My Resume

Khashayar Fereidani
Esfahan,Iran
irancrash [ a t ] gmail [ d o t ] com
IT Security Consultant
www.ircrash.com

OBJECTIVE

Network & Server Manager , Security Director, Security Auditor , Penetration Tester

EDUCATION

Islamic Azad University Of Najafabad / Software Engineering 2010-

SKILLS/AND EXPERIENCES

• Very Familiar with C/C++, PHP, Visual Basic , Perl , Python & Bash Programming Languages
• Familiar with HTML , JavaScript , CSS , Ruby , C# & Assembly
• Familiar with Writing Shell Codes in GNU/Linux,FreeBSD,OpenBSD,MacOSX & Windows
• Familiar with All kind of remote and local Network Attacks
• Familiar with Bypass and Amplification run-level protection systems (DEP , ASLR , StackGuards & NX bit )
• Familiar with Exploiting in Linux,BSD,MacOSX & Windows
• Very Familiar with Social Engineering Attacks
• Very Familiar with Physical Penetration Attacks
• Experience in Exploiting all kind of web application vulnerabilities
• Experience in Black box & White box Penetration Testing
• Experience in Remote Administration of GNU/Linux & BSD dedicated servers
• Experience in Hardening GNU/Linux & BSD dedicated servers
• Experience in Optimization and Hardening Linux kernel
• Experience in building centralized & multi-platform IDS/IPS
• Experience in Writing Snort & Emerging Threat rules
• Experience in Drupal, MovableType, phpBB, Wordpress , Joomla , Mambo , SMF , VBulletin CMSes
• Experience in Defend against Denial Of Service(DOS) attacks
• Experience in Writing Web Applications IDS/IPS
• Experience in Design and Optimize PHP Content management system
• Experience in Forensic & Anti-Forensic Sciences
• Experience in Reverse Engineering
• Experience in Search Engine Optimization (SEO)
• Experience in OpenBSD , Redhat Base Linux Family , Debian Base Linux Family , FreeBSD , Solaris
• Configuration of MTAs (Postfix, Sendmail)
• Configuration of IMAP/POP3 servers (Courier, Dovecot)
• Configuration of Web servers (Apache, Lighttpd , Nginx)
• Configuration of FTP servers (Proftpd, Pure-ftpd)
• Configuration of Proxy servers (Squid)
• Configuration of DB servers (Oracle, MySQL, Postgre)
• Configuration of DNS servers (Bind, DjbDNS)
• Configuration of VPN servers (OpenVPN , PPTP , L2tp , SSTP & IPSec protocols)

