Skip to content
View ABDELKARIMEALHANNACHI's full-sized avatar
🎯
Focusing
🎯
Focusing
0 followers · 2 following

Block or report ABDELKARIMEALHANNACHI

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ABDELKARIMEALHANNACHI/README.md
ABDELKARIME AL HANNACHI β€” Pentest. Reverse. Fix.

Typing SVG

🧠 About Me

class AbdelkarimeAlHannachi:

    role        = ["Pentester", "AppSec Engineer"]
    focus       = ["Web Application Security", "Code Review", "Secure Development"]
    methodology = "Manual pentesting β†’ Code review β†’ Secure fix β†’ Semgrep detection"
    currently   = "Completing all PortSwigger labs (zero extensions, 100% manual)"

    tools       = ["Burp Suite", "Semgrep", "pip-audit", "npm audit"]
    languages   = ["Python", "Java", "C#", ".NET", "JavaScript"]

    mindset     = "Think like an attacker. Build like a defender."

🎯 Current Focus

PortSwigger Web Security Academy    β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘   All labs β€” manual, zero extensions
AppSec Code Review                  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘   Python + Java vulnerable patterns
HackTheBox                          β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘   Active machines
Bug Bounty                          β–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘   Starting soon

πŸ› οΈ Tools & Stack

Pentesting

Burp Suite Kali Linux Wireshark Metasploit

AppSec

Semgrep OWASP Spring Security SonarQube

Languages

Python Java C# JavaScript

Platforms

PortSwigger HackTheBox TryHackMe

πŸ“ Featured Repositories

Repository Description
πŸ” portswigger-access-control-appsec Reversing PortSwigger Access Control labs β€” vulnerable code, secure fixes in Python & Java, Semgrep rules
πŸ”΄ portswigger-sqli-appsec (coming soon) SQL Injection labs reversed β€” from exploitation to secure parameterized queries
πŸ”΄ portswigger-xss-appsec (coming soon) XSS labs reversed β€” DOM, reflected, stored β€” vulnerable patterns and fixes
πŸ”΄ portswigger-auth-appsec (coming soon) Authentication labs reversed β€” broken auth patterns and secure implementations

πŸ“Š GitHub Stats

GitHub Stats

Top Languages

GitHub Streak

🧩 Methodology

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                                                             β”‚
β”‚   1. PENTEST    β†’  exploit the vulnerability manually      β”‚
β”‚   2. REVERSE    β†’  find the vulnerable code behind it      β”‚
β”‚   3. ANALYZE    β†’  understand the developer's mistake      β”‚
β”‚   4. FIX        β†’  write the secure version                β”‚
β”‚   5. DETECT     β†’  write a Semgrep rule to find it again   β”‚
β”‚                                                             β”‚
β”‚   "Think like an attacker. Build like a defender."         β”‚
β”‚                                                             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ“Œ Golden Rule

# Every vulnerability I find comes down to this:

# ❌ Wrong:  authorization based on CLIENT-CONTROLLED data
# βœ… Right:  authorization based on SERVER-SIDE data

# The attacker controls headers, parameters, and cookies.
# The server controls the session store and the database.
# Never confuse the two.

Profile Views

// currently hacking something on PortSwigger...

Pinned Loading

  1. ABDELKARIMEALHANNACHI ABDELKARIMEALHANNACHI Public