mohamed fouad_cv(updated)
TRANSCRIPT
Mohamed Mahmoud Fouad Mahmoud
Tel: (+202) 37462535 - Mobile: (+2) 01226869616 Email: [email protected]
_________________________________________________________________________________________
Objective
I’m Microsoft Certified Professional, Technology Specialist and Professional Developer Seeking challenging and rewarding position with a corporation whereby my interpersonal technical skills in the field of Application Penetration Testing, while achieving corporate goals by working within a team.
. EDUCATION
Bachelor’s Degree in Computer Science with Very Good in 2009 (GPA: 3.325) - Equivalent to government university-
Graduate Project: Installer System. Grade: Excellent. Thebes Academy.
High School: Ibrahemya School – Garden-City
Certifications
Microsoft Certified Professional.
Microsoft Certified Technology Specialist Windows Applications.
Microsoft Certified Technology Specialist Web Applications 2.0
Microsoft Certified Professional Developer Web Applications
Microsoft Certified Technology Specialist SQL SERVER 2005
Microsoft Certified Technology Specialist Web Applications 4.0
Certified Ethical Hacker v.8.0
GIAC Web Application Penetration Tester
Courses
Programming with C#.
Developing Microsoft ASP.NET Web Applications using MS VStudio .NET.
Core Web Application Technologies with Microsoft Visual Studio 2005.
Core Data Access with Microsoft Visual Studio 2005.
Advanced Web Application Technologies with Microsoft Visual Studio 2005.
Advanced Data Access with Microsoft Visual Studio 2005.
Implementing a Microsoft SQL Server 2005 Database.
Maintaining a Microsoft SQL Server 2005 Database.
Java Standard Edition.
Ethical Hacking V.8 (Self-Study)
GSEC Security Essentials
GSEC 542 Web Application Penetration Testing and Ethical Hacking (self -study)
OWASP Top 10 Full Courses (self-study)
SharePoint 2010.
Computer Skills
Programming Languages: C++, C# .Net, Java and Python.
Scripting Languages: JavaScript, HTML, CSS, JQuery, Backbone and XML.
Web Development: ASP.NET
Database: SQL SERVER 2005, 2008, Oracle SQL, PL/SQL.
Crystal Report, Silverlight RIA Services.
SSIS, SSRS, SSAS.
MS Expression Web, MS Expression Encoder.
Graphics: Flash, Photoshop, 3D MAX, Swish, and Premiere.
Web Design: Dream Weaver.
Penetration Testing
Microsoft Office.
Proficient in all Microsoft Applications.
Operating Systems:
Windows: XP, Vista, Seven.
Linux: Ubuntu (7.04), Backtrack 5 R2.
Macintosh: MAC OS X Tiger, Leopard.
Security:
Web Application Penetration Testing and security assessment. Network Penetration Testing Internal / External penetration testing (application – network). Botnets, DoS and DDoS. Social engineering. Google Hacking (Dorks)
Tools:
Wireshark, Webscarb, Burp suite and fiddler
W3af, Netsparker,owasp zed ,Mantra and Acunetix
Ettercap, BEEF and cain&abel
SET, Namp,SQLMap,SQLNinja,and Joomscan
EasyCred, Reaver, Kismet, Wash, airmon,airoplay,airodump and aircrack
Nessus and metasploit framework
InviteFlood(VoIP)
Professional Experience:
Egybyte, Egypt Dec 2009 – Mar 2010 SQL SERVER Trainer
Worked as a SQL SERVER Trainer in multiple companies teaching SQL Server administrative tasks how to maintain databases with high availability solutions.
Egyptian Army, Cairo, Egypt April 2010 – June 2011
Programmer (Compulsory Military Service)
Worked within IT division where I was mainly responsible for developing in-house as below
Developing Software for embedded systems devices.
Developing archiving systems.
Fawry for banking and payment technology services, Egypt Sep 2011 – June 2013 .Net Developer
Worked as a .Net Developer building and maintaining EgyptAir Fawry tickets Payments Solution, Bill Warehouse business Processes system, Data-warehouse Database generating Financial and performance Reports based on data-transfer with SSIS Packages, SSAS and SSRS Reports based on OLAP Structure and contributed as penetration tester for network and applications security assessment.
C# Projects : EgyptAir Fawry tickets Payment Solution, Bill Warehouse business Processes system, Network Applications, Image Processing Applications, Registry Applications, ADO Applications, I/O Applications, Serialization Applications, WMI and Diagnostics Applications, Encryption Applications and Trojan Horse with voice recognition.
ASP.NET: Banking Products Admin Tools, MVC administration Portal Web application, Entity Framework, Course web applications connected by SQL Server using ADO, LINQ and AJAX Techniques.
Business Intelligence: Maintaining data-transfer with SSIS Packages, SSAS and SSRS Reports based on OLAP Structure. Vouchers, KPI, Errors, Users and Financial Report.
SQL SERVER: Replication, Backups, DB Mirroring, Admin Tasks.
Penetration Test: Web App Attack, DoS Attack, XSS Attack MITM attack, Hijacking Attack and Wireless Attack, LFI, RFI, Remote code execution, Nessus Vulnerability Scanning, webgoat, mutillidae and Metasploit Framework.
Fawry Network and web applications security vulnerability assessment.
