14 DAY TRIAL // Since February, the Vulnerability Lab has a new member. His name is Karim H.B. and he is the latest winner of the Morocco Cyber Security Challenge (MCSC), an event that’s meant not only to test the skills of information security enthusiasts, but also to educate businesses and engineers.
We’ve asked Karim to give us an interview so that we could find out more about his past, his activities with the Vulnerability Lab, but also his plans for the future.
Softpedia: Please introduce yourself for our readers.
Karim H.B: My name is Karim H.B., also known as Kami on the Internet. I’m a 24-year-old originally from Tangier, Morocco, but currently living in Rabat.
When I was younger, I primarily used resources and hacks created by others, and learned a lot that way. Years later, with much more experience and a Master’s degree in computer science under my belt, I decided that it was time for me to give back to the community and contribute.
Softpedia: We understand that you have recently joined Vulnerability Lab. How did you end up working side by side with the team of experts?
Karim H.B: Even though I have a lot of experience with security, I am constantly learning more. And the best way to improve my skills is to work with a great team that challenges, teaches, and inspires me. There’s a tremendous amount of support, and it’s a learning process for all of us - even the ones who are most experienced.
Softpedia: Do you enjoy working at the Lab?
Karim H.B: I am constantly impressed with the level of teamwork between the members of Vulnerability Lab. This and the opportunity to contribute to such a worthwhile project are the things that make my work at the Lab so rewarding.
Softpedia: You’ve recently participated in the Morocco Cyber Security Challenge 2012. Please tell us a little bit about the competition.
Karim H.B: The competition was fantastic. It started at midnight and continued until dawn! It was definitely more difficult than other competitions I’ve participated in, and had a great ambiance.
There were photographers taking photos of our team, but we stayed focused on our work. As the night went on, everyone was anxious to find out who would be the winner.
Softpedia: How did you win it? What were the tasks?
Karim H.B: Our most important strategy was organization. We began by collecting information about the challenges, and then divided the tasks - cracking, analyzing, scanning, and identification - between the team members, taking advantage of each person’s strengths.
We stayed focused, communicated with each other, and kept working until we won!
Softpedia: What vulnerabilities have you discovered so far in your career as a security researcher?
Karim H.B: Remote code execution (when a server runs a command that it is not supposed to run) and local buffer overflow (the server’s memory becomes corrupted and unwanted code is inserted) in some well-known products.
Softpedia: What have you found since you joined the Vulnerability Lab?
Karim H.B: I have identified several vulnerabilities, especially in CMS PHP scripts and a few desktop programs.
Softpedia: Is there a vulnerability that you have found that you are particularly proud of?
Karim H.B: To be honest, I am proud of every vulnerability that I’ve found, because it helps make the web a safer place, and helps businesses protect their clients. And it’s not just the big vulnerabilities; in this field, even the small stuff makes a difference.
Softpedia: Do you have a role model, a security expert that you look up to?
Karim H.B: I'm pretty competitive, so whenever I see someone who is better at security work than I am, I make it a personal goal to reach that level. I guess you could say that there are many people in my field who inspire me, but they inspire me to be even better than they are!
Softpedia: Where do you see yourself in a few years?
Karim H.B: With luck (and hard work), a successful international expert on security.
Softpedia: Is there anything else you want to add?
Karim H.B: When I was young I wanted to discover hidden secrets and code... now my dream has come true! I love working in security - there are always new, exciting challenges to overcome.
