╔═══════════════════════════════════════════════════════════════╗
║ ║
║ █████╗ ██████╗ ██████╗ ██╗ ██╗██╗ ██╗ █████╗ ║
║ ██╔══██╗██╔══██╗██╔══██╗██║ ██║██║ ██║ ██╔══██╗ ║
║ ███████║██████╔╝██║ ██║██║ ██║██║ ██║ ███████║ ║
║ ██╔══██║██╔══██╗██║ ██║██║ ██║██║ ██║ ██╔══██║ ║
║ ██║ ██║██████╔╝██████╔╝╚██████╔╝███████╗███████╗██║ ██║ ║
║ ╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ║
║ ║
║ [ PENETRATION TESTER & CVE RESEARCHER ] ║
║ ║
╚═══════════════════════════════════════════════════════════════╝
┌──(abdullah㉿cipher)-[~]
└─$ whoami
> Penetration Tester Specialist @ Cipher, Riyadh 🇸🇦
> CVE Researcher | Red Teamer | OSCP Certified
> BlackHat MEA CTF — Top #2 Locally
> 1x CVE Disclosed: CVE-2026-42879I'm a penetration tester with a strong foundation in both offensive and defensive security. I specialize in web application & network pentesting, Active Directory attacks, and vulnerability research. I discovered and responsibly disclosed CVE-2026-42879 — an authenticated unrestricted file upload vulnerability in FacturaScripts via MIME type bypass.
| CVE ID | Product | Type | Severity | Advisory |
|---|---|---|---|---|
| CVE-2026-42879 | FacturaScripts ≤ 2025.81 | Unrestricted File Upload — CWE-434 | 🟡 Moderate | View PoC |
Bypassed MIME-type validation by prepending GIF magic bytes to PHP files, enabling server-side execution of uploaded payloads.
[+] OSCP — Offensive Security Certified Professional ............ OffSec
[+] OSCP+ — Offensive Security Certified Professional+ ........... OffSec
[+] OSWP — Offensive Wireless Professional ...................... OffSec
[+] CRTP — Certified Red Team Professional ...................... Altered Security
[+] eCPPTv2 — Professional Penetration Tester ................... INE Security
[+] eCTHPv2 — Threat Hunting Professional ....................... INE Security
[+] eJPTv2 — Junior Penetration Tester ......................... INE Security
[+] BTL1 — Blue Team Level 1 ................................. Security Blue Team
[+] Security+ .................................................. CompTIA
Offensive
Scripting & Dev
Authenticated unrestricted file upload via MIME type bypass.
GIF magic bytes → PHP execution → RCE. Affects versions ≤ 2025.81
Award-winning senior capstone project.
OpenVPN multi-client integration + OpenAI threat intelligence
+ real-time dashboards + role-based access + 2FA
Node.js + SQLite SOC shift automation platform.
Reduced handover time by 90% via real-time case tracking
+ JSON report generation + secure session management.
[★] Best Senior Design Project Award ............. PMU CCES Day, 2025
[★] BlackHat MEA 2024 CTF ........................ Top #50 Global | Top #7 Saudi
[★] BlackHat MEA 2023 CTF ........................ Top #30 Global | Top #2 Saudi
[★] CyberWare CTF (Aramco) 2023 .................. 8th Place — [Area-0]
[★] Dean's List .................................. Top 10% — PMU Spring 2021/2022
contact = {
"email" : "abdullahalwasabi2003@gmail.com",
"linkedin" : "linkedin.com/in/abdullah-alwasabi",
"github" : "github.com/guzrex",
"location" : "Riyadh, Saudi Arabia 🇸🇦"
}
[ ACCESS GRANTED ] — Let's build. Let's break. Let's secure.