About
Mustafa Eltayeb
Junior Penetration Tester · Offensive Security Engineer
Cairo, Egypt · mustafaeltayeb305@gmail.com
Summary
Penetration Tester with validated hands-on expertise in web application and network penetration testing, backed by HTB CPTS and CWES certifications. Experienced in conducting full-scope offensive security assessments with professional reporting aligned to OWASP Top 10 and PTES methodology.
Specializes in Active Directory attack chains — from initial enumeration through lateral movement to full domain compromise — and advanced web exploitation including authentication bypass, business logic abuse, and API security testing.
Active CTF competitor and technical writer with publicly documented research demonstrating real-world attack techniques and remediation strategies. Currently pursuing OSCP while completing a B.Sc. in Computer Science at Sinai University.
Technical Skills
Web Application Security
- Full OWASP Top 10 coverage with deep expertise in Authentication & Session attacks, token manipulation, and modern bypass techniques
- Advanced Business Logic Flaw exploitation and API Security testing — BOLA, Broken Function Level Authorization, Mass Assignment
- REST & GraphQL API attack surface analysis
- File Upload abuse, NoSQL Injection, OS Command Injection, Path Traversal, XSS, CSRF, SSRF, IDOR
Network & Active Directory
- Full AD attack chains: enumeration with BloodHound/SharpHound, Kerberoasting, AS-REP Roasting, DCSync, Pass-the-Hash, Pass-the-Ticket
- Post-exploitation, pivoting & tunneling using Impacket, CrackMapExec, Evil-WinRM
- Network penetration testing: service enumeration, credential attacks, lateral movement
Tools & Technologies
| Category | Tools |
|---|---|
| Web | Burp Suite, SQLmap, ffuf, Nikto |
| Network | Nmap, Wireshark, Netcat, Metasploit |
| Active Directory | BloodHound, Impacket, CrackMapExec, Rubeus |
| Scripting | Python, Bash, PowerShell |
Certifications
| Certification | Status |
|---|---|
| HTB Certified Penetration Testing Specialist (CPTS) | (Self Study) |
| HTB Certified Web Exploitation Specialist (CWES) | (Self Study) |
| CompTIA PenTest+ (THM) | Issued August 2025 |
| ISC2 Candidate | Issued April 2026 |
| TryHackMe — Junior Penetration Tester | Issued August 2025 · ID: THM-DQQ1N8JIXS |
| PentesterLab — PCAP, Essential, Unix, HTTP,API,Serialize,White, Badges | Active |
Hands-on Experience
Hack The Box Completed machines across Web and Network tracks. Published detailed write-ups covering full exploitation paths, methodology, and lessons learned.
PortSwigger Web Security Academy Completed advanced labs across the full OWASP Top 10 — File Upload vulnerabilities, NoSQL Injection, OS Command Injection, Path Traversal, and more.
RootMe Solved and documented challenges covering all SQLi types, NoSQL Injection, Command Injection, JavaScript exploitation, and Source Code Analysis.
Infinity Platform Solved realistic web application challenges focused on advanced SQL Injection scenarios in black-box environments.
Vulnerability Research & Bug Bounty Identified and responsibly disclosed vulnerabilities in production web applications. Focused on authentication flaws, business logic issues, and OWASP Top 10 attack vectors.
Education
Bachelor of Information Technology — Computer Science & Software Engineering
Sinai University, Egypt · Expected: July 2027
Contact
| Platform | Link |
|---|---|
| mustafaaltayeb333@icloud.com | |
| linkedin.com/in/t4t4r1s | |
| HackTheBox | app.hackthebox.com/profile/t4t4r1s |
| TryHackMe | tryhackme.com/p/t4t4r1s |
| Twitter / X | @mustafa_altayeb |
| GitHub | github.com/t4t4r1s |