PROJECTS AND DISCOVERED VULNERABILITIES

• 2012-04-17 => DokuWiki Ver.2012/01/25 CSRF Add User Exploit
• 2011-08-09 => iPhone/iPad Phone Drive 1.1.1 Directory Traversal
• 2011-03-09 => RecordPress 0.3.1 Multiple Vulnerabilities
• 2011-03-08 => RuubikCMS Version 1.0.3 Multiple Vulnerabilities
• 2011-02-26 => Linksys Cisco WAG120N CSRF Vulnerability
• 2011-02-25 => iPhone Folders 2.5 Directory Traversal
• 2011-02-25 => iPhone iFile 2.0 Directory Traversal
• 2011-02-25 => iPhone MyDocs 2.7 Directory Traversal
• 2011-02-24 => iPhone iShred 1.93 Directory Traversal
• 2011-02-24 => iPhone Guitar Directory Traversal
• 2011-02-24 => iPhone PDF Reader Pro 2.3 Directory Traversal
• 2010-02-08 => Testa OTMS Multiple SQL Injection Vulnerabilities
• 2009-12-28 => National Aeronautics and Space Administration (NASA) XSS Vulnerability
• 2009-07-17 => iDefense COMRaider ActiveX Control Multiple Insecure Method Vulns
• 2009-01-08 => PHP-Fusion Mod vArcade 1.8 (comment_id) SQL Injection Vulnerability
• 2008-10-31 => CPanel 11.x XSS And Local File Inclusion Vulnerabilities
• 2008-09-16 => NooMS Cross-Site Scripting Vulnerability
• 2008-09-12 => Easy Photo Gallery Multiple Vulnerabilities
• 2008-09-11 => PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities
• 2008-09-11 => phsBlog 0.2 Bypass SQL Injection Filtering Exploit
• 2008-08-18 => FlexCMS "PreviousColorsString" Cross-Site Scripting
• 2008-08-18 => Mambo 4.6.2 Cross-Site Scripting Vulnerabilities
• 2008-08-05 => Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities
• 2008-07-22 => EasyE-Cards SQL Injection and Cross-Site Scripting
• 2008-07-22 => EasyDynamicPages SQL Injection and Cross-Site Scripting
• 2008-07-22 => EasyPublish SQL Injection and Cross-Site Scripting
• 2008-07-22 => EasyBookMarker "rs" Cross-Site Scripting
• 2008-05-09 => Maian Guestbook footer.php Cross-Site Scripting Vulnerabilities
• 2008-05-09 => Maian Music Cross-Site Scripting and SQL Injection
• 2008-05-09 => Maian Recipe Cross-Site Scripting Vulnerabilities
• 2008-05-09 => Maian Uploader Multiple Cross-Site Scripting Vulnerabilities
• 2008-05-09 => Maian Search Cross-Site Scripting and SQL Injection Vulnerabilities
• 2008-05-08 => Maian Support Multiple Cross-Site Scripting Vulnerabilities
• 2008-05-08 => Maian Greetings Multiple Vulnerabilities
• 2008-05-08 => Maian Links Multiple Cross-Site Scripting Vulnerabilities
• 2008-05-08 => Maian Gallery Multiple Vulnerabilities
• 2008-05-07 => Maian Weblog Multiple Cross-Site Scripting Vulnerabilities
• 2008-05-06 => Zomplog Multiple Vulnerabilities
• 2008-05-06 => LifeType 1.2.8 "newBlogUserName" Cross-Site Scripting Vulnerability
• 2008-05-05 => LifeType 1.2.7 "searchTerms" Cross-Site Scripting Vulnerability
• 2008-05-02 => Mjguest "level" Cross-Site Scripting Vulnerability
• 2008-05-01 => vlBook 1.21 (XSS/LFI) Multiple Remote Vulnerabilities
• 2008-05-01 => ActualAnalyzer Lite (free) 2.78 Local File Inclusion Vulnerability
• 2008-04-29 => miniBB "whatus" Cross-Site Scripting Vulnerability
• 2008-04-26 => Siteman 2.x (EXEC/LFI/XSS) Multiple Remote Vulnerabilities
• 2008-04-01 => FaScript FaPhoto v1 (show.php id) SQL Injection Vulnerability
• 2008-04-01 => EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit
• 2008-04-01 => Sava's Link Manager Two Vulnerabilities
• 2008-04-01 => Sava's Place Sava's Guestbook 'index.php' Local File Include Vulnerability
• 2008-03-31 => Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability
• 2008-02-28 => Maian Cart Cross-Site Scripting Vulnerabilities
• 2008-02-14 => nuBoard 0.5 (threads.php ssid) SQL Injection Vulnerability
• 2008-03-31 => Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability
• 2008-02-14 => Affiliate Market Ver.0.1 BETA XSS / SQL Injection Exploit
• 2008-02-03 => A-Blog V.2 (id) XSS / Remote SQL Injection Exploit
• 2008-01-23 => LulieBlog 1.02 (voircom.php id) Remote SQL Injection Vulnerability
• 2008-01-23 => Foojan WMS 1.0 (index.php story) Remote SQL Injection Vulnerability
• 2008-01-23 => Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability
• 2008-01-16 => PHP-RESIDENCE 0.7.2 (Search) Remote SQL Injection Vulnerability
• 2008-01-15 => FaScript FaMp3 v1 (show.php) Remote SQL Injection Vulnerability
• 2008-01-15 => FaScript FaName v1 (page.php) Remote SQL Injection Vulnerability
• 2008-01-15 => FaScript FaPersian Petition (show.php) SQL Injection Vulnerability
• 2008-01-15 => FaScript FaPersianHack v1 (show.php) SQL Injection Vulnerability
• 2007-11-25 => Softbiz Freelancers Script v.1 Remote SQL Injection Exploit
• 2007-11-11 => Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln
• 2007-11-11 => Softbiz Ad Management plus Script ver 1 Remote SQL Injection Vuln
• 2007-11-11 => Softbiz Banner Exchange Network Script 1.0 SQL Injection Vulnerability
• 2007-11-11 => Softbiz Link Directory Script Remote SQL Injection Vulnerability
• 2007-11-11 => Softbiz Recipes Portal Script Remote SQL Injection Vulnerability
• 2007-10-08 => Softbiz Jobs & Recruitment Remote SQL Injection Vulnerability
• 2007-09-26 => Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability

PDF File Download

*NOTE : maybe some contents of this page does not exist in this file , because this page will be updated every time i publish something new .
Download PDF File : http://fereidani.ir/download/resume.pdf