Md Amokrane ABDELMALEK

Md Amokrane ABDELMALEK

Penetration Testing Intern @Randorisec

Biography

Computer Systems Engineer and Master’s student in Networks, currently working as a Penetration Testing Intern. I have hands-on experience in web security, penetration testing, and code review. I participate in bug bounty programs and CTF competitions with @noreply team. Passionate about cybersecurity and always eager to take on new challenges and opportunities. team.

Interests
  • Web security
  • Vulnerability Research
  • Cloud Computing / Security
  • DevOps
Education

  • Master Degree in Computer Science, 2025

    Sorbonne Université - Sciences et Ingénierie, Paris

  • Computer Science Engineering Degree, 2024

    Ecole Supérieure nationale d'Informatique, ESI in Algiers, Algeria

  • Master Degree in Computer Science, 2024

    Ecole Supérieure nationale d'Informatique, ESI in Algiers, Algeria

Discovered Vulnerabilities

Paddle
CVE-2024-7990: Stored Cross Site Scripting in open-webui/open-webui
Open WebUI Jul 2024
Read report
Paddle
CVE-2024-7034: Remote Code Execution in open-webui/open-webui
Open WebUI Jul 2024
Read report
Paddle
CVE-2024-7033: Arbitary File Write in open-webui/open-webui
Open WebUI Jul 2024
Read report
Paddle
CVE-2024-1025: Arbitrary Code Execution in paddlepaddle/paddle
Paddle Jan 2024
Read report
ClearML
Read report
MLflow
CVE-2023-6568: Reflected POST XSS in mlflow/mlflow
MLflow Dec 2023
Read report
Visa
Found a Critical Vulnerability in Visa (CVSS 10)
Jul 2023
Undisclosed report

Projects

*
All Security Development Automation DevOps
Dynamic IP Getter

Dynamic IP Getter

Bash script to get the dynamic public IP address pushed on a private Github repo each time it changes.

Star
esiCDN

esiCDN

esiCDN - a CDN architecture for Algerian universities

Star
Java arithmetic interpreter

Java arithmetic interpreter

Mini interpreter of arethmetic operations written in JAVA

Star
FastAPI Project Template

FastAPI Project Template

RESTful Back-end project template with FastAPI + PostgreSQL + JWT + Docker + Nginx

Star
Mark Checker

Mark Checker

Automation script using Python and Selenium, in order to login on talents.esi.dz and check for last released marks.

Star
QR generator

QR generator

A simple QR code generator application developed with Flask.

Star
Car Tracking App

Car Tracking App

A ReactJS app using MapBox and Firebase to show position in maps

Star
SQL Injection

SQL Injection

a time based PostGreSQL injection using Dichotomic search, in order to dump the database.

Star

Workshops

Client-side Web Security Workshop
Oussama and I, held a workshop in Bsides Algiers Finals 2021, about client-side web security, we talked about the most common vulnerabilities in the client-side, and how to exploit them, and how to prevent them.
Jan 8, 2022 1:00 PM — 3:00 PM ESI, Algiers, Algeria
Code Slides
Client-side Web Security Workshop
Exploiting Modern Cryptography - Live Hacking
I explained the most common vulnerabilities in modern cryptography, and how to exploit them by solving some CTF challenges.
Oct 8, 2021 8:00 PM — 10:00 PM Shellmates Community Discord server
Exploiting Modern Cryptography - Live Hacking
Introduction to Cryptography Workshop
I held a workshop in Hackini 2021, about the basics of cryptography, we talked about the most common ciphers, and how to break them, and how to prevent them.
Jul 3, 2021 1:00 PM — 3:00 PM IGEE ex INILEC, Boumerdes, Algeria
Code Slides
Introduction to Cryptography Workshop
Introduction to CTFs
Akram Boutouchent and I, held a workshop in Sahra with GDG Algiers, about the basics of CTFs, we talked about the most common categories, and how to start solving challenges.
Apr 19, 2021 8:00 PM — 10:00 PM GDG Algiers Community Discord server
Slides
Introduction to CTFs

Experience

 
 
 
 
 
Hackerone - YesWeHack - Huntr
Bug bounty hunter
Hackerone - YesWeHack - Huntr
June 2023 – Present
  • Discovered and reported numerous vulnerabilities, including critical ones, to known companies such as Visa and VFS Global.
  • Got rewarded for my findings and have been assigned many CVEs, which let me gain a lot of experience with real world products.
 
 
 
 
 
Datawaves
DevOps Engineer
Datawaves
January 2023 – May 2023 London, UK

Responsibilities include:

  • Analysing
  • Modelling
  • Deploying
  • Automating
  • Maintaining
 
 
 
 
 
Upwork
Freelancer
Upwork
March 2022 – Present
  • Carried out many technical tasks related to Security, Web Development, and IT automation.
  • Had contact with real clients and solved real-world issues.
 
 
 
 
 
GDG Algiers
Development Department Manager
GDG Algiers
August 2021 – July 2022 Algiers, Algeria
  • Managed a team of a lot of developers, and created a lot of dev projects and events websites.
  • Organized a lot of events and workshops.
 
 
 
 
 
CodeLabs Academy
Content Creator
CodeLabs Academy
August 2021 – January 2022 London, UK
  • Prepared content for the cyber security bootcamp and learned how to redact technical content.
 
 
 
 
 
Red Fox Labs
Junior Penteration Tester
Red Fox Labs
October 2021 – February 2022 Dublin, Ireland
  • Performed penetration testing on commercial websites, whether it was a black, gray, or white box.
  • Interacted with actual products, experiment with their features, and apply the security principles learned.
 
 
 
 
 
Shellmates Club
Active Member
Shellmates Club
October 2019 – Present Algiers, Algeria
  • Organized many CaptureTheFlag competetions and workshops.
  • Creating Web exploitation and Cryptography challenges for the CTFs.

Skills

Technical
Web security
Cryptography
Automation
Reverse engineering
Cloud Security
Docker, Kubernetes
Soft
Crtical thinking
Time management
Problem solving
Team work & collaboration

Contact

Feel free to get in touch if you have any questions or suggestions.