Ayoub FATHI 阿尤布

I've just published the slides from my Black Hat talk here: bit.ly/pwning-cloud-b… Thank you to everyone who attended; I hope you enjoyed it!

such an interesting catch on setuptools: huntr.com/bounties/d6362…

@NahamSec 🎉🎉

@Jhaddix @Shopify @Hacker0x01 From 2018/19, the article below (along with another one I decided not to disclose) sums up everything: zdnet.com/article/shopif…

Hey @Shopify @Hacker0x01 ... I have had two bug hunters come to me and tell me horror stories about your bug bounty lately. Valid bugs being exploited and you coming out saying... "oh we had planned on fixing that... no impact" That is NOT the bug bounty contract. If there is a PoC showing the bug was exploitable at ANY time, you should pay the researcher. Don't contribute to a bug bounty community that makes researchers think bug bounty is a scam. Also - dont hide behind the new CVSS. Program owners looking to downgrade bugs to save money using the new CVSS and splitting bugs are SUPER scummy. Contact @G0LDEN_infosec

🎥 I had an amazing time on a panel discussion at Black Hat MEA with cybersecurity leaders and CISOs I admire and continue to learn from. The recording is now available on YouTube, go check it out: youtube.com/watch?v=h1Xpf4…

@NahamSec you should visit/meet folks at zendata.security, just a bunch of special people

Do I know any hackers in Geneva? 👀

@thedawgyg @CalebBMcMurtrey will shape*

@thedawgyg @CalebBMcMurtrey I'm not a US citizen but will watch it, everyone knows that this election will share the entire history not just for US, but the global stage. I'm also very curious how it'll go for two people where one is on a big mental decline and might have a heart attack during the debate..

Guys is it messed up if I’m actually excited for the debate tonight?

I'm happy to share that I was honored by the UAE Cyber Council and received the prestigious CSO30 award from His Excellency Dr. Mohammed Hamad Al Kuwaiti, Head of UAE Cyber Security and IDC!

@thedawgyg @nytimes @Lacework 🙏🏻

@_ayoubfathi_ @nytimes @Lacework thats bad ass, congrats bro!

Woke up to the surprise of seeing my face in The New York Times with other global CISOs! Thank you @nytimes and @Lacework for the recognition, It's an absolute honor to be featured alongside some of the world's most respected CISOs.

Congratulations on your inclusion in the #ModernCISONetwork Board Book, @_ayoubfathi_! 🎉🎉

@h4x0r_dz @nytimes @Lacework Thank you!

@_ayoubfathi_ @nytimes @Lacework You deserve it ayoub 👏

@NahamSec we run CTFs here quarterly, and it's always fun to see all kinds of flags people are trying.. and 5 solid years is quite some work, keep it up!

Five years of orgazning this and people still try !flag during the #nahamcon CTF, so we are taking matters in our own hands. 😂

@Agarri_FR @h1Disclosed I looked at one of the disclosed reports, and you just made me happy :) #slide=id.g286eb721104_2_235" target="_blank" rel="nofollow noopener">docs.google.com/presentation/d…

Yahoo has just disclosed some bug reports I sent them about 10 years ago (look at @h1Disclosed) Some of the reports are imo really cool, but technical details have been redacted. Let's see if I find time to share extra information soon.

📣 May in metal health awareness month and I think it's time for us to talk about it. Watch: youtu.be/-ljLIf-Pxl0 Donate: supporting.afsp.org/index.cfm?fuse…

@infosec_au @hash_kitten @assetnote 🔥

My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.

it's certainly helpful up to a certain level before it becomes unhealthy/chronic and starts to have a negative reverse effect, keeping a balance is key! I was listening to a pod episode with @MGawdat just today where he talks about stress/anxiety, he's deep into the subject & has provided some incredible insights, highly recommended! youtube.com/watch?v=IxVNR0…

There's this type of anxiety that generally drives positive change IMO, it kicks in when you feel threatened in some way (prof, financially, physically, etc.) and puts you in a state of heightened alertness and vigilance for as much time as needed until it's all sorted out.

🌟 Brace yourselves for an electrifying revelation from @_ayoubfathi_ , Group Vice President of Information Security, CISO at @noon, as he takes the stage for his closing keynote address! 🚀 You can watch his talk streaming on YouTube. youtu.be/fjX5u4jxW0E?fe… #bsidesahmedabad #cloud #ciso #hacking #infosec #security #lateralmovement #bruteforce

When I delivered the closing keynote @bsidesahmedabad, many folks were curious to learn more about lateral movement brute-forcing. So the talk recording is finally live on YouTube, go watch it at the link below. I had a lot of fun sharing the hacking stories. I hope you enjoy it too!

I had a lot of fun listening to @infosec_au story and what I enjoyed the most is that it covers a lot of what bugbounty truly was all about back in the day and that everyone including some of best (eg. shubs) were really trying to be resourceful but also working hard to figure this BB thing out, a must watch!