Yassir Sbai Fahim (iduzzel) — Penetration Tester and Security Researcher
$ whoami

Yassir Sbai Fahim / iduzzel

Penetration Tester // Security Researcher // CVE Author

France

View Research Get in touch

# about

Hey, I’m Yassir aka iduzzel on the internet.

I got into hacking the classic way: clicking where I probably shouldn’t, breaking things by accident… then doing it again on purpose just to understand why it broke. That curiosity never really left - it just evolved into penetration testing and security research. Today, I focus on web application and network pentesting, with a strong interest in attacking real-world systems. I’ve reported vulnerabilities, contributed to CVEs, and I’m active on HackerOne and Bugcrowd - basically thinking like the worst user possible, but for good reasons.

When I’m not doing that, I’m probably deep into CTFs, debugging something that makes no sense at 2AM, or chasing a bug that may or may not exist.
I founded CYBERGLITCHERS, a cybersecurity community where we break things, learn fast, and share knowledge through workshops, challenges, and events.
For me, hacking isn’t just tools or exploits - it’s curiosity going a bit too far… and somehow turning that into something useful.

# skills & tools

Web App Pentesting

  • Access control & auth bypass
  • Business logic & race conditions
  • Manual testing & targeted fuzzing
  • Attack surface mapping

Network & Infra

  • Active Directory attacks & abuse
  • Lateral movement & pivoting
  • Credential abuse & relay
  • Internal enumeration workflows

Offensive Research

  • Exploit development (PoC mindset)
  • Source code auditing
  • Fuzzing strategies
  • CVE research & disclosure

Scripting & Dev

  • Python (automation & tooling)
  • Bash / JavaScript
  • Custom scripts & workflow tooling

Platforms & OS

  • Linux / Windows internals awareness
  • AD-focused environments
  • Virtualized labs & containers

Blue-Team Awareness

  • Detection vs evasion mindset
  • SIEM & log analysis (Splunk, Wazuh)
  • Awareness of WAF / EDR behavior

# research & CVEs

CVE-2023-3345 CVSS 6.5 · Medium

LMS by Masteriyo < 1.6.8 — Information Exposure

WordPress plugin vulnerability disclosed via Wordfence · published July 2023.

Wordfence advisory
CVE-2023-24249 Exploit PoC

Remote Code Execution via File Upload

Public exploit script published on GitHub for unrestricted file upload leading to RCE.

CVE-2023-24249-Exploit

Wordfence Researcher

Verified vulnerability researcher profile

HackerOne

Bug bounty reports & hacker profile

Bugcrowd

Submissions & impact

GitHub

Exploits, scripts & tooling

# certifications

Earned

OSCP+ — OffSec Certified Professional+

OffSec · Apr 2026
Earned

CAP — Certified AppSec Practitioner

The SecOps Group · Sep 2024
Earned

eJPT — eLearnSecurity Junior Penetration Tester

INE Security · Dec 2022
Earned

CSFPC™ — Cyber Security Foundation Professional Certificate

Certiprof · May 2021
See the full list on LinkedIn

# CTF & training

Hack The Box

Profile & machines

TryHackMe

Learning paths

picoCTF

Capture The Flag

PwnTillDawn

Achievements

PentesterLab

Labs & exercises

CTFtime

Competition stats

# contact

Open to pentesting opportunities, security collaborations, and research.

iduzzel@protonmail.com

Send a message