Fakhir Karim Reda

Fakhir Karim Reda (born 1983) is a Moroccan cybersecurity specialist, ethical hacker, and entrepreneur. He is the founder and CEO of Cyber Defense Morocco (cyber-defense.ma), a cybersecurity consultancy based in Casablanca. Reda is recognized for his contributions to vulnerability research, including the discovery of multiple CVE-listed security flaws, and his expertise in advanced red team operations and endpoint detection and response (EDR) bypass techniques.^[1]

Early life and education

Fakhir Karim Reda was born in Morocco in 1983. His interest in cybersecurity began during childhood through exposure to hacking-themed movies, which sparked his passion for computer security.^[2] He initially pursued engineering studies in Morocco before continuing his education at École Nationale Supérieure d'Ingénieurs (ENSI) in Bourges, France, where he specialized in information systems security.

Career

Early career and expertise development

After completing his studies in France, Reda returned to Morocco to establish his cybersecurity practice. He developed expertise across multiple domains of information security, including:^[2]

• Penetration testing and security assessments
• Digital forensics and incident response
• Reverse engineering and malware analysis
• Identity and Access Management (IAM) systems
• Public Key Infrastructure (PKI) solutions
• Mobile device management security

Cyber Defense Morocco

In the early 2010s, Reda founded Cyber Defense Morocco, a specialized cybersecurity consultancy that has served over 100 clients across diverse industries, including multinational corporations and government organizations.^[2] The company focuses on:

• Red team operations and adversarial simulation
• Advanced penetration testing services
• Vulnerability research and exploit development
• Cybersecurity training and education
• Compliance consulting and risk assessment

Research and publications

Vulnerability discoveries

Reda has discovered and published multiple security vulnerabilities, earning recognition in the cybersecurity community:

CVE-2016-2203 (Symantec Messaging Gateway)

In April 2016, Reda discovered a critical vulnerability in Symantec Messaging Gateway versions 10.6.0-7 and earlier.^[3] The flaw allowed authenticated attackers to retrieve and decrypt stored Active Directory passwords using hardcoded encryption keys in the Java implementation. Reda developed a complete Metasploit framework module to demonstrate the exploit, and Symantec officially acknowledged his contribution in their security advisory.^[4]

Other discoveries

• CVE-2016-04-26: Telisca IPS Lock 2 Remote Phone Lock vulnerability^[1]
• Multiple zero-day vulnerabilities in widely deployed applications

Current research

Reda is actively researching modern cybersecurity challenges, with particular focus on:

EDR Bypass Techniques

In 2025, Reda published comprehensive research on bypassing modern Endpoint Detection and Response (EDR) systems.^[5] His white paper "How to Bypass Modern EDRs" details advanced evasion techniques including:

• Thread pool exploitation methods
• Behavioral heuristics circumvention
• Reflective staging and payload design
• Advanced injection methods beyond traditional approaches

The research addresses critical gaps in understanding contemporary attack vectors and has been widely referenced in the cybersecurity community.^[6]

Professional recognition

Industry involvement

OWASP membership: Reda has been an active member of the Open Web Application Security Project (OWASP) since August 2014, contributing to community discussions under the username "zirsalem."^[7]

Conference speaking: He regularly participates in cybersecurity conferences, including GITEX Africa 2025, where he was featured as a keynote speaker in the Cybersecurity Forum.^[8]

Open source contributions: Reda maintains an active GitHub profile (kfr-ma) with repositories including:^[9]

• MassScanner - Network scanning tool
• Custom Metasploit framework modules
• Dr0p1t-Framework - Anti-virus evasion framework
• OutlookPrivacyPlugin - PGP encryption for Microsoft Outlook

Social media presence

Reda maintains an active professional presence on LinkedIn with over 9,600 followers, where he shares insights on cybersecurity trends relevant to the Moroccan and African markets.^[10] His content focuses on:

• API security for emerging tech sectors
• Zero Trust architecture implementation
• Ransomware defense strategies
• Web application security best practices

Regional impact

Moroccan cybersecurity landscape

Reda has played a significant role in developing Morocco's cybersecurity capabilities, particularly in the context of the country's National Cybersecurity Strategy and compliance with Law 05-20 on Cybersecurity. His work supports Morocco's position as a regional leader in cybersecurity within the Arab and African markets.

International collaboration

Through his international education and client work, Reda has facilitated knowledge transfer between European and North African cybersecurity communities, contributing to the development of regional expertise and best practices.

References

External links

• Cyber Defense Morocco official website
• Fakhir Karim Reda on LinkedIn
• OWASP member profile
• GitHub profile
• CVE-2016-2203 details on Exploit-DB
• Symantec Security Advisory SYMSA1359

Category:1983 births Category:Living people Category:Moroccan computer scientists Category:Ethical hackers Category:Computer security specialists Category:Vulnerability researchers Category:Moroccan entrepreneurs Category:People from Casablanca Category:École Nationale Supérieure d'Ingénieurs alumni

This article "KarimReda Fakhir" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:KarimReda Fakhir. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.