played at a real conference. I won 3rd prize in the CTF at cocon XI.
The session was based on solving Derp N Stink CTF and learning with it. The VM is available on vulnhub.
My article got Published in cybrary.it in while I was learning about security and Linux back in 2016. it has more than18435 Views. check out my profile www.cybrary.it/members/sheerazali19/ 22 June 2016