Vahagn Vardanyan, Developer in Yerevan, Armenia
Vahagn is available for hire
Hire Vahagn

Vahagn Vardanyan

Verified Expert  in Engineering

Cybersecurity Engineer and Developer

Yerevan, Armenia

Toptal member since September 26, 2022

Bio

Vahagn is an experienced professional with over 10 years of experience in cybersecurity. During this time, he found numerous zero-day vulnerabilities in SAP, Oracle, Microsoft, IBM, PHP, and TeamViewer. For the last two years, Vahagn has worked as the CTO of RedRays, where he has provided penetration testing, vulnerability assessment, and other cybersecurity services.

Portfolio

RedRays
IT Project Management, Penetration Testing, Software Development, Security...
T-Systems International
Burp Suite, Dynamic Application Security Testing (DAST)...
Self-employed
Burp Suite, Security, IT Security, IT Audits, Vulnerability Identification...

Experience

  • Burp Suite - 10 years
  • Java - 10 years
  • SAP Security - 10 years
  • Penetration Testing - 10 years
  • Zero-day Vulnerabilities - 10 years
  • SAP - 8 years
  • Secure Coding - 7 years
  • Interactive Disassembler (IDA) Pro - 4 years

Availability

Full-time

Preferred Environment

Windows, Linux, Interactive Disassembler (IDA) Pro, Burp Suite, OWASP Zed Attack Proxy (ZAP), PyCharm, IntelliJ IDEA, Amazon Web Services (AWS), Vulnerability Identification

The most amazing...

...project I've worked on is a security platform's SAP and Oracle ERP systems. The platform analyzed vulnerabilities and missing configurations.

Work Experience

CTO

2020 - 2023
RedRays
  • Created a strategy for analyzing and finding vulnerabilities in SAP, Oracle, and Microsoft's ERP systems.
  • Handled cybersecurity and managed the security analytics team.
  • Served as a penetration testing and vulnerability assessments team lead.
  • Acted as a senior security researcher in RedRays' research and development center.
Technologies: IT Project Management, Penetration Testing, Software Development, Security, IT Security, IT Audits, Amazon Web Services (AWS), Vulnerability Identification, Cybersecurity, OWASP Top 10, Application Security, Web Security, Web App Security

Cybersecurity Architect

2018 - 2020
T-Systems International
  • Conducted penetration testing and vulnerability assessment of IoT systems.
  • Performed source code analysis using C++, Java, C#, and Python and worked on secure CI/CD implementation.
  • Executed cloud infrastructure analysis for Amazon and Google using Azure.
Technologies: Burp Suite, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Penetration Testing, Vulnerability Assessment, C++, Java, C#, Python, Azure, Security, IT Security, IT Audits, Vulnerability Identification, Cybersecurity, OWASP Top 10, Application Security, Web Security, Web App Security

Bug Bounty Hunter

2012 - 2018
Self-employed
  • Joined HackerOne as a bug bounty member in 2014 and was in the top ten bug hunters for that year.
  • Served as a vulnerability researcher and member of Synack's Red Team.
  • Acted as an SAP cybersecurity researcher and found over 100 zero-day vulnerabilities.
Technologies: Burp Suite, Security, IT Security, IT Audits, Vulnerability Identification, Cybersecurity, OWASP Top 10, Application Security, Web Security, Web App Security

TeamViewer Password Insecure Storage

https://github.com/vah13/extractTVpasswords
Researched TeamViewer's software password manager in 2018 and discovered that TeamViewer saved passwords without encrypting them, meaning that any low-privileged user could use memory to extract passwords.

Remote Authentication Bypass of TeamViewer Software

https://nvd.nist.gov/vuln/detail/CVE-2018-16550
Conducted research on TeamViewer software remote login functionality in 2018 and found a vulnerability that puts PINs for the remote machine at risk and would allow someone from outside the company to log in to the remote machine.

Exploit Chains to Get Full Access to SAP Systems

https://github.com/vah13/SAP_exploit
Discovered three vulnerabilities in SAP NetWeaver by performing cybersecurity research in 2016. If someone were to use all three vulnerabilities simultaneously, they could get full access to the SAP Netweaver system.

Using these vulnerabilities, they wouldn't require authorization to discover user logins, get login password hashes, decrypt all user passwords, and log in to the SAP admin console.

Security Issue with Windows ZIP Files

https://github.com/vah13/Win_ZIP_password
Performed cybersecurity research on Windows 10 systems in 2018 and discovered a vulnerability with the default ZIP functionality. Microsoft added a new feature for encrypted ZIP files, which was implemented to make the system more user-friendly.

After the feature was released, the system would save the file password to its memory once a user opened an encrypted ZIP file. When the user tried to open the ZIP file again, Windows would take the file path, search the memory, and use the stored password. I discovered that it was possible to see the encrypted ZIP file's password by hooking SHUnicodeToAnsi from shlwapi.dll.

Oracle ERP Software Security Research

https://github.com/vah13/OracleCVE
Carried out cybersecurity research between 2016 and 2020 and analyzed the security of Oracle's software, which led to identifying multiple critical vulnerabilities and finding numerous security issues.

CVE-2022-39802 - Critical issue in SAP NetWeaver

With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.

The URL used to inquire about this data included a file path argument that could be modified to provide unrestricted directory browsing on the remote server. The operating system user running the NetWeaver process or service could access the files in each directory, and the code fix in the patch takes care of the route internally. This prevents the value from being sent in dynamically as a query string. With a CVSS score of 9.9, the effect on confidentiality, integrity, and availability may be substantial depending on the information accessed during an attack.

SAP suggests a temporary fix in which sensitive data is removed from the file systems available to the operating system user, and the operating system user's access to unnecessary file paths is restricted.

Ai-powered Password Testing for Abap Stack

https://redrays.io/ai-powered-password-testing-for-abap-stack/
Introducing our groundbreaking AI-powered password testing module for ABAP stack, a cutting-edge solution designed to revolutionize password security. This advanced module utilizes artificial intelligence and machine learning algorithms to analyze and evaluate password strength with unprecedented accuracy. With an extensive database of over 20 million passwords, including leaked credentials, our module employs intelligent brute force techniques to identify weak and easily guessable passwords.
2009 - 2015

Master's Degree in Mathematics and Computer Science

National Polytechnic University of Armenia - Yerevan, Armenia

MAY 2020 - PRESENT

Synack Red Team Top 10 Security Tester

Synack

MARCH 2014 - PRESENT

HackerOne Top 10 Security Tester in 2015

HackerOne

Tools

IntelliJ IDEA, SAP Security, Interactive Disassembler (IDA) Pro, OWASP Zed Attack Proxy (ZAP), PyCharm

Languages

Java, Python, C++, C#

Paradigms

Penetration Testing

Platforms

Burp Suite, Windows, Linux, Azure, Amazon Web Services (AWS)

Industry Expertise

Cybersecurity

Other

Vulnerability Management, Zero-day Vulnerabilities, Security, IT Security, IT Audits, Vulnerability Identification, OWASP Top 10, Application Security, Web Security, Web App Security, Software Development Lifecycle (SDLC), Dynamic Application Security Testing (DAST), Vulnerability Assessment, Static Application Security Testing (SAST), IT Project Management, Software Development, Red Teaming, Low-level Programming, SAP, Secure Coding, SAP ERP, SAP Manufacturing Execution (SAP ME)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring