Security Engineer specializing in Web, API, Mobile (Android), and Active Directory security.
I break systems (ethically), build reconnaissance tools, and document real-world attack techniques.

• 𓅇 B.Sc. in Systems & Computer Engineering from Al-Azhar University (2024)
• 𖤍 Certified: eWAPT (INE), CyberTalents Web/Mobile/AD Pentester, APIsec University
• 𓆲 ITI Graduate: Completed intensive 4-month Offensive Security & Penetration Testing program (2025)
• 𓅈 Focused on OWASP Top 10, API business logic flaws, Android static/dynamic analysis, and AD attack chains
• 𓅓 Building automation tools for reconnaissance and attack surface mapping
• 𓅉 Documenting security research, CTF writeups, and exploitation techniques
• 𓅆 Based in Cairo, Egypt

• 𓅈 Web & API Pentesting: Manual exploitation, authentication bypass, JWT manipulation, business logic vulnerabilities
• 𓆲 Android Security: Static/dynamic analysis using Frida, JADX, MobSF, and objection
• 𖤍 Active Directory Attacks: Lateral movement, privilege escalation, Kerberos exploitation
• 𓅓 FalconRecon – Bash-based reconnaissance automation framework for attack surface enumeration → View Project
• 𓅉 FalconServiceAnalyzer – Android service attack surface analyzer with automated command generation
• 𓅂 Daily Security Notes → TIL Documentation

• 𓅓 Technical articles on web, API, and mobile exploitation
• 𓅈 CTF walkthroughs from PortSwigger Academy, TryHackMe, HackTheBox, CyberTalents
• 𓆲 Real-world attack vectors and remediation guidance
• 𓅂 Read my writeups on Medium

• eWAPT — eLearnSecurity Web Application Penetration Tester (INE)
• Certified Web Application Penetration Tester — CyberTalents / ITI
• Certified Mobile Penetration Tester — CyberTalents / ITI
• Certified Active Directory Penetration Tester — CyberTalents / ITI
• API Penetration Testing — APIsec University