About
Hey, I’m Elmehdi , a cybersecurity engineer passionate about offensive security and breaking things .
I specialize in web & API pentesting, Active Directory attacks, and I’m always chasing that next foothold. When I’m not working on real engagements, you’ll find me grinding on Hack The Box and Vulnlab, or writing about what I learned along the way.
🎓 Education
Double Degree in Cybersecurity & Networks
- 🇫🇷 INSA Centre-Val de Loire — Cybersecurity Engineering (2024 – Present)
- 🇲🇦 ENSA Kénitra — Networks & Telecommunications Engineering (2020 – Present)
🏅 Certifications & Labs
| 🟠 HTB | Pro Lab: Dante | Penetration Tester Path (CPTS Path) | Web Application Pentester Path (CWES Path) |
| 🔴 CyberWarfare Labs | CRTA | WEB-RTA | |
| 🟡 TCM Security | Practical Ethical Hacker | Windows Privilege Escalation | Linux Privilege Escalation |
| 🟢 INE | eJPTv2 | ||
| 🔵 In progress | CWES | OSCP |
🧩 CTF & Community
Solo player on Hack The Box and Vulnlab. Ranked Masters — Level 62 on HTB.
I also design CTF challenges, including projects for INSA-CVL and ENSAK clubs . Used to be a member of Cyber Cohesion .
🔬 Projects
- AV Evasion on Windows 11 — bypassed Defender with a 2-stage payload using Havoc C2 + Metasploit (writeup on this blog)
- Active Directory Lab — full attack chain simulation: ADCS, NTLM Relay, Havoc C2
- Malware Development — custom trojans for educational exploration of evasion techniques
✍️ Why This Blog
I write about what I do : HTB writeups, pentest techniques, methodologies, research notes. If something clicked for me, I write it down so it might click for you too.