Who I Am

i’m Sabri Saleh

Sabri...

A hacker with ethics

Hello There!

In 2006, I started to get involved in some traditional PC hacking with zero knowledge about anything but what people in forums explain. Since then I have fallen in love with hacking life and started learning server and web application hacking, but, I felt always something was wrong, it's the absence of 'what, how and why' I was just trying to do what people explain. So, I stopped hacking, started to learn more about operating systems, network and programming. At the time I felt a bit satisfied with the basics that I should know, I got back to know more about information security, hacking and how to think out of the box, how to think evil for a good manner. And yeah, here I'm, a professional information security consultant, practicing every minute learning every second.

My goal at this stage is to lead a team of professional hackers that can be head to head with advanced malicious attacks to protect people from.

Thank you for being here.

Birthdate : 14/05/1985
Skype : kingsabri
Mobile : 56-985-9955
Email : king.sabri
Website : www.SabriSaleh.info
Adresse : Riyadh, KSA.

  • Hacker
  • Security Consultant
  • Coder

Experience & Employment

  • 01
    Sr. Information Security Consultant | Offensive Services Team Lead

    TechArch (2018-Present)

    ● Technical team lead.

    ● Develop and maintain services’ methodology, implementation approach and processes, and deliverable standards.

    ● Responsible about team’s services performance, quality and lead new strategies for improvements.

    ● Ensure the team works & deliver in compliance with defined processes.

    ● Assist in recruitment, performance evaluation, promotion, retention and termination activities.

    ● Identify skill gaps and lead appropriate training to team (soft and technical).

    ● Develop division budgets and operate within them.

    ● Empower team to participate in community services.

    ● Studying Information Security market.

    ● Creating and Enhancing security services quality and efficiency.

    ● Leading and orchestrate technical projects, tasks and processes.

    ● Evaluating and tuning consultants knowledge and skills.

    ● Red teaming and penetration testing.

    ● R & D.

    ● Secure Source code-review.

    ● Architecture and configurations review.

    ● Security training (penetration test, advanced web application attacks, OWASP awareness).

    ● Pre-sales activities.

  • 02
    Sr. Information Security Consultant | Penetration Tester

    TechArch (2014-Present)

    ● Technical team lead.

    ● Network & System penetration testing.

    ● Web application penetration testing.

    ● Architecture & configuration review.

    ● Source code review.

    ● Training: Pentest, Advanced web exploitation, OWASP awareness.

    ● Pre-sales activities.

  • 03
    Sr. Information Security Consultant | Penetration Tester

    Ministry of Higher Education - MOHE (2013-2014)

    ● Network & System penetration testing.

    ● Web application penetration testing.

  • 04
    CISO

    Advanced Operations Technology - AOT (2010-2013)

    ● Linux Firewall (IPtables) Expert. [Designing, Implementation, Maintenance, Hardening, and Backup].

    ● Plans, develops, and implements information technology security programs, policies, and procedures to protect confidentiality, integrity, and availability of systems, networks, and data.

    ● Administer and maintain end user accounts, permissions, and access rights.

    ● Check server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting.

    ● Analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.

    ● Conduct Black/Grey/White Box Penetration Testing.

    ● Keep current with emerging security alerts and issues.

    ● Enforce the ISO-20000 standard controls & Pass Certificate Auditing.

    ● Enforce ISO-27001 security standard controls procedures.

    ● Enforce Tadawul (Saudi Stock Exchange for Trading) Security controls.

    ● Build operation guidelines for different network security devices for day-to-day operations.

    ● Develop and maintain a Business Continuity and Disaster Recovery plan.

    ● Consult administrative and technical staff to determine information needs, data flows, and system definitions.

    ● Assist in testing new network security equipment and systems.

    ● Prepare technical reports on operation of systems.

  • 05
    Linux Administrator

    Innovation Application Co. Ltd (2009-2010)

    ● Implementation, Installation, and Deployment for Linux Servers.

    ● Managing and security web servers.

    ● Automating IT operations.

    ● Integrating Linux with other operations environment.

    ● Linux training.

Certifications

  • 01
    OSCE

    Offensive Security Certified Expert

    This is a hands-on ethical hacking course designed by and for professional penetration testers.

  • 02
    GWAPT

    GIAC Web Application Penetration Tester

    Insure understanding of major web application flaws and their exploitation and, most importantly, learn a field-tested and repeatable process to consistently find these flaws and convey what they have learned to their organizations.

