Mohamed Salah

Security Researcher | Pentester | Bug Bounty Hunter

Giza, Al Jizah, Egypt

About

To build the best defense, you must first master the art of the attack. As a Penetration Tester and Mobile Security Researcher, my core competence is purely offensive. I specialize in reverse engineering applications, bypassing runtime protections using Frida, and executing complex exploit chains. My approach goes beyond compliance—I deconstruct systems to predict exactly how and where they will fail under targeted attacks. If you need an offensive specialist to find your critical vulnerabilities before threat actors do, I would be delighted to connect.

Experience

  • Ethical Hacking Trainee at National Telecommunication Institute (NTI)
    Apr 2026 - Present · 4 mos

    Completed CEH-aligned ethical hacking training covering reconnaissance, vulnerability analysis, system hacking, web application testing, wireless/cloud/IoT security basics, and technical reporting. Practiced Active Directory attack-path reasoning, including enumeration, ACL abuse, password reset rights, group nesting, privilege escalation paths, and DCSync concepts. Completed soft skills and business skills training focused on technical communication, presentation delivery, teamwork, and business-friendly security reporting.

  • Android Pentesting Intern at Orange Digital Center Egypt
    Jan 2026 - Jan 2026 · 1 mo

    Completed an intensive, hands-on bootcamp focused on advanced Android application security and penetration testing. Vulnerability Assessment: Conducted deep-dive analysis on vulnerable Android applications (InsecureShop, InsecureBankv2, AllSafe, Beetlebug) to identify security flaws beyond standard CTF flags. Source Code Analysis: Performed static and dynamic analysis to understand the root causes of vulnerabilities within the Android Manifest and Java/Kotlin source code. Technical Documentation: Authored a comprehensive series of technical write-ups detailing exploitation paths, code analysis, and remediation strategies for real-world scenarios. Device Security: Gained practical experience in Android rooting and upgrading processes within a Linux environment.

  • Red Teaming Intern at CORELIA
    Sep 2025 - Jan 2026 · 5 mos

    1-Static Analysis & Reverse Engineering: Achieved "First Blood" (first to solve) by performing advanced static analysis on Android binaries to uncover a critical Dirty Stream vulnerability. 2-Android Security & Exploitation: Analyzed Android internals, focusing on Intent Threat Surfaces, WebView misconfigurations, and Content Provider vulnerabilities. 3-Dynamic Analysis (Frida): Utilized Frida for dynamic instrumentation and hooking to bypass application security controls and root detection in advanced lab environments. 4-Web Application Pentesting: Built and exploited custom labs to master OWASP Top 10 vulnerabilities, including SQLi, XSS (Reflected/Stored/DOM), SSRF, XXE, and Insecure Deserialization. 5-Vulnerability Assessment Demo: Conducted a comprehensive security assessment, identifying 17 critical vulnerabilities including Broken Access Control (IDOR), Hardcoded Secrets, and Logic Bombs. 6-Professional Reporting: Authored a 35+ page technical report documenting systemic failures in authentication, authorization, and data protection for Demo APK. Accomplishments / Honors & Awards: 1-First Blood – Static Analysis Challenge: Awarded for the fastest discovery and exploitation of a Dirty Stream vulnerability using advanced static analysis techniques. 2-First Blood – Android Exploitation Challenge: Recognized for the fastest resolution of complex Android security labs, demonstrating proficiency in reversing and vulnerability research.

  • SOC Analysts Trainee at CORELIA
    Feb 2025 - Feb 2025 · 1 mo

    Analyzed network traffic with Wireshark and Network miner to detect anomalies and performed static/dynamic analysis of malware samples, including LockBit v1, mapping behaviors to the MITRE ATT&CK framework. Developed a Python script to extract malicious IPs from PCAP files and automate threat intelligence lookups using the VirusTotal API.

  • Internship Trainee at SAP
    Aug 2024 - Sep 2024 · 2 mos

    During my SAP internship, I gained an overview of the SAP system, acquired basic knowledge of SAP AI, and developed my presentation skills. This experience provided me with foundational insights into SAP technologies and enhanced my ability to effectively communicate technical concepts.