Penetration Tester - Security Researcher
✉️ [email protected] — 🌐 LinkedIn — 📍October 6 City, Giza, Egypt
Full-time Bug Bounty Hunter and Penetration Tester with strong expertise in manual testing of web applications, APIs, and mobile apps, and solid practical experience in network and Active Directory security assessments. I combine methodical reconnaissance, hands-on exploitation, and post-exploit analysis to deliver thorough, practical findings. I bring a methodical and research-driven approach to security testing, combining technical depth with continuous learning to stay ahead of evolving threats. Dedicated to delivering high-quality assessments that strengthen organizational security and contribute to the broader cybersecurity community.
Bachelor of Science in Computer Science October 6 University | October 2020 - Jun 2024
Graduation Project : WiFi Based-Drones Pentesting Framework
Relevant Coursework:
Computer Security
Computer Networks
Data Structures and Algorithms
Cryptography
Web Development
Object-Oriented Programming
Full-Time Bug Bounty Hunter — Sep 2024 – Present
Actively engaged in bug bounty programs across multiple platforms, with a strong focus on fully manual testing of web applications, APIs, and mobile applications.
Profiles:
Web Applications Pentesting
- Deep knowledge of web security (OWASP Top 10), including SQL Injection, XSS, and CSRF.
- Expert in Burp Suite, OWASP ZAP, and manual testing for comprehensive assessments.
Network Pentesting
- Skilled in identifying vulnerabilities in network devices and configurations.
- Proficient with Nmap, Wireshark, and Metasploit for advanced network security analysis.
Active Directory Pentesting
- Experienced in assessing and exploiting Active Directory vulnerabilities.
- Skilled in Kerberoasting, Pass-the-Hash, and using tools like BloodHound and Mimikatz.
Mobile Applications Pentesting
- Specialized in securing mobile apps with reverse engineering and dynamic analysis.
- Proficient with APKTool, JADX, and Frida for in-depth mobile security assessments.
Programming
- Strong skills in C/C++, Python, Bash, and JavaScript.
- Capable of developing custom scripts for automation and secure application development.
Personal Knowledge Repository
- Red Team Second Brain: A curated repository of cybersecurity notes, research, and methodologies covering web, mobile, network, and Active Directory pentesting.
- Includes custom scripts and tools to automate tasks and simulate attacks, improving efficiency.
- Serves as a quick-reference and continuous learning resource, while also contributing insights and write-ups to the cybersecurity community.
- PWK (OSCP)
- HackTheBox Academy: 🔗 Bug Hunter Path
- HackTheBox Academy: 🔗 Penetration Tester Path
- 🔗 Android App Hacking Black Belt Edition
- TryHackMe
At October 6 University’s IEEE branch, I led the Cyber Security Group, where I organized workshops and facilitated discussions to enhance students' understanding of cybersecurity principles. I provided mentorship and support, driving skill development and knowledge sharing within the IEEE community, and cultivated a culture of exploration and innovation in cybersecurity.
▪️ My Blog – Write-ups and tutorials on web challenges.
▪️ HackTheBox Profile – Solved over 150 challenges and Machine.
▪️ TryHackMe Profile – 367 rooms completed, various cybersecurity topics.
▪️ Intigriti Profile – Bug bounty submissions and acknowledged vulnerabilities.
