About Me

I am Sufijen Bani, a Cybersecurity Professional and Software Engineer based in Berlin. I work on offensive security, secure software development, and the operational side of running production systems.

What I do:

• Penetration testing and red teaming against web apps, APIs, and internal infrastructure
• Vulnerability research and exploit development (see CVEs below)
• Threat modeling and security review across the SDLC: design, code, CI/CD, deployment
• Defend against threats regarding AI and the new attack paths
• Building backend services and tooling in Go, Typescript, PHP, and Python
• Setting up secure infrastructure: Linux, containers, hardened CI/CD pipelines
• Leading security and engineering teams, including reporting to C-level

I am available for consulting and contract work. Get in touch if you need a penetration test, a second pair of eyes on architecture or code, or hands-on help shipping secure software.

Common Vulnerabilities and Exposures (CVE)

• 2014-10-27 CVE-2014-8731: PHPMemcachedAdmin Remote Code Execution
• 2020-05-14 CVE-2020-5427: Spring Cloud Config Server Path Traversal
• 2020-05-14 CVE-2020-5428: Spring Cloud Config Server Path Traversal
• 2022-04-06 CVE-2022-29221-PoC: Apache HTTP Server mod_lua Use-After-Free

Code

You can find my public code at git.sbani.net/sbani.