// Open to opportunities

Alaaeddine Knani

Offensive Security Engineer with 5+ years of experience identifying and mitigating security vulnerabilities. 6x CVE publisher affecting plugins with 2M+ active installs, CTF champion across MENA and global competitions. Passionate about breaking things to make them stronger.

Get in Touch Download Resume LinkedIn GitHub

0

CTF 1st Places

0

Years Experience

0

CVEs Published

0

Certifications

// About Me

Who Am I?

$ whoami

alaaeddine.knani


$ cat role.txt

Offensive Security Engineer @ ODDO BHF

Cybersecurity Consultant (Freelance)


$ cat location.txt

Tunis, Tunisia


$ echo $LANGUAGES

Arabic (Native) | English (Bilingual) | French (Bilingual)


$ cat education.txt

B.Eng Network Security - Tek-Up University

B.Sc Computer Networks - ISITCom Sousse

Breaking Systems to Build Stronger Ones

I'm a cybersecurity professional with a deep passion for offensive security, vulnerability research, and competitive hacking. I've spent years dissecting systems at ODDO BHF while dominating CTF competitions across the MENA region.

My work spans proactive vulnerability management, secure code review, SIEM deployment aligned with ISO 27001, and cyber threat intelligence. As a freelance consultant, I investigate cyber threats and build resilient defense strategies.

Offensive Security Incident Response Threat Intelligence SIEM / ISO 27001 Secure Code Review Digital Forensics

// Experience

Work History

March 2023 - Present

Offensive Security Engineer

ODDO BHF Tunis, Tunisia

  • Collaborate with security teams on proactive vulnerability management, secure code review, and Cyber Threat Intelligence (CTI) initiatives
  • Deploy and manage SIEM solutions aligned with ISO 27001 standards to strengthen security posture and streamline threat detection & response
  • Work within teams of 25-30 members to protect and harden digital assets
June 2021 - Present

Cybersecurity Consultant

Freelance Remote

  • Investigate cyber threats and formulate protection strategies including incident response and data recovery protocols
  • Conduct system penetration tests to identify vulnerabilities and harden defenses, ensuring the protection of critical information

// Public Speaking

Talks & Presentations

Research presented at security events and conferences

WordPress Security
Hunting 0-Days in the WordPress Ecosystem
📅 2026 ⏱ 45 min 🎯 CVE-2025-68999 · CVE-2026-2600
From zero to CVE a practical guide to finding vulnerabilities in WordPress plugins. Covers methodology, AI-assisted hunting, Semgrep rules, and two real case studies with live PoCs.
View Presentation

// Research

Writeups

Technical deep-dives on CVEs I found and disclosed - plus cert reviews & research notes

CBTeamerX 🏆 90% · MERIT
Certified Blue Teamer eXpert - Exam Review & Tips
Honest, spoiler-free review of the CBTeamerX by PentestingExams.com. What the 7-hour practical exam actually tests, how to prepare, essential tools, MITRE ATT&CK mapping, DFIR methodology, and tips that make the difference between passing and merit.
Apr 22, 2026 · 12 min read read review →
CVE-2026-2600 6.4 MEDIUM
Stored XSS in ElementsKit Elementor Addons
Any Contributor can inject arbitrary JavaScript into the Simple Tab widget via the WordPress REST API, bypassing Elementor's client-side sanitization. The payload persists in the database and executes in every visitor's browser.
Apr 2026 · 16 min read read writeup →
CVE-2025-68999 8.5 HIGH
Second-Order SQL Injection in Happy Addons for Elementor
A Contributor-level account can dump the full WordPress database - password hashes, secret keys, anything - by storing a malicious custom field name and triggering the Happy Clone feature. Static analysis misses it because the injection source is a DB read, not a direct user input.
Jan 23, 2026 · 18 min read read writeup →

// Arsenal

Skills & Tools

🔍

Offensive Security

Penetration Testing Web Exploitation Threat Modeling Risk Assessment
🔬

Threat Hunting & DFIR

Threat Hunting Incident Response Forensic Analysis Volatility Autopsy
📊

Security Research

Vulnerability Research Code Review (PHP) Semgrep CVE Discovery PoC Development
🛠

Security Platforms

QRadar (SIEM) CrowdStrike Checkmarx Burp Suite
💻

Operating Systems

Unix / Linux Windows macOS

// Hall of Fame

CTF Achievements

Competing and winning across international cybersecurity competitions

🏆
1st Place

CSAW MENA Finals

2024 Abu Dhabi

🏆
1st Place

CyberTek CTF

2025

🏆
1st Place

SPARK CTF

2024

🏆
1st Place

Al-Farahidi Cybersecurity Competition

2023 Arab ICT Organization

🥈
2nd Place

CSAW MENA

2022 Qualified to Dubai

🏆
1st Place

CyberTalents Tunisia

2020 Qualified to Egypt

🏆
1st Regional • 5th Worldwide

Securinets CTF

2020

🏆
1st Place

National Cybersecurity Congress CTF

2020

// Security Research

CVE Discoveries

Vulnerabilities responsibly disclosed and assigned CVE identifiers

CVE ID Vulnerability CVSS Date
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget 6.4 Apr 3, 2026
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass 6.4 Apr 3, 2026
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget 6.4 Feb 13, 2026
CVE-2026-1271 ProfileGrid <= 5.9.7.2 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification 5.3 Feb 4, 2026
CVE-2026-1210 Happy Addons for Elementor <= 3.20.7 Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field 6.4 Feb 2, 2026
CVE-2025-68999 Happy Addons for Elementor <= 3.20.4 Authenticated (Contributor+) SQL Injection 8.5 Jan 23, 2026

// Credentials

Certifications

🛡

CBTeamerX

The SecOps Group • #11411905

April 2026 • With Merit

🔍

eCTHP

INE Security • #178277790

March 2026 • March 2029

🖥

CDAPen

The SecOps Group • #10991584

February 2026

🔐

CAPenX

The SecOps Group • #10962757

February 2026

📱

CMPen-Android

The SecOps Group • #10857491

December 2025

🌐

eWPTXv3

INE Security • #144374037

May 2025

💻

ISO 27001 Lead Implementer

PECB • ISPI1139769-2023-12

December 2023

🛠

eJPTv2

INE • #3a79731b

April 2023

// Get in Touch

Let's Connect

Open to security consulting, CTF collaborations, and new opportunities

Email

knaniaalaeddine@gmail.com
👥

LinkedIn

knani-alaaeddine
📞

Phone

(+216) 26 909 519