Mohamed Saied
1.5+ years uncovering vulnerabilities across