I'm an offensive security engineer working as a Red-Team operative. I have been in the field since 2015 with many organizations through my career; starting with Daimler aka Mercedes Benz, Ola; telcos like Ooredoo and Etisalat.
I'm atheltic build; 6'2", love high activity sports like martial arts and ocasional swimmer. I spend time in hacking and do vulnerability research and security bug bounty otherwise.
With that said, I love flying drones and driving cars. Driving a manual vehicle is a blessing in disguise for those who understand the spirit of it. I have created dozens of websites for fun and profit and have been occasional speaker at security conferences. Those who understand technical jargon: I have many zerodays associated to my name. And with the experience I had with reporting issues; I have decided to keep future zerodays to myself only. Money is not a deterministic factor for the decisions I take.
January 2015 - February 2017
VAPT of Web Applications (Thick / Fat client, Rich client, Thin client), Daimler Network /
Infrastructure security, mobile (Android, iOS) and various CMS and implementing configurations while providing mitigation techniques to application owners as per OWASP and DREAD standards.
● Enforcing DISC (Daimler Information Security Compendium) policies.
● Conducting Kick-Off calls with Product Owners (VPs / Senior VPs).
● Completed security assessments of 15 applications singlehandedly with worth of € 4.5K each.
● Completed security assessment as network PT for 4 geographical locations as a team.
March 2017 - December 2017
VAPT of Web Applications (Thick / Fat client, Rich client, Thin client) and vulnerability chaining
with post-exploitation of various CMS (Content Management Systems) and OSL (Open Source
Libraries).
● Triage with developers while maintaining security : efficiency trade-off.
● Threat Modelling (design and implementation viz. CVSS).
● Completed security assessments of 20 applications singlehandedly.
December 2017 - June 2018
VAPT and SAST of Web Applications, Mobile Applications and RESTful APIs and services and of
various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Penetration Testing of third-party payment gateways and plug-ins as per OWASP, SANS …
● Completed security testing and ‘Sign-Off’ of 15+ applications 100+ enhancements
singlehandedly.
● Responsible for addressing ‘Security Bug Bounty’ and rewards program.
August 2018 - October 2019
LVAPT, Blackbox pen-test of in-house applications primarily or a third-party integration covering
broadly multiple clients pertaining to Web Applications, Mobile Applications, Network /
Infrastructure, IoT, Rich Clients, Thick Clients and System.
● Handling client products like Tenable, AttackIQ and supporting Carbon Black, LogRhythm.
● Digital Forensics and Incident Response to security incidents, violations and potential threats.
● Simulating attack scenarios to test the implemented setup of security monitoring teams.
● Leading Red-Team activity and creating post-exploitation scenarios with execution.
● Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
● Mentoring / managing technical resources for PenTest and skill development.
● Performing malware analysis for in-house app installation requests and apps that have clear
public record but have potentially malicious behavior.
● Completed security assessment of 100+ projects singlehandedly.
● Provided secure design structure for Security and Network Operations.
October 2019 - Present
Red-Teaming, VAPT of Web, Mobile, Networks and IoT based applications and devices.
● Audit of security controls in place.
● Performing Red-Team activity, creating strategies and relevant scenarios for it.
● Creating secure design / architecture for the new concepts and AI based applications.
● Leading / guiding the security team for security assessments and red-team activities.
● Completed 5 security assessment and counting…
If you have a business proposal for me as an individual or as a company, please share your thoughts. I am actively working as a security consultant as a freelancer for many projects around the world.
Phone: (+1) 515 3379921
connect@aamershah.com
Jumeirah Lakes Towers
Dubai, UAE