Belkahla Ahmed

Belkahla Ahmed

Product Security Engineer @ Mercari JP - CTF Player @ Zer0pts| eWPTX v2 Certified

Securinets

Biography

Cyber Security enthusiast from Tunisia, I enjoy playing in hacking and pentesting competitions and skip classes to play CTF.

Interests

  • Anime & Naruto
  • Cyber Security
  • Web & Mobile Exploitation
  • Binary Exploitation
  • CTF
  • Pentesting
  • Coding

Education

  • Engineering Degree in Computer Science & Networks, 2023

    National Institute Of Applied Science And Technology, INSAT

Experience

 
 
 
 
 

Product Security Engineer Intern

Mercari, Inc

Feb 2023 – May 2023
  • Internal security audits and CodeQL custom query development.
  • Mercari SSDLC Improvement.
 
 
 
 
 

Cybersecurity Consultant

EY

Jul 2022 – Feb 2023 Tunis, Tunisia
  • Conducting different red team operations and penetration testing missions for different clients from MENA and EMEA Regions
 
 
 
 
 

Cybersecurity Specialist

Yogosha

Sep 2021 – Jan 2023 Paris, France
  • Triaged and reproduced incoming vulnerability reports
  • Conducted web application penetration testing
  • Contributed to internal security projects and tools as needed
  • Managed the selection process for platform candidates, assessing technical and writing skills through CTF challenges
 
 
 
 
 

Cybersecurity Consultant

EY

May 2021 – Oct 2021 Tunis, Tunisia

Responsibilities include:

  • Participating in the development of EY CSIRT web platform.
  • Participating in several Pentest and vulnerability assessment missions for worldwide clients.
 
 
 
 
 

Cybersecurity Consultant & Penetration Tester [Part Time]

Defensylab

Oct 2020 – Mar 2021 Tunisia

Responsibilities include:

  • Directed several VAPT activities
  • Participating in SOCaaS solution development
  • Developing an automated Penetration Testing Framework
 
 
 
 
 

Vice Chair / Technical Manager

Securinets National Association

Jun 2019 – Present Tunisia

Responsibilities include:

  • Held Web Security Workshop throughout the semester
  • Held Networking Security Workshop
  • Held Active Directory Security & Attacks Workshop ( https://bit.ly/31MHMsj)
  • Organizing CTF challenges & CTF Infrastructure deployment
 
 
 
 
 

CTF Player

Fword

Nov 2018 – Present
  • Where I started learning about Hacking & Cybersecurity
  • Web / Binary Exploitation technics
  • I learned more about Pentesting & Memory Forensics

Achievements

eWPTX v2 Certified

See certificate

CSAW MENA Finals 1st Place 2021

CSAW MENA Finals 2nd Place

See certificate

TT Security Day 3 CTF

3rd Place

Cybersecurity Fundamentals

See certificate

Recent Articles

Ringtone Web Challenge Writeup - Zer0pts CTF 2023

Zer0pts CTF took place last weekend with the participation of over 500 teams, making it a resounding success. As a member of the team, I contributed by developing a web challenge called “Ringtone,” which ended up being solved by 14 teams.

Securinets CTF Quals 2022 - Infrastructure and Web writeups

Securinets Quals 2022 Infrastructure review and Web challenges writeups.

PBCTF 2021 - RCE 0-Day in Goahead Webserver

2 methods RCE 0-Day in Goahead Webserver: PBCTF 2021 Last weekend I participated with my team Zer0pts in PBCTF 2021 and we got the 5th place, we were really close to secure a spot in the top 3 but an error in Wine while solving a shitty misc challenge prived us from this win :(

AngstromCTF Web Writeups

Finally after finishing my exams , I had the opportunity to participate in the last 2 days of AngstromCTF with my team Fword and managed to solve all the web challenges except the last 3 tasks, unfortunately I didn’t have the chance to try the last two ones , bad subjects at school are always keeping me from playing CTFs and learning useful stuffs :( !

DiceCTF Web Writeups - Client Side Chaining And JS Attacks

Hello everybody , it has been a long time since I have posted a writeup :( I have been a little busy in the last period with school assignments, exams and some work (Covid has really messed up my life).

Projects

Networking and Security Tools

These are some network and security related tools, including a keylogger, undetectable Backdoor, DNS/ARP spoofer and a file interceptor