Mohammad Mohsen Khashei Nejad
DOWNLOAD RESUME
Open to work

HI I'M Mohammad Mohsen Khashei Nejad

Penetration Tester & Bug hunter

Senior security engineer, Penetration Tester, DevOps with 10 years of experience in Mobile, Web, Network, Cloud and System Penetration Tester in PSP. Highly skilled in vulnerability assessment, security risk management, Tuning WAF, Application (Product) Security and Bug Bounty Hunting. Strong background PCI DSS and OWASP auditing.

  • Teaching 700 Hours
  • Location Tehran, Iran
  • Email kh4sh3i@gmail.com
  • Github https://github.com/kh4sh3i
  • Website https://kh4sh3i.ir
  • Experience 10 Years
Social Links

SKILLS

CATCHING A GLIMPSE

90%
Security
Expert in Penetration testing
Web Attack and Security
80%
Linux
Teaching LPI Courses
80%
Team Work
experience in Novinfan CEO
Senior Training Manager
80%
Programming
Backend Developer With Php
Android Developer
70%
Scripting
Shell Scripting Languages
Automation Pentesting With Python
70%
Training
Senior Training Manager At Jetamooz
Training More Than 40.000 Minute

Security Skills

Penetration testing 90%
Server&Service Hardening 80%
Web Attack and Security 75%
WebService Attack and Security 65%
Network and firewall penetration testing 45%
Mobile Security 40%
Steganography 30%
Secure Coding 20%

My Skills on Security Tools

Burp Suite pro 95%
Metasploit 85%
Nessus 80%
Acunetix 80%
Netsparker 75%
IBM AppScan 73%
Fortify WebInspect 70%
Core impact 70%
Openvas 70%
NexPose 70%
Soap ui/Post Man 65%
Jadx/ Apk Tools 50%

Web Programming/Scripting

HTML 99%
CSS 90%
JavaScript 80%
Json 70%
Soap 65%
Xml 50%
Laravel 45%

Application Programming

PHP 90%
C# 75%
Android 85%
Java 70%
Python 65%

Server Scripting

PHP 80%
Python 50%
ASP.NET 40%
JSP/Servlet 30%

Shell Scripting

Python 70%
Bash 45%
Batch 25%

IDEs

Intellij IDEA 99%
Eclipse 75%
Visual studio 70%
Pycharm 70%
Webstorm 65%
Phpstorm 65%
Android studio 65%
Monodevelop 60%

Graphics Tools

Adobe Photoshop 90%
EDIUD 75%
Adobe Premiere 65%
Corel Video Studio 50%
Adobe Flash 35%

Operating Systems

GNU/Linux 85%
Microsoft Windows 65%
FreeBSD 35%

Web Servers

Apache 75%
IIS 65%
Nginx 55%

DataBases

MySQL 85%
Sql server 65%
Mongo db 55%
SQLite 35%

Office

Word 85%
Excel 70%
PowerPoint 60%

Network

wireshark 85%
VMware vSphere 65%
cisco packet tracer & IOU 55%
LDAP Administrator 45%
Citrix Xen 40%
kiwi syslog 35%
PRTG 30%

Code and project management

Microsoft project 75%
Git 70%
Gitlab 60%
TortoiseSVN 35%

EDUCATION

2016 - 2019

Master of Science - MS

K. N. Toosi University of Technology

Field of study : Computer Systems Networking and Telecommunications

2011 - 2015

Bachelor of Computer Engineering

University of Kashan

Field of study : Computer Software Engineering

2007 - 2010

DIPLOMA IN MATHEMATICS AND PHYSICS

Imam Khomeini High School, Kashan

Field of study : MATHEMATICS

EXPERIENCE

Aug 2022 - Present

Senior Penetration Tester

Snappfood

June 2021 - Present

Senior Security Engineer | Penetration Tester

Shaparak

• Performing Network, Web Application, Mobile Application and Product Penetration Tests

• Developed custom scripts and used automated tools to perform testing on Applications

