AHMED ANWAR ELSHNAWY
Al Madinah,Saudi Arabia
Summary
Cybersecurity professional specializing in ethical hacking, penetration testing, and vulnerability analysis with 3 years of experience in bug bounty programs and web/API security assessments. Currently pursuing Offensive Security Certified Professional (OSCP) certification to enhance skills in advanced attack simulations. Committed to continuous learning through hands-on labs, Capture The Flag (CTF) challenges, and personal projects. Focused on delivering proactive security assessments to strengthen organizational defenses.
Overview
6
6
years of professional experience
5
5
years of post-secondary education
1
1
Certification
Work history
Security Researcher
HackerOne
Remote
09.2022 - 11.2025
- Reported valid bugs to programs such as DOD Program and other private programs.
- Performed manual and automated testing using tools like Burp Suite, NMAP, Amass, FFUF, nuclei and SQLMAP.
- Practiced OWASP Top 10 methodology and conducted extensive reconnaissance, fuzzing, and post-exploitation analysis.
- Wrote detailed, high-impact reports with proof-of-concept scripts and remediation suggestions.
Team Leader
InnovEgypt
Cairo, Egypt
08.2019 - 12.2019
- Set performance expectations for the team, monitoring progress towards goals and providing constructive feedback as needed.
- Enhanced team productivity by implementing efficient work processes and regularly reviewing performance metrics.
- Established open and professional relationships with team members to achieve quick resolutions for various issues.
Education
Bachelor of Engineering - Telecommunications And Electronics Department
Mansoura College Academy
Mansoura, Egypt 09.2018 - 06.2023
Skills
- Web Application Security Testing
- API Security Testing
- OWASP Top 10
- Network Penetration Testing
- Vulnerability Assessment
- Active Directory Penetration Testing
- Privilege Escalation
- Lateral Movement
Certification
Offensive Security Certified Professional (OSCP) - OffSec (In Progress)
API Penetration Testing - APIsec University Novemeber, 2025
- Assessed REST/GraphQL APIs using Burp Suite, Postman, and custom scripts.
- Identified BOLA, Broken Auth, Mass Assignment, and logic flaws using OWASP API Top 10.
- Conducted JWT attacks, token replay, rate-limit bypass techniques, and API fuzzing.
Certified Red Team Professional (CRTP) - Altered Security October, 2025
- Active Directory Enumeration - Gathering Domain Information, user Information and Identifying misconfigurations
- Kerberos-Based Attacks - Kerberoasting, AS-REP Roasting and Pass-the-Ticket (PTT) attacks
- NTLM and Credential Attacks - Exploiting Pass-the-Hash (PTH), NTLM relay, and LLMNR/NBT poisoning
- Privilege Escalation - Identifying weak permissions, exploiting misconfigured Group policies (GPOs), abusing ACLs and abusing constrained and unconstrained delegation
- Persistence - abusing diamond, silver and golden tickets and abusing AdminSDHolder.
AWARDS & HONORS
- Oracle Security Top Credit, CVE-2022-21500
Projects
Active Directory Home Lab
• Designed and deployed a custom Windows Active Directory environment with multiple hosts,
including Domain Controller (DC), client machines, and vulnerable services to simulate enterprise
networks.
• Exploited misconfigurations such as Kerberoasting, AS-REP roasting, Pass-the-Hash,
LLMNR/NBT-NS spoofing, Unconstrained Delegation.
• Used tools such as BloodHound, Mimikatz, NetExec, Rubeus, SharpHound, and PowerView to
enumerate and exploit AD.
Timeline
Security Researcher
HackerOne
09.2022 - 11.2025
Team Leader
InnovEgypt
08.2019 - 12.2019
Bachelor of Engineering - Telecommunications And Electronics Department
Mansoura College Academy
09.2018 - 06.2023