About

About

Mustafa Eltayeb

Junior Penetration Tester · Offensive Security Engineer

Cairo, Egypt · mustafaeltayeb305@gmail.com

Penetration Tester Web Application Security Active Directory CTF Player Technical Writer
Download CV (PDF)

Summary

Penetration Tester with validated hands-on expertise in web application and network penetration testing, backed by HTB CPTS and CWES certifications. Experienced in conducting full-scope offensive security assessments with professional reporting aligned to OWASP Top 10 and PTES methodology.

Specializes in Active Directory attack chains — from initial enumeration through lateral movement to full domain compromise — and advanced web exploitation including authentication bypass, business logic abuse, and API security testing.

Active CTF competitor and technical writer with publicly documented research demonstrating real-world attack techniques and remediation strategies. Currently pursuing OSCP while completing a B.Sc. in Computer Science at Sinai University.


Technical Skills

Web Application Security

  • Full OWASP Top 10 coverage with deep expertise in Authentication & Session attacks, token manipulation, and modern bypass techniques
  • Advanced Business Logic Flaw exploitation and API Security testing — BOLA, Broken Function Level Authorization, Mass Assignment
  • REST & GraphQL API attack surface analysis
  • File Upload abuse, NoSQL Injection, OS Command Injection, Path Traversal, XSS, CSRF, SSRF, IDOR

Network & Active Directory

  • Full AD attack chains: enumeration with BloodHound/SharpHound, Kerberoasting, AS-REP Roasting, DCSync, Pass-the-Hash, Pass-the-Ticket
  • Post-exploitation, pivoting & tunneling using Impacket, CrackMapExec, Evil-WinRM
  • Network penetration testing: service enumeration, credential attacks, lateral movement

Tools & Technologies

CategoryTools
WebBurp Suite, SQLmap, ffuf, Nikto
NetworkNmap, Wireshark, Netcat, Metasploit
Active DirectoryBloodHound, Impacket, CrackMapExec, Rubeus
ScriptingPython, Bash, PowerShell

Certifications

CertificationStatus
HTB Certified Penetration Testing Specialist (CPTS)(Self Study)
HTB Certified Web Exploitation Specialist (CWES)(Self Study)
CompTIA PenTest+ (THM)Issued August 2025
ISC2 CandidateIssued April 2026
TryHackMe — Junior Penetration TesterIssued August 2025 · ID: THM-DQQ1N8JIXS
PentesterLab — PCAP, Essential, Unix, HTTP,API,Serialize,White, BadgesActive

Hands-on Experience

Hack The Box Completed machines across Web and Network tracks. Published detailed write-ups covering full exploitation paths, methodology, and lessons learned.

PortSwigger Web Security Academy Completed advanced labs across the full OWASP Top 10 — File Upload vulnerabilities, NoSQL Injection, OS Command Injection, Path Traversal, and more.

RootMe Solved and documented challenges covering all SQLi types, NoSQL Injection, Command Injection, JavaScript exploitation, and Source Code Analysis.

Infinity Platform Solved realistic web application challenges focused on advanced SQL Injection scenarios in black-box environments.

Vulnerability Research & Bug Bounty Identified and responsibly disclosed vulnerabilities in production web applications. Focused on authentication flaws, business logic issues, and OWASP Top 10 attack vectors.


Education

Bachelor of Information Technology — Computer Science & Software Engineering
Sinai University, Egypt · Expected: July 2027


Contact