Ahmed Sherif

A seasoned cyber security expert based in Amsterdam 🇳🇱 with nearly 14 years of experience. I began my career in 2009 as a hacker and have since specialized in offensive security, focusing on Penetration Testing and Red Teaming. My career has spanned government roles, Big Four consulting, and the financial sector, providing me with a well-rounded skill set.

I’ve had the opportunity to build and lead offensive security operations for various organizations, discovering zero-day vulnerabilities and publishing technical findings. My work also involves regulatory assessments like TIBER, and iCast.

Key Skills

• Red Teaming / Adversary Emulations: Expert in simulating advanced threat actors to assess and improve organizational defenses.
• Leadership / Mentorship: Proven ability to lead and mentor teams, fostering growth and innovation in offensive security.
• Penetration Testing and Code Reviews: Skilled in identifying and hunting vulnerabilities through thorough testing and code analysis.
• Building / Rebranding Offensive Security Operations: Experienced in establishing and enhancing offensive security teams and processes.
• Writing Process Controls: Adept at developing and implementing security controls and processes for red teaming and SSDLC.
• Vendor Management and Procurement: Selecting, negotiating with, and managing relationships with vendors to procure the best tools and services for offensive security operations.

Publications & Talks

• CVE-2016-5661 and CVE-2016-5660: Unauthorized file upload - Accela Civic Platform Citizen Access
• CVE-2020-10569: Remote command execution via AJP - SysAid help desk
• CVE-2023-22953: Remote Command Execution via deserialization - ExpressionEngine CMS
• Building-up red team operation in complex environment: Bsides Vienna - 2019 🇦🇹
• Simulating attacks on critical infrastructure: 4SICS Sweden - 2015 🇸🇪
• Red Teaming on MacOS: OWASP Netherlands - 2024 🇳🇱
• Java Deserialization: From Discovery to Reverse Shell on Limited Environments Link