• Developed Secure Coding and OWASP Top 10 vulnerabilities documents for development teams

• Performing Penetration Testing Based on OWASP, MASVS, MSTG, PCI DSS, NIST and CIS

• Participating in various stages of SDLC - Design Review/Threat Modeling/Code Review

• Red Teaming – Simulating Advanced Persistent Threats (APT) Base on Mitre ATT&CK

• Performing infrastructure and Cloud Penetration Testing (AWS, K8s)

• Training the developers with Secure Coding guidelines

• Tuning Fortiweb for detecting new cyber threat

april 2021 - Current

Security Researcher

Open Bug Bounty

https://www.openbugbounty.org/researchers/kh4sh3i/

May 2019 - June 2021

Penetration Tester/Red Team

Faraz Pajohan

• Vulnerability Assessment Expert, Threat modeling, Security code review

• do more than 100 web applications, Web services project penetration test

• Development of tools to automate part of the penetration testing process

• team leader of API penetration test based on OWASP

• Penetration testing of dozens of mobile banking applications

• Critical thinker and self-taught professional who likes to solve problems

• Mastery of commercial and open source security tools including, but not limited to: Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, Wireshark

Dec 2018 - May 2019

Security Engineer

Pishgaman Kaipod

• work effectively in a collaborative environment (agile, scrum).

• Proficient with Docker, Kubernetes, CI/CD Pipelines

• work with various tools such as Jenkins, GitLab, JIRA, Git, Nexus, AWS, Checkmarx, etc

Jun 2017 - Dec 2018

Application Security Engineer

Private Company

• Providing security solutions for company projects : Parent Control, DLP (Data Leakage Prevention) Network, DG Next-Generation Firewall, DPI Engine

Apr 2011 - Jun 2017

Senior Application Developer

jetamooz.com

• Development of mobile applications and games for Android

• Develop more than 50 web applications and work with modern technologies

• working with multiple programming language such as(Java, Python, Bash, PHP)

• Expert understanding of security in the SDLC (DevOps practices) and SAST/SCA/DAST tools

CERTIFICATES

2022

  • GIAC Cloud Penetration Tester (GCPN)
  • SANS Institute

2022

  • Android Reverse Engineering
  • Ravin Academy

2022

  • FortiWeb: Web Application Firewall (WAF) & API Protection
  • NooraNet

2022

  • Web Hacking Expert
  • Ravin Academy

2021

  • Cyber Threat Hunting
  • Ravin Academy

2021

  • Web Hacking Professional
  • Ravin Academy

2021

  • API Security Testing
  • Ravin Academy

2021

  • Web Application Penetration Tester eXtreme (eWAPTX)
  • eLearnSecurity

2020

  • GIAC Mobile Device Security Analyst (GMOB)
  • SANS Institute

2019

  • GIAC Web Application Penetration Tester (GWAPT)
  • SANS Institute

2018

  • Offensive Security Certified Professional OSCP
  • Tehran Institute of Technology

2018

  • Certified Ethical Hacker (CEH)
  • Tehran Institute of Technology

2018

  • Certified Linux Administrator (LPIC-1)
  • Tehran Institute of Technology

2018

  • Security+
  • Tehran Institute of Technology

2017

  • Cisco Certified Network Professional Routing and Switching (CCNP-RS)
  • ERN-CO

2017

  • Cisco Certified Network Associate Routing and Switching (CCNA)
  • ERN-CO

2015

  • security and penetration testing
  • Ashiyane

2011

  • CompTIA Security+
  • CompTIA

2011

  • CompTIA A+
  • CompTIA

INTERESTS

some of my favorite pastimes

Travel

Travel

Music

Music

Gaming

Gaming

Swiming

Swiming

Movies

Movies

Shopping

Shopping

Bicycling

Bicycling

Cooking

Cooking

CONTACT US

Drop me a Line

KEEP IN TOUCHE

Tehran, Iran
https://github.com/kh4sh3i
https://kh4sh3i.ir