Umar Zubair Penetration Tester and Cyber security
No reviews yet

Hello! I am a professional Penetration Tester and Cybersecurity Specialist with several years of hands-on experience in securing diverse digital systems. My expertise spans across web applications, mobile apps, APIs, thick client applications, and cloud environments. I also specialize in digital forensics, threat detection, and SIEM implementation using tools like Wazuh.

I am passionate about teaching and helping students understand the intricate world of cyber security. Whether you are a beginner looking to build foundational knowledge or an advanced learner aiming to specialize in specific areas, I tailor my lessons to meet your unique needs.

Subjects

  • Web application penetration testing Beginner-Expert

  • Digital Forensics and Incident Response Beginner-Expert

  • Bug Hunting Beginner-Expert

  • Thick client and mobile application testing Beginner-Expert

  • API Security Beginner-Expert

Experience

  • Penetration Tester (Aug, 2024Present) at Vaival Technologies
    Extensive experience in penetration testing for Web Applications, Mobile Applications, APIs, and Thick Client Apps. Worked with SIEM tools like Wazuh to implement and monitor security events, identify threats, and generate detailed reports. Conducted Digital Forensics investigations to analyze and mitigate security incidents.
  • Cyber Security Engineer (Feb, 2022Apr, 2023) at NWTD
    Worked on securing Web Applications, APIs, and Mobile Applications by implementing robust security measures, identifying vulnerabilities, and mitigating risks. Collaborated with teams to design secure architectures, monitor potential threats, and enhance application security through detailed assessments and remediation strategies.

Education

  • Business and IT (Feb, 2023now) from Virtual University of Pakistan Lahore

Fee details

    Rs1,0002,500/hour (US$3.609.01/hour)

    The variation in my fee structure reflects the level of complexity, depth, and customization required for different sessions. Beginner courses, starting at a lower fee, focus on foundational knowledge and simpler tools, making them accessible to those just starting in cyber security. Advanced topics like API Security, Cloud Security, or Thick Client Pentesting involve in-depth content, specialized tools, and tailored examples based on real-world scenarios, justifying a higher fee. Customization, such as preparing for certifications or addressing specific challenges, also impacts the pricing. Additionally, one-on-one sessions with personalized guidance require more preparation and focus, while group sessions may be priced more affordably per person. My goal is to balance accessibility with the value and expertise I provide.

Courses offered

  • Web Application Penetration Testing

    • Rs15000
    • Duration: 20 Hours
    • Delivery mode: Online
    • Group size: 5
    • Instruction language: English, Hindi, Urdu
    • Certificate provided: No
    Learn how to identify and exploit vulnerabilities in web applications, covering the OWASP Top 10, manual and automated testing, and real-world attack scenarios.

  • Mobile Application Security Testing

    • Rs15000
    • Duration: 15 Hours
    • Delivery mode: Online
    • Group size: 5
    • Instruction language: English, Urdu, Hindi
    • Certificate provided: No
    Understand how to secure Android and iOS apps, identify API vulnerabilities, and analyze mobile app behavior using tools like MobSF and Frida.

  • API Security Testing

    • Rs15000
    • Duration: 15 Hours
    • Delivery mode: Online
    • Group size: 5
    • Instruction language: English, Hindi, Urdu
    • Certificate provided: No
    Master the art of securing RESTful and GraphQL APIs, testing for common vulnerabilities like injection flaws, authentication bypasses, and rate-limiting issues.

  • Digital Forensics for Beginners

    • Rs20000
    • Duration: 20 Hours
    • Delivery mode: Online
    • Group size: 5
    • Instruction language: Urdu, English, Hindi
    • Certificate provided: No
    Learn the fundamentals of digital forensics, including disk imaging, evidence collection, and analyzing malicious activities using industry-standard tools.

  • Practical Ethical Hacking for Beginners

    • Rs25000
    • Duration: 30 Hours
    • Delivery mode: Online
    • Group size: 5
    • Instruction language: English, Hindi, Urdu
    • Certificate provided: No
    An all-in-one beginner’s guide to ethical hacking, covering reconnaissance, scanning, exploitation, and reporting.

  • Red Team Analyst

    • Rs80000
    • Duration: 50 Hours
    • Delivery mode: Online
    • Group size: Individual
    • Instruction language: English, Urdu, Hindi
    • Certificate provided: No
    In this comprehensive course, we will explore the full spectrum of Red Teaming, starting from fundamental concepts and progressing to advanced techniques. The curriculum is designed to provide a hands-on, immersive learning experience in several critical areas of cybersecurity.

    We will begin by delving into Network Exploitation, where you will gain an understanding of the different methods Red Team operators use to identify vulnerabilities in a network and exploit them. You will learn how to manipulate network protocols, gain unauthorized access, and pivot through a network to gain deeper access to target systems.

    Next, the course will cover Lateral Movement strategies. You will learn how attackers expand their foothold within a compromised network, moving from one system to another while maintaining stealth and control. This section will include practical techniques to move undetected and escalate privileges within the environment.

    A significant focus will be placed on Active Directory (AD) exploitation. Active Directory is a critical component of enterprise networks, and understanding how to exploit weaknesses in AD will enable you to simulate sophisticated attacks targeting corporate infrastructures. You will learn how to perform attacks such as Kerberos ticket manipulation, privilege escalation, and enumeration of users and groups.

    The course will also dive into Multi-Cloud Red Teaming, focusing on cloud environments like AWS (Amazon Web Services), Azure, and GCP (Google Cloud Platform). You will explore the unique challenges of Red Team operations in cloud environments, learning how to exploit misconfigurations, escalate privileges, and move across cloud services in the same way you would in traditional on-premise environments.

    In addition, we will cover Initial Access Techniques, where you will gain insight into the common methods used by attackers to gain their first foothold into a target network. This includes phishing, exploiting public-facing applications, and leveraging zero-day vulnerabilities.

    Finally, we will explore Data Exfiltration techniques. Once access to sensitive data has been established, you will learn how attackers stealthily extract that data without detection. This module will cover methods to bypass security measures, such as firewalls, intrusion detection systems (IDS), and data loss prevention (DLP) tools.

    Throughout the course, you will engage in hands-on labs, allowing you to apply what you've learned in real-world scenarios. This practical approach will ensure you gain the experience and skills necessary to execute Red Team operations with proficiency.

Reviews

No reviews yet. Be the first one to review this tutor.