Menu

Hello There

I am Aamer Shah.
Computer Engineer,
Movie Maker and Hacker.

About

I'm an offensive security engineer working as a Red-Team operative. I have been in the field since 2015 with many organizations through my career; starting with Daimler aka Mercedes Benz, Ola; telcos like Ooredoo and Etisalat.

I'm atheltic build; 6'2", love high activity sports like martial arts and ocasional swimmer. I spend time in hacking and do vulnerability research and security bug bounty otherwise.

With that said, I love flying drones and driving cars. Driving a manual vehicle is a blessing in disguise for those who understand the spirit of it. I have created dozens of websites for fun and profit and have been occasional speaker at security conferences. Those who understand technical jargon: I have many zerodays associated to my name. And with the experience I had with reporting issues; I have decided to keep future zerodays to myself only. Money is not a deterministic factor for the decisions I take.

I've Got Some skills.

  • 80%
    Zeroday Research
  • 70%
    Coding
  • 90%
    Web Pentest
  • 80%
    Network Pentest
  • 75%
    Wireless Pentest
  • 90%
    Mobile Pentest
  • 75%
    Reverse Engineering

My Work Experience (in chronological order).

January 2015 - February 2017

Daimler / Mercedes Benz

Offensive Security Consultant

VAPT of Web Applications (Thick / Fat client, Rich client, Thin client), Daimler Network / Infrastructure security, mobile (Android, iOS) and various CMS and implementing configurations while providing mitigation techniques to application owners as per OWASP and DREAD standards.
● Enforcing DISC (Daimler Information Security Compendium) policies.
● Conducting Kick-Off calls with Product Owners (VPs / Senior VPs).
● Completed security assessments of 15 applications singlehandedly with worth of € 4.5K each.
● Completed security assessment as network PT for 4 geographical locations as a team.

March 2017 - December 2017

Temenos

Senior Security Consultant

VAPT of Web Applications (Thick / Fat client, Rich client, Thin client) and vulnerability chaining with post-exploitation of various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Triage with developers while maintaining security : efficiency trade-off.
● Threat Modelling (design and implementation viz. CVSS).
● Completed security assessments of 20 applications singlehandedly.

December 2017 - June 2018

Ola

Senior Security Engineer

VAPT and SAST of Web Applications, Mobile Applications and RESTful APIs and services and of various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Penetration Testing of third-party payment gateways and plug-ins as per OWASP, SANS …
● Completed security testing and ‘Sign-Off’ of 15+ applications 100+ enhancements
singlehandedly.
● Responsible for addressing ‘Security Bug Bounty’ and rewards program.

August 2018 - October 2019

Ooredoo Oman

Security Assurance Validator

LVAPT, Blackbox pen-test of in-house applications primarily or a third-party integration covering broadly multiple clients pertaining to Web Applications, Mobile Applications, Network / Infrastructure, IoT, Rich Clients, Thick Clients and System.
● Handling client products like Tenable, AttackIQ and supporting Carbon Black, LogRhythm.
● Digital Forensics and Incident Response to security incidents, violations and potential threats.
● Simulating attack scenarios to test the implemented setup of security monitoring teams.
● Leading Red-Team activity and creating post-exploitation scenarios with execution.
● Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
● Mentoring / managing technical resources for PenTest and skill development.
● Performing malware analysis for in-house app installation requests and apps that have clear
public record but have potentially malicious behavior.
● Completed security assessment of 100+ projects singlehandedly.
● Provided secure design structure for Security and Network Operations.

October 2019 - Present

Etisalat PJSC, UAE

Red Team Operative

Red-Teaming, VAPT of Web, Mobile, Networks and IoT based applications and devices.
● Audit of security controls in place.
● Performing Red-Team activity, creating strategies and relevant scenarios for it.
● Creating secure design / architecture for the new concepts and AI based applications.
● Leading / guiding the security team for security assessments and red-team activities.
● Completed 5 security assessment and counting…

What People Say.

Author image

Aamer is a gifted Pentester with a unique personality, I've worked alongside Aamer for a couple of months, and he proved his dedication and skills by finding security vulnerabilities that could damage the business, I happily recommend him here on LinkedIn, and do so in person whenever I have the opportunity.

Yahya Assad Senior Quality Engineer, Leading Point
Author image

Aamer; hacker is an incredibly knowledgeable resource in the Security space. I know Aamer from past seven years. Apart from his professional skills like coding, penetration testing, network security; he is perfect at photography. He possesses a strong command of security configuration as well as business process implementation. He is a very reliable and goal oriented person. Aamer would be a tremendous asset to any organization.

Akthar Nazir Youth Ambassador, UNIGF - INDIA
Author image

under const.

_______ Pentester, Etisalat
200

Awards Received

5000

Cups of Coffee

1000

Projects Completed

30

Happy Clients

Contact

Say Hello.

If you have a business proposal for me as an individual or as a company, please share your thoughts. I am actively working as a security consultant as a freelancer for many projects around the world.

Sending...
Something went wrong. Please try again.
Your message was sent, thank you!

Phone

Phone: (+1) 515 3379921

Email

connect@aamershah.com

Address

Jumeirah Lakes Towers
Dubai, UAE