Offensive Security Researcher

My name is Ayman

I'm a

I help organizations find and exploit security weaknesses before real attackers do — across modern web applications, internal networks, and Active Directory environments. My work combines hands-on offensive testing with clear, business-grade reporting so engineering teams can ship fixes that actually reduce risk.

Burp Suite BloodHound Nmap Impacket Metasploit
Hire Me Read Research
Portrait of Ayman Azzam, offensive security researcher

By the Numbers

Tangible signals of consistent offensive security practice — research output, vulnerability documentation, controlled lab work, and tooling shipped to the community.

0 Security Writeups
0 Vulnerabilities Documented
0 Labs & CTFs Completed
0 Security Tools Developed

Services

Offensive security and secure-by-design engineering for teams that take their security posture seriously — from focused web application assessments to full-scope adversary simulation.

Most Requested

Web Application Penetration Testing

Black-box and grey-box assessments of modern web applications and APIs. I identify and validate OWASP Top 10 issues — XSS, SQL injection, CSRF, IDOR, broken access control, SSRF, authentication and business-logic flaws — and deliver clear, reproducible findings with remediation that engineering can act on the same day.

  • Manual exploitation + targeted automated scanning
  • Full OWASP Top 10 + business-logic coverage
  • Reproducible proof-of-concept for every finding
  • Executive summary + technical report
  • Free post-fix verification round
Burp Suite OWASP ZAP SQLmap Nikto

Network & Active Directory Pentesting

Internal and external network assessments covering exposed services, misconfigurations, weak credentials, and lateral movement paths. Active Directory engagements include Kerberoasting, AS-REP roasting, ACL abuse, delegation issues, and BloodHound-driven attack-path analysis.

  • External and internal scoping
  • Service enumeration and exploitation
  • AD attack-path analysis with BloodHound
  • Wireless & VPN posture review
  • Detection-focused remediation roadmap
Nmap BloodHound Impacket Nessus Wireshark

Red Team & Adversary Simulation

Objective-based red team engagements that go far beyond vulnerability scanning. I emulate real-world attacker tradecraft — initial access, persistence, privilege escalation, lateral movement, and exfiltration — to test how your people, processes, and detections actually respond under pressure.

  • Full attack lifecycle simulation
  • Phishing & social engineering campaigns
  • Post-exploitation and persistence testing
  • Threat modeling and attack-surface mapping
  • Debrief with detection & response gap analysis
Metasploit Phishing Hashcat C2 Tradecraft

Secure-by-Design Development

End-to-end web application development with security baked in from day one — never bolted on after launch. Built with React, Node.js, and Python backends, applying secure coding, input validation, hardened authentication, and secrets management at every layer.

  • Frontend: React, JavaScript, Tailwind CSS
  • Backend: Node.js, Express, Python (Flask/Django)
  • Hardened auth & session management
  • Docker deployment + CI/CD pipelines
  • Post-launch vulnerability review included
React Node.js Python Docker

Need a focused engagement? Let's scope it together.

Discuss Your Project

Latest Research

The most recent writeups, attack-chain analyses, and vulnerability research published on this site. Updated as new engagements and lab work are sanitized for public release.

Loading the latest research…

Browse all writeups

Projects

A curated portfolio of technical work across offensive security tooling, secure web development, and applied cybersecurity research.

Featured Project

Port Scanner + WAF Detection Toolkit

A modular reconnaissance toolkit that mirrors a real penetration testing workflow. Combines port scanning, web application firewall fingerprinting, and Censys integration to accelerate target discovery and inform attack-path decisions during engagements.

View Featured Project More on GitHub

Showing all projects.

IoT Smart Home Application
Web Development

IoT Smart Home Application

Designed and tested a smart home network and web application workflow to evaluate LAN performance, latency, and reliability under real-world usage conditions.

View Project
Port Scanner and WAF Detection Toolkit
Security Tooling

Port Scanner + WAF Detection Toolkit

Built a modular Python reconnaissance tool that performs port scanning, fingerprints web application firewalls, and integrates Censys data for deeper target visibility.

