Open to opportunities

AL-NESR User

@al-nesruser

Message

Junior penetration tester focused on web/API security and delivering actionable remediation.

Egypt

Message

What I'm looking for

I seek hands-on offensive security roles focused on web/API testing, continuous learning, clear reporting, mentorship, and growth into senior pentesting or red-team positions.

I am a Junior Penetration Tester with hands-on experience in web and API security testing, practical lab exploitation, and real-world bug bounty programs.

I have completed a capstone full black-box pentest on an e-commerce application, identifying and exploiting critical vulnerabilities such as SQL Injection, Stored XSS, and IDOR, and delivering prioritized remediation reports.

I practiced offensive workflows on Hack The Box and used tools including Nmap, Burp Suite, FFUF, Hydra, LinPEAS, and Metasploit to perform enumeration, privilege escalation, and exploitation, improving my methodology and reporting skills.

I actively participate in bug bounty platforms (HackerOne, Bugcrowd), follow responsible disclosure processes, and am committed to improving organizational security posture through clear, actionable findings and continuous learning.

Experience

Work history, roles, and key accomplishments

Current

Bug Bounty Hunter

Current

Independent

Nov 2025 - Present (0 months)

Conducting bug bounty research on HackerOne and Bugcrowd, performing structured reconnaissance and vulnerability discovery and reporting issues like IDOR, XSS, and misconfigurations under responsible disclosure.

Bug Bounty IDOR XSS Vulnerability Discovery Responsible Disclosure Burp suite Automation Tools

Penetration Tester (Labs)

Hack The Box

Jun 2024 - Nov 2025 (1 year 5 months)

Completed multiple vulnerable machines applying enumeration, privilege escalation, and exploitation techniques while documenting methodologies and internal write-ups to improve reporting skills.

Nmap Burp suite Ffuf LinPEAS Enumeration Technical Documentation

Penetration Tester

Ginandjuice Shop

Aug 2024 - Sep 2024 (1 month)

Conducted a black-box penetration test on an e-commerce web application, identifying and exploiting critical vulnerabilities (SQLi, stored XSS, IDOR) and delivering a prioritized remediation report.

OWASP Testing SQL Injection XSS IDOR Burp suite Reporting Vulnerability Assessment

Education

Degrees, certifications, and relevant coursework

Bani Suef National University

Bachelor of Science, Computer Science

2022 -

Grade: 3.010

Activities and societies: Represented university in ICPC (Honorable Mention); joined DEPI and NTI practical training programs.

Pursuing a B.Sc. in Computer Science with coursework in networks, web technologies, operating systems, and cybersecurity fundamentals; participated in ICPC (Honorable Mention) and practical training programs to strengthen penetration testing skills.