Karrar Hasan

As a Security Consultant for ZainCash Iraq, I was responsible for identifying and assessing vulnerabilities within their mobile applications and infrastructure. During my engagement, I discovered multiple critical vulnerabilities, including SQL Injection (SQLi), Insecure Direct Object References (IDOR), Data Leaks, and a serious 3D Face Data Leak, which could have severely compromised user privacy and the security of sensitive financial data.

As a Security Consultant for Oodi, I conducted penetration tests and vulnerability assessments on the company's mobile applications and backend systems. During my engagement, I successfully identified several critical vulnerabilities, including:

Achievements:

• Identified and reported critical vulnerabilities that could have led to severe data breaches and financial loss for the company.
• Successfully helped remediate SQLi and IDOR vulnerabilities, improving the overall security posture of the application and protecting user data.
• Mitigated the risks of unauthorized access to sensitive user information by working with development teams to implement more robust security measures.
• Assisted in implementing changes to prevent privilege escalation, ensuring users could no longer gain free subscriptions or access premium services without authorization.

As part of my role as a Security Consultant, I identified a critical vulnerability in the Telegram app that allowed bypassing authentication mechanisms, giving unauthorized access to sensitive information such as private messages. The issue stemmed from a flaw in the interaction between the Telegram app and Google Assistant or Siri on iOS devices, which allowed an attacker to exploit voice-activated features to initiate actions without proper authentication.

As a Security Consultant, I conducted a comprehensive penetration test and security assessment on Razer's online platform (RAZER.COM). During my assessment, I discovered several critical vulnerabilities, including SQL Injection (SQLi), Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), and an XSS (Cross-Site Scripting) vulnerability. These vulnerabilities posed significant risks to the platform, its users, and its infrastructure. I immediately reported these findings through the HackerOne platform to facilitate remediation and enhance the platform's security

As a Security Consultant, I conducted a comprehensive penetration test and security assessment on NORD VPN's application. During my assessment, I discovered a critical Remote Code Execution (RCE) vulnerability. This flaw could have allowed an attacker to execute arbitrary commands on the affected system, potentially leading to full compromise of the application and its infrastructure. I immediately reported this vulnerability through the appropriate channels to facilitate remediation and enhance the security of NORD VPN.

During my time working as a Security Consultant at Qi Card, I conducted extensive security testing on their mobile and web applications. During this engagement, I identified a SQL Injection (SQLi) vulnerability that had a significant impact on the platform's security. The flaw allowed me to:

As a Security Consultant, I was engaged to perform a comprehensive security assessment on the Iraqi Counter Terrorism Unit's systems and infrastructure. During my penetration testing, I discovered a SQL Injection (SQLi) vulnerability within one of their internal applications. I successfully exploited this vulnerability and escalated it to achieve Remote Code Execution (RCE), which could have allowed an attacker to gain full control of the targeted server.

As a Security Consultant, I was responsible for performing penetration tests and security assessments on Viber's mobile application. During my testing, I successfully identified a Cross-Site Scripting (XSS) vulnerability, which posed a significant security risk to users. The vulnerability allowed me to:

Achievements:

• Successfully identified and exploited an XSS vulnerability, which could have led to malicious script execution in users’ browsers or app environments.
• Worked with the Viber security team to provide remediation steps and prevent exploitation of the vulnerability.
• Helped improve security by recommending secure coding practices and validating user input to prevent future XSS attacks.

During my work as a Security Consultant with HRins Internet Services, I was tasked with conducting a security audit and penetration test on their Abraj HRins Android application. During this process, I discovered a SQL Injection (SQLi) vulnerability in the app, which allowed me to gain unauthorized access to the backend database, including sensitive information stored in various databases such as SAS databases, along with full access to the application data.

As a Security Consultant, I conducted a penetration test and security assessment on EarthLink's systems and applications. During my assessment, I discovered several critical vulnerabilities, including:

I reported these vulnerabilities directly to the EarthLink security team for immediate remediation and to enhance their system's overall security.

During my time as a Security Consultant for SEAGM, I conducted a security audit and penetration test on their platform. During this engagement, I discovered a SQL Injection (SQLi) vulnerability in one of their web applications, which allowed me to access sensitive data from their database and perform unauthorized actions on the platform.

As a Security Consultant for OpenSooq, I performed penetration testing and vulnerability assessments on the platform's website and mobile application. During my engagement, I identified a vulnerability that allowed me to manipulate ad content and upload unauthorized images to existing advertisements. This vulnerability had the potential to affect the integrity of advertisements and lead to unauthorized content manipulation.