View Project
NIST Based Cybersecurity Architecture
Security Architecture

NIST-Based Cybersecurity Architecture

Produced a risk-based security architecture aligned with NIST CSF 2.0, including controls, governance priorities, and implementation planning for a university environment.

View Project
Keylogger Proof of Concept
Offensive Tooling

Keylogger Proof of Concept

Developed a controlled proof of concept to demonstrate endpoint monitoring risk and data exfiltration pathways, then documented detection signals and defensive controls.

View Project
Vulnerability Discovery and Analysis project preview
Vulnerability Assessment

Vulnerability Discovery and Analysis

Executed structured enumeration and vulnerability assessment workflows to identify weak points, validate impact, and provide practical remediation guidance.

View More Work

Writeups & Research

A curated collection of vulnerability writeups, red team notes, Active Directory attack chains, and original security research. Each entry documents methodology, findings, impact, and remediation — written for both technical readers and hiring managers.

Browse all tags

Showing all writeups.

Stored XSS in Admin Dashboard
Web

Stored XSS in Admin Dashboard

Discovery, reproducible PoC, and remediation guidance for a stored cross-site scripting vulnerability in an administrative messaging component.

XSS Burp Suite CVSS High
Read
Active Directory enumeration workflow
Active Directory

Active Directory Enumeration Workflow

End-to-end AD recon workflow used during real engagements: domain discovery, ACL analysis, BloodHound collection, and detection signals to prioritize defense.

AD BloodHound PowerShell
Read
Kerberoasting attack chain
Active Directory

Kerberoasting Attack Chain

Technical research into Kerberoasting on modern Windows environments — full attack chain, detection telemetry, PoC scripts, and Kerberos hardening guidance.

Kerberos Impacket Hashcat
Read
TryHackMe Red Team capstone writeup
TryHackMe

TryHackMe Red Team Capstone

Lab-to-field writeup of a TryHackMe red team capstone — objective-based planning, execution notes, pivoting techniques, and post-engagement lessons learned.

THM Red Team Pivoting
Read
IDOR exploitation analysis
Web

IDOR Exploitation Analysis

In-depth analysis of an insecure direct object reference in a file-download endpoint — exploitation logic, business impact, and robust server-side authorization patterns.

IDOR Burp Suite AuthZ
Read
Web cache poisoning research
Research

Web Cache Poisoning Research

Original research on cache poisoning vectors against modern CDNs and reverse proxies — PoC payloads, cache-key analysis, and hardening recommendations.

Cache CDN Research
Read

Sanitized Reports

Redacted, sanitized excerpts from real penetration testing engagements and lab assessments. Each report follows industry-standard formatting — executive summary, scope, methodology, findings, evidence, and remediation. Suitable for recruiters and engineering managers evaluating writing and reporting quality.

High Web App Pentest

Acme SaaS — Web Application Assessment (Sanitized)

Black-box assessment of a multi-tenant SaaS platform. Identified IDOR in tenant data exports, stored XSS in admin notifications, and weak session invalidation.

  • 2 weeks
  • 11 findings
  • PDF · 32 pages
Coming Soon
Critical Internal AD

Internal AD Engagement — Domain Compromise Path

Internal red team engagement against a hardened Active Directory environment. Documented full domain-compromise path through Kerberoasting and ACL abuse.

  • 3 weeks
  • Domain Admin
  • PDF · 48 pages
Coming Soon
Medium Vulnerability Research

Cache Poisoning Research Brief

Original research brief on web cache poisoning across CDN configurations. Includes PoC payloads, cache-key analysis, and recommended cache hardening policies.

  • Lab
  • Original research
  • PDF · 14 pages
Coming Soon

All reports published here are fully sanitized — client names, hostnames, IPs, and identifying screenshots are redacted or replaced with neutral lab equivalents.

Contact Me

For engagements, collaborations, or responsible disclosure — send a brief description and I'll get back to you with next steps and an NDA template if needed.