Mohamed Elnouby

Mohamed Abdelbasset Elnouby (محمد عبد الباسط النوبي) is an Egyptian programmer and information security specialist, and one of the most famous white hat Arabic hackers.

His start point was in 2013 when he penetrated and discovered a vulnerability on Facebook. He also discovered many vulnerabilities on many websites like: Google, Yahoo, Amazon, Adobe and others. He has been honored for that effort plus adding his name to the add value and the hall of fame list of the white hat security experts on more than 20 global websites.

He become project leader in OWASP in 2016, he was the Chief Technology Officer in Google business community in upper Egypt. As white hat hacker, he also helped many known companies to fix many vulnerabilities in their systems.

Early life
He was born in 1988 in Esna, Qena, upper Egypt. He is graduated from the faculty of the tourism and hotels Elmenia university. He started working on the programming and computer networks field since 1999 and worked for many organizations like S3Geeks. He cooperated with some volunteering works like the Arabization of the famous social media website twitter and he also worked as the general moderator for the Arabic version for Foursquare app and a freelance programmer and the Chief Technonogy Officer in Google business community in upper Egypt.

In 2014, he joined OWASP Cairo Chapter as an online coordinator, then he become a leader in OWASP for project (QRLJacking) upon he was discovering QRLJacking the new Social Engineering attack vector.

Samsung vulnerability 2014
In October 2014, there were media reports about Hackers can use the Samsung "Find My Mobile" feature to attack phones and Mohamed Elnouby discovered that, this feature allows users to remotely lock or wipe their phones if they're misplaced or stolen, If Find My Mobile is turned on, hackers can remotely lock the device and change its unlock code, rendering it useless.

According to the National Cyber Security Division, which is part of the U.S. Department of Homeland Security: the hackers can exploit a flaw in Samsung's Find My Mobile system to execute denial-of-service attacks.

When lock-code data comes in over a network, Samsung mobile devices do not validate the source, according to the U.S. government's National Vulnerability Database. This makes Samsung phones more susceptible to this kind of remote attack.

Samsung said it is looking into the situation.

United Nations data leak
In 25 Sep 2018, The United Nations has been hit with two damning data leak allegations, The researchers uncover a pair of flaws that had left a number of its records, and those of its employees, accessible to hackers online.

The security researcher Kushagra Pathak found that the UN had left an unsecured set of Trello, Jira and Google Docs projects exposed to the internet. Pathak who has specialized in uncovering vulnerable Trello boards and web apps said the exposed information included account credentials and internal communications and documents used by UN staff to plan projects.

The second exposure was uncovered by researcher Mohamed Elnouby of Seekurity and resulted in the exposure of "thousands" of résumés submitted by job applicants, The breach was discovered by security researcher Mohamed Baset, from the penetration testing firm Seekurity. The researcher found a path disclosure vulnerability and an information disclosure vulnerability on the UN website that contained resumes of job applicants since 2016.

Elnouby found that applicants seeking a job at the UN had uploaded their resumes through an improperly configured web application. If exploited, the bugs could have allowed attackers to gain access to the directory index that documented the job applications by conducting Man-in-the-Middle (MiTM) attacks.

Awards
He was nominated for Arab CISO Of The Year Award (final shortlist) in Arab Security Conference 2019.