Penetration Tester · Red Team

Advanced
Offensive
Security.

I find the attack paths before adversaries do. Specialising in penetration testing, red team operations, and vulnerability research across enterprise environments.

OSCP+ HTB CPTS CBBH Pentest+ CCSE eJPT
Contact Me →
Verified Credentials
OSCP+
OSCP+
OffSec / Offensive Security
 HTB CPTS
HTB CPTS
Hack The Box
 CBBH
CBBH
Hack The Box
 Pentest+
Pentest+
CompTIA
 eJPT
eJPT
eLearnSecurity / INE
 CCSE
CCSE
EC-Council
6
Active Certifications
8+
Years Experience
OSCP+
Top Credential
4
Specialist Domains
01

Areas of Expertise

01

Network Penetration Testing

Advanced exploitation across enterprise networks. Lateral movement, privilege escalation, Active Directory attacks, and domain compromise.

02

Web Application Security

OWASP Top 10 and beyond. Business logic flaws, API security, authentication bypass, and custom exploit development across modern stacks.

03

Mobile Application Security

iOS and Android assessment. Static and dynamic analysis, reverse engineering, and runtime manipulation techniques.

04

Hardware Security

Firmware analysis, JTAG/UART interfaces, physical security testing, and embedded system vulnerability assessment.

02

Tools & Tech Stack

Exploitation
Metasploit Cobalt Strike SQLmap Impacket
Web & API
Burp Suite Pro ffuf Nikto OWASP ZAP
Recon & OSINT
Nmap Maltego Shodan Amass Recon-ng
Active Directory
BloodHound Rubeus CrackMapExec Mimikatz
Mobile
Frida MobSF apktool jadx objection
Password
Hashcat John the Ripper Hydra
03

Experience & Education

2022 — Present Current
Cyber Security Engineer
Confidential
Leading penetration testing engagements and security assessments for enterprise clients. Full-scope red team operations from external reconnaissance through domain compromise, with commercial-grade reports and actionable remediation guidance.
2020 — 2022 FT
Cyber Security Engineer
Netsol Technologies
Network and web application penetration testing, vulnerability assessments, and security audits. Developed internal security tooling and strengthened the security posture of enterprise fintech products across international markets.
2018 — 2020 MSc
Masters in Cybersecurity
Graduate Studies
Advanced postgraduate study in network security, cryptography, digital forensics, and offensive security methodologies. The structured bridge from software engineering into a career in offensive security.
2016 — 2018 FT
Software Engineer
Industry
Full-stack software development with deep expertise in application architecture, APIs, and development lifecycles — knowledge that now directly informs application security assessment and exploit development work.
04

Services & Engagements

01
Web Application Pentest
Full OWASP Top 10 assessment, business logic testing, API security review, and authenticated and unauthenticated testing.
Scope definition & recon Manual & automated testing Proof-of-concept exploits Detailed remediation report
Enquire →
02 · Most Requested
Network Penetration Test
External and internal network assessment through to domain compromise. Full kill-chain documentation and executive summary.
External & internal scope AD & lateral movement Kill-chain documentation Executive summary
Enquire →
03
Red Team Operation
Adversary simulation with real-world TTPs across physical, digital, and social engineering vectors to test detection and response.
Custom threat scenarios Physical access attempts Social engineering Purple team debrief
Enquire →
05

Writeups & Research

HTB Writeup 2024
Active Directory — From User to Domain Admin
Chaining Kerberoasting, AS-REP roasting, and DCSync for full domain compromise in a complex enterprise AD environment.
Read writeup →
Research 2024
Bypassing Modern WAFs with Custom Payload Encoding
Evading web application firewalls using encoding chains, HTTP request smuggling, and parameter pollution techniques.
Read writeup →
Mobile 2023
Certificate Pinning Bypass on Android — A Practical Guide
Using Frida to hook SSL validation functions and intercept traffic from certificate-pinned Android applications.
Read writeup →

Let's discuss your security posture.

Available for penetration testing engagements, red team consulting, and security advisory work. Enterprise clients welcome.

Send Message → altamish1994@gmail.com