Penetration Tester | Cybersecurity Researcher

Welcome to my cybersecurity blog!

Here you'll find my latest research, write-ups, and learning notes on all things cybersecurity. I will also be documenting my learning journey as I continue to develop my skills in this field. I hope you find this site useful whether you're a recruiter or hiring manager looking for top talent, or simply someone who's interested in learning more about this fascinating field.

Thanks for stopping by, and I hope you enjoy your stay!

- Ahmad



Certifications

  • eJPT - eLearnSecurity - Junior Penetration Tester
  • CompTIA Network+
  • CompTIA A+

Trainings

# Splunk Fundamentals

# Immersive Labs (https://immersivelabs.online)
  • Developed confidence and speed of incident response through real hands-on labs and cases in a gamified learning environment
  • Performed detection, analysis, research, investigation and forensic activities for security events
  • Investigated and remediated cyber attacks including DDoS, phishing, and malware infections
  • Utilized full packet capture to re-create a security event, identify IOCs, and write custom IDS/IPS (SNORT) rules

# Cybrary - Become a SOC Analyst - Level 1 (81h 4m)

  • Developed hands-on experience on topics such as threat intelligence, threat hunting, network monitoring, incident response
  • Validated security controls by trying to break them (i.e. penetration testing)
  • Developed skills in critical areas like log analysis and SOC Technologies including but not limited to: intrusion detection and protection devices, host based protection technologies, 0-day and APT technologies (sandboxing, behavioral monitoring, etc.), packet capture and meta data analytic systems, DLP technologies, email hygiene systems, etc.

# MITRE ATT&CK Training

  • Course: “Using MITRE ATT&CK for Cyber Threat Intelligence”

# Pentester Academy

  • Active member and student; perform training and hands-on lab exercises weekly that emulate real world scenarios to keep skills sharp and stay updated on new threats, TTPs, ATPs, and IOCs

# INE: Penetration Testing Student

  • Learned and practiced pen testing fundamentals including but not limited to: OSINT, Planning & Reconnaissance, Enumeration, Gaining Access/Exploitation, Post-Exploitation, Privilege Escalation, and Password Attacks. Regular labs + training
  • Obtained and passed eJPT certification exam (August 2022)

# TryHackMe

  • Reached top 5% of users within a few weeks

Projects

# Building a SIEM at Home: Cybersecurity Detection Lab with Security Onion IDS | 2022
  • Developed vulnerable test environment for training and testing of various cyber capabilities
  • Configured Security Onion in home lab as an all-in-one IDS, Security Monitoring and Log management solution
  • Monitored network alerts/intrusion/detections/packets. Ran exploits between Kali & vulnerable VMs (Metasploitable, Raspberry Pi) to learn how protocols communicate with eachother, see what bad traffic looks like, and distinguish what's normal communication vs anomalies
  • Performed analysis of network traffic using tools such as Wireshark to identify potential threats or anomalies within the environment
# Attack Monitoring on Honeypot Virtual Machine Using Cloud-based Sentinel SIEM on Azure Cloud Platform | 2022
  • Utilized custom PowerShell script to extract metadata from Event Viewer and parse to 3 rd party API to
    obtain geolocation
  • Initialized Log Analytics Workspace in Azure to receive custom logs composed of geographic
    information
  • Setup Sentinel SIEM to view attacks originating globally on a graphical world map
# Vulnerability Management with Nessus | 2022
  • Installed and configured Nessus Essentials to perform credentialed vulnerability scans against Windows 10 hosts
  • Implemented Vulnerability Management Function on sandbox networks: Discover, Prioritize, Assess, Report, Remediate, Verify
  • Conducted vulnerability assessments with Nessus; remediated vulnerabilities
  • Developed an automated remediation process to preemptively deal with vulnerabilities stemming from Windows updates and third-party software.

Skills & Tools

  • Bash (Unix Shells)
  • Metasploitable VMs
  • Routing and Switching
  • Active/Passive Information Gathering
  • Vulnerability Scanning
  • Basic Windows/Linux Buffer Overflows
  • Client-Side Attacks
  • Privilege Escalation (Windows & Linux)
  • Password Attacks
  • Port Redirection and Tunneling
  • The Metasploit Framework
  • Cryptography
  • Footprinting and Reconnaissance
  • Scanning Networks with Wireshark
  • Enumeration
  • Vulnerability Analysis & Patching
  • System Hacking
  • Sniffers + Network Traffic Capture & Analysis
  • Social Engineering + OSINT
  • Session Hijacking
  • Evading IDS & Firewalls
  • Hacking Web Servers & Web Applications
  • Hacking Wireless Networks
  • Hacking IoT Devices

~$ Vulnerability Assessment: Nessus, Nikto, Wireshark, Burp Suite, Nmap, SQLmap

~$ Regulatory Compliance: NIST 800-61, NIST 800-171, CIS Controls v8, ISO 27001

~$ Scripting and Programming: Linux Shell, Bash, PowerShell

~$ Offensive Security: Kali Linux, Metasploit, Meterpreter, Aircrack-ng, DirBuster, enum4linux, exploitdb, John the Ripper, Ettercap, Social-Engineer Toolkit (SET), Mimikatz, Wappalyzer, MITRE ATT&CK framework

~$ Operating Systems: Linux, Windows, MacOS, Virtual Machines (VMware)

~$ SIEM & Monitoring Tools: Splunk, Azure Sentinel, Elastic Stack (ELK), Security Onion

~$ Network: Fundamentals, common protocols, packet capture and analysis, log analysis, tcpdump, Ettercap

~$ Other: Typing speed of 95 wpm

In a world where technology is increasingly becoming more embedded into our everyday lives, it's more important than ever to have a strong understanding of cybersecurity. I'm passionate about cybersecurity because it's a constantly evolving field that presents new challenges every day. As someone with a background in both computer science and information security, I have the unique ability to see both the technical and security sides of cybersecurity issues. This allows me to approach problems from both a technical and a security perspective, providing a well-rounded solution.

#whoami

Ahmad Hakimi IT Professional Cybersecurity Specialist

Ahmad is actively seeking opportunities in Cybersecurity as a Junior Penetration Tester or Cybersecurity Analyst in a corporate environment. His interests include simulating cyber attacks, seeking flaws in corporate infrastructure, organizational security, and defensive measures. He is passionate about keeping corporate infrastructures secure and is always looking for new ways to improve security measures.


As a cybersecurity researcher, Ahmad has a proven track record of uncovering exploitable security vulnerabilities. He has completed the Penetration Testing Student course at INE and obtained the eJPT certification. His diligence, skills, and expertise have been put to the test with practical applications on the TryHackMe platform, where he ranked in the top 5% of users within a few weeks.

Ahmad spent more than 7 years serving public and private entities supporting their IT infrastructures, including the US Federal Government. He was hand selected by Colliers International’s CFO and National IT Service Desk Manager as Sr. Technical Support Specialist, during which he individually managed and supported 4 sites.


Ahmad is currently responsible for the development, implementation, operations and maintenance of systems working for Amazon. He actively supports cybersecurity compliance by monitoring machines and assets across 4 different sites, ensuring they are compliant and meet various controls to protect the confidentiality, integrity, and availability of data.

Ahmad is an active member and student of Pentester Academy, a world-renowned cybersecurity skills platform, where he sharpens his skills with hands-on lab exercises and training that allow him to face and conquer real world scenarios. He is currently enrolled in INE's Penetration Testing Professional course and on a path of becoming Offensive Security Certified Professional (OSCP) certified.

Wanna chat?

Do you have a job opening that you think I could excel in?
Feel free to connect with me on LinkedIn: