Hi, I’m Salah — an offensive security engineer uncovering what others miss
I break systems to make them secure — simulating real-world attacks on networks, applications, and cloud environments, uncovering vulnerabilities before attackers do
My superpowers
Breaking to Build
I simulate real-world attacks to uncover hidden vulnerabilities and fortify enterprise defenses before adversaries strike.
Seeing What Others Don’t
I spot hidden risks and connections that aren’t obvious, uncovering how a small issue can turn into a bigger problem.
Making Security Simple
I create impactful visuals that tell compelling stories and elevate digital content.
Thinking on the Fly
I quickly understand situations and adapt instantly, turning insight into action with minimal explanation.
Biography
I’m an offensive security engineer and cybersecurity consultant with over six years of experience helping organizations identify and fix critical security weaknesses before they can be exploited. My journey started early. At 13, I became fascinated by how systems work and, more importantly, how they break. What began as curiosity quickly turned into a real passion for ethical hacking. By 2011, I was already learning and experimenting with real-world techniques, driven by a need to understand how attackers think.
Today, I specialize in simulating real-world attacks across enterprise environments, including corporate networks, cloud platforms, and modern applications. I work with leading organizations, including large enterprises and financial institutions, to uncover hidden vulnerabilities, expose attack paths, and strengthen their defenses. I don’t rely only on automated tools. I approach every engagement with an attacker’s mindset, combining creativity with deep technical expertise to find issues others often miss. I focus on delivering clear, practical insights and work closely with engineering teams to make sure problems are properly understood and fixed. For me, cybersecurity isn’t just a job. It’s something I’ve been building toward since I was a kid, and I’m always pushing to stay ahead of new threats.
Latest Posts
-
There is no excerpt because this is a protected post.
-
Disclaimer: This blog post is intended for educational purposes only. It is not suitable for production use and should never be exposed to the public internet without implementing proper security measures. This setup is not intended for production use and isn’t advanced enough to emulate a full real world engagement. It lacks many other operational
-
In modern cloud environments, the question is no longer if an attacker can gain access, it’s what happens after they do! Whether access comes from leaked credentials, phishing, SSRF, or a compromised machine, the real objective isn’t initial access, it’s how that access is expanded, abused, and turned into control over the environment and how