Hamed Kohi

Hamed Kohi

Biography

My name is Hamed Kohi, an Afghan-Canadian cybersecurity professional specializing in vulnerability research, programming and penetration testing.
I’m driven by a passion for uncovering and responsibly disclosing vulnerabilities in open-source systems, bolstering global cybersecurity efforts.

Since starting my journey in Kabul, Afghanistan in 2020, I’ve honed my skills after moving to Canada in 2022. Here, I’ve dived deep into vulnerability analysis, exploit development, and red team operations, mentoring aspiring researchers and delivering innovative security solutions.

My work reflects a commitment to collaboration, continuous learning, and pushing the boundaries of cybersecurity excellence.

Certifications

  1. Certified Penetration Testing Specialist (CPTS, pending)
  2. Certified Red Team Operator (CRTO, pending)
  3. Virtual Hacking Labs Certified (VHL+)
  4. Virtual Hacking Labs Advanced+ Certified

Common Vulnerabilities & Exposures (20x CVEs)

  1. CVE-2024-57601 (Stored XSS & PE, EasyAppointments)
  2. CVE-2024-57602 (CWE-307, EasyAppointments)
  3. CVE-2024-57603 (Login Bruteforce, ezBookkeeping)
  4. CVE-2024-57604 (OTP Bruteforce, ezBookkeeping)
  5. CVE-2024-57605 (Stored XSS, FuelCMS)
  6. CVE-2025-24854 (Stored XSS, Apache JSPWiki)
  7. CVE-2025-29868 (Privacy Leak, Apache Answer)
  8. CVE-2025-47939 (Unrestricted File Upload, Typo3 CMS)
  9. CVE-2025-45892 (XSS, OpenCart E-Commerce)
  10. CVE-2025-45893 (XSS, OpenCart E-Commerce)
  11. CVE-2025-8520 (SSRF, Vvveb CMS)
  12. CVE-2025-8518 (Code Injection, Vvveb CMS)
  13. CVE-2025-8521 (XSS, Vvveb CMS)
  14. CVE-2025-8519 (Internal File Read, Vvveb CMS)
  15. CVE-2025-9001 (Buffer Overflow, Lemon OS)
  16. CVE-2025-8976 (Cross-site scripting, Vvveb)
  17. CVE-2025-8975 (Cross-site scripting, Vvveb)
  18. CVE-2025-8772 (Server-side request forgery, NukeViet)
  19. CVE-2025-10254 (XSS, OnlyOffice)
  20. CVE-2025-10255 (XSS, OnlyOffice)

Cyber Missions

  1. Mission Cyber Sentinel (Completed)
    A global cyber mission that resulted in securing 446,000+ digital assets; see [delta.cyberm.ca] for results.
  2. Cyber Mounties Canada (Completed)
    A mission to build Canada's first multi-lingual, industry-approved & hands-on cybersecurity training platform; see [cyberm.ca].

Open-Source Projects

  1. Zerodayf (Zeroday Factory)

Core Skills

  1. Vulnerability Research & Development
  2. Desktop Application Development
  3. Full-Stack Web Development
  4. Malware Development
  5. Penetration Testing

Programming Languages

  1. C 11
  2. C# 10.0 and 7.3
  3. PowerShell
  4. Python 3
  5. JavaScript

Get in Touch

Feel free to reach out:

Email Me LinkedIn GitHub