  • 03
    CEH

    Certified Ethical Hacker

    Is a qualification obtained by assessing the security of computer systems, using penetration testing techniques.

  • 04
    OSCP

    Offensive Security Certified Professional

    Is the companion certification for our Penetration Testing with Kali Linux training course and is the world's first completely hands-on offensive information security certification.

  • 05
    RHCE

    Red Hat Certified Engineering

    The RHCE certification shows that upi have demonstrated the knowledge, skill and ability required of senior system administrator responsible for Red Hat Enterprise Linux systems

  • 06
    CCNA

    Cisco Certified Network Associate

    A foundation in and apprentice knowledge of networking. CCNA certified professionals can install, configure, and operate LAN, WAN, and dial access services for small networks (100 nodes or fewer), including but not limited to use of these protocols: IP, IGRP, Serial, Frame Relay, IP RIP, VLANs, RIP, Ethernet, Access Lists.

  • 07
    MCITP EA

    Microsoft Certified IT Professional Enterprise Administrator

    As a Microsoft Certified IT Professional (MCITP) your certification proves that you have the comprehensive set of skills to perform a particular IT job role, such as database administrator or enterprise messaging administrator.

  • 08
    MCSA

    Microsoft Certified Systems Administrator

    Is the industry standard for demonstrating competence in managing and troubleshooting network environments based on the Windows Server 2003 operating systems.

  • 08
    Others

    Training courses with no certificates

    ● Penetration Testing Professional - eLearnSecurity.

    ● Web Application Penetration Testing - eLearnSecurity.

    ● Web Application Penetration Testing Extreme - eLearnSecurity.

    ● Mobile Application Security and Penetration Testing - eLearnSecurity.

    ● Mobile Application Security and Penetration Testing - eLearnSecurity.

    ● And more...

Education

  • 01
    B.S, Computer Engineering

    6th of October (2002-2007)

    Computer engineering bachelor degree.

Skills

  • Penetration testing
  • Ruby
  • Bash
  • Powershell
  • Java
  • .Net
  • Linux
  • Windows
MORE SKILLS
  • Arabic
  • Communication
  • Team player
  • English
  • Leadership
  • Single Player

Projects

  •  
    Rubyfu.net

    Rubyfu book is a great collection of ideas, tricks and skills that could be useful for Hackers. It's a unique extraction reference, summarizes a lot of research and experience in order to achieve your w00t in shortest and smartest way. Rubyfu is where you'll find plug-n-hack code, Rubyfu is a book to use not only to read, it's where ruby goes evil.

    Read More
  •  
    CVE-in-Ruby

    It's a repository to import public exploits to be written in Ruby without Metasploit complication.

    Read More
  •  
    Ruby Burp Suite Extentions

    BurpSuite Extension Ruby Template to speed up building a Burp Extension using Ruby

    Read More
  •  
    Metasploit contribution

    This module attempts to find Wordpress credentials by abusing the XMLRPC APIs. Wordpress versions prior to 4.4.1 are suitable for this type of technique. For newer versions, the script will drop the CHUNKSIZE to 1 automatically.

    Read More
  •  
    WebShellConsole

    WebShellConsole is a small interactive console connect simple web shell from command line using GET.

    Read More
  •  
    BufferOverflow-Kit

    We collect many tools used in buffer overflow development in one place.

    Read More
  •  
    ninja-firewall

    Failover and standby Linux machine with (CentOS) distribution. The core of spare firewall is “ninja firewall” application which is manage the whole recovering process once employee run it without no need for anymore interaction from him.

    Read More

Contact


Thank you!

It was really such a pleasure to have you visiting my profile. I hope you've got enough information about my profession and my goals. I wish you reached here with a positive impression about me and my career. This website will be up to date as I achieve mention worthy things in my professional live.

Please Use any of available channel to contact me anytime. For phone calls and instant response, the preferred time is between 9:00-am and 11:30 pm (+3 GMT).

Sabri Saleh

Contact Details

Fullname : Sabri Saleh Hassanayah
Birthdate : 14/05/1985
Skype : kingsabri
Twitter : @KINGSABRI
Mobile : 56-985-9955
Email : king.sabri
Website : www.SabriSaleh.info
Adresse : Riyadh, KSA.