| Z0ldyck

Who Am I?

Hello reader, My name is Mohammed or as known as Z0ldyck. I am a first-year student at Champlain College majoring in Cyber Security. I started learning about Network and Web Penetration Testing while I am in High School. Before High School, I had some experience with programming and Arduino. I will be sharing here everything that I learned related to Cyber Security. Most of my work will be based on Personal findings, HackTheBox, TryHackMe, Portswigger, and more.

WORK EXPERIENCE:

Synack Red Team member
Penetration Tester at Synack since (Jul,2021)(Part Time)

The Leahy Center
Research Assistant (May,2021 - Jul,2021)(Part Time)

Certifications:

Certified Red Team Operator (CRTO)
zeropointsecurity

Offensive Security Certified Professional (OSCP)
OffensiveSecurity

eLearnSecurity Certified Penetration Tester (eCPPTv2)
eLearnSecurity

Web Application Penetration Testing ( eWPT )
eLearnSecurity

eLearnSecurity Junior Penetration Tester (eJPT)
eLearnSecurity

PentesterLab Badges
Blue - Intercept - Serialize - White - Yellow - Essential - PCAP - Unix

PERSONAL PROJECTS:

Zmuggler
A simple tool for finding HTTP Request Smuggling vulnerability in a website. It works by providing the target URL

ZRedirect
A simple tool for finding open redirect vulnerability in a website. It works by providing a file contains for example wayback urls

CVEs

CVE-2021-31760:
Webmin 1.973 - Exploiting a Cross-site request forgery (CSRF) attack to get a Remote Command Execution (RCE) through the Webmin's running process feature
CVE-2021-31760

CVE-2021-31761:
Webmin 1.973 - Exploiting a Reflected Cross-Site Scripting (XSS) attack to get a Remote Command Execution (RCE) through the Webmin's running process feature
CVE-2021-31761

CVE-2021-31762:
Webmin 1.973 - Exploiting a Cross-site request forgery (CSRF) attack to create a privileged user through the Webmin's add users feature then getting a reverse shell through the Webmin's running process feature
CVE-2021-31762