International Turnkey Systems, Egypt June 2013 – March 2015 Software Developer
Worked as a Software Developer and Security consultant with my team by building and converting old banking products with the latest web technologies and secure banking products by performing penetration test, security assessment and write secure code using below technologies:
C# .NET and LINQ
ASP.NET
ASP.NET MVC
JavaScript, JQUERY, XML and backbone
SQL SERVER and Sybase
Entity Framework 4.0
RESTFUL Web API Services
Code On Time Conversion Tool
OWASP Applications Standards
Monster worldwide, Inc., Road, Weston, MA 02493 December 2014 – Present Freelancer Security Consultant
Cantalop, Egypt December 2014 – March 2015 Freelancer Security Consultant
SecureMisr, Egypt March 2015 – Present Information Security Engineer/Consultant
Worked on a lot of projects in different banks and multi-national companies by performing penetration testing, vulnerabilities assessment and code review on their Web Applications, Mobile Applications and Desktop applications.
- Projects:
National Bank of Dubai - E-banking Web & Mobile Applications Penetration Test.
Telecom Egypt - Applications Penetration Test
National Bank of Abu Dhabi – Core Banking & Online Banking Web Applications. (Egypt & Abu Dhabi) branches.
Commercial International Bank - e-Banking, Mobile Banking and Smart-Wallet Applications Penetration Test.
Oman Arab Bank - Islamic Core Banking & E-Trade Mobile Applications Penetration Testing.
Qatar National Bank - Internet Banking, Back-office and E-Trade Applications Penetration Testing.
Abu Dhabi Islamic Bank - Mobile Internet Banking Penetration Testing.Ava
Al-Ahly National Bank – Avaya VOIP, Cheque Clearance and Oracle Treasury ERP System Applications Penetration Testing.
Fawry for electronic payments - Mobile Retail Application. Penetration Testing.
Vodafone International Services - All Applications / Services Penetration Test.
Orange International Services - Applications / Services Penetration Test.
Other Self-learning Projects:
SharePoint: building portal web apps for studying SharePoint introduction about installing and configuring site collections, sites, InfoPath forms design and administration.
Android: Trojan horse Mobile Client and Penetration Testing Tools.
C++ Projects: Data Structure, File Processing, APIs Programs.
Java: Swing Applications, JDBC Applications, Android Mobile Apps and some tools during penetration testing to exploit a vulnerability.
Python: SSH brute-force Client Extension for burp-suite.
Penetration Test: Web App Attack, DoS Attack, XSS Attack MITM attack, Hijacking Attack and Wireless Attack, LFI, RFI, Remote code execution, Nessus Vulnerability Scanning, webgoat, mutillidae and Metasploit Framework.
Fawry Network and web applications security vulnerability assessment.
ITS Banking Products Web applications security vulnerability assessment.
Honors & Awards
Microsoft Security Researcher Hall of Fame
Adobe Security Hall of Fame
AT&T Security Hall of Fame
eBay Security Hall of Fame.
Oracle Security Critical Patch Update Hall of Fame
Starbucks
Adobe Security Hall of Fame
Huawei thanks mail for improving their security.
ESET Security Acknowledgement.
Heroku Security Hall of Fame
Juniper thanks mail for improving their security.
Bit-defender rewards me with 6 months Full Security License.
Wordpress Hall of Fame and rewards me with a t-shirt.
Dropcam Hall of Fame and rewards me with a t-shirt
Mcafee thanks mail for improving their security.
Bitcasa Security Hall of Fame.
Dropmyeamil Security Hall of Fame.
Compilr Security Hall of Fame.
Hackforcause Security Hall of Fame.
Opentext Security Hall of Fame.
GetPocket Security Hall of Fame.
Splitwise Security Hall of Fame.
4shared rewards me with 6 months’ premium account.
Vodafone Web application security vulnerability assessment
Bayt Web application security vulnerability assessment
Dubizzle Web application security vulnerability assessment
Fawry top achiever for security assessment.
Publications
Unlimited-uber-free-rides
June 24, 2016
Starbucks Critical Flaws
September 18, 2015
Jobvite Database Take-Over and Linux Users Information Disclosure (Link)TheHackerNews
August 4, 2014
Jobvite vulnerable to Boolean SQLi and LFI (Link)TheHackerPost
August 27, 2014
Popular Photo Sharing Website Likes.com Vulnerable To Multiple Critical Flaws (Link)TheHackerNews
September 7, 2014
Booking.com Account Hijacking (Link)Techworm
October 12, 2014
Glassdoor Account Hijacking(Link)Techworm
December 15, 2014
Starbucks and Uber Attacks (Hakin9 Magazine)https://hakin9.org/download/the-power-of-scapy/
Languages
Arabic: mother tongue English: Very good (spoken & written) French: little.
Skills
Able to coordinate several tasks simultaneously. Easily understand and solve technical problems. Enjoy working as a team member as well as independently. Excellent interpersonal and analytical skills. Self-motivated, hard-working individual. Works efficiently under pressure.
PERSONAL INFORMATION
Date of Birth: 2 / 6 / 1988. Nationality: Egyptian. Own car: yes Driving license: yes Military Status: Completed (15/4/2010 to 1/6/2011). Marital Status: Engaged.
.