About

I am Ibrahim M. ElSayed. I am a Security Engineer with around 15 years of experience.

I specialise in leveraging program analysis to detect and prevent security vulnerabilities at scale. With over a decade of expertise in building advanced static analysis tools, I've contributed to securing massive codebases (+500M LoC) written in languages like PHP, Python, and Java.

I have a deep interest in end-to-end encrypted (E2EE) messaging applications, both for the critical privacy guarantees they provide and the unique security risks they introduce. As a high-value, 0-click attack surface with minimal telemetry for privacy reasons, they present fascinating security challenges. I enjoy vulnerability research on applications like WhatsApp, Signal, Telegram, and other E2EE messaging platforms.

I occasionally share my work at conferences and guest lectures, though I could probably do a better job of talking more. I’ve presented at Black Hat USA, Black Hat MEA, PyCon 2021, OWASP London, and the Arab Security Conference. I’ve also been a guest lecturer at several universities, including University College London (UCL), Royal Holloway, Cambridge, Imperial College London, École 42 (France), the University of Alberta (Canada), and the Arab Academy for Science, Technology & Maritime Transport (Egypt).

Currently, I work as a Security Engineer at Meta and am a frequent guest lecturer at Imperial College. I also do security review consulting from time to time—so if you have something interesting, don’t hesitate to reach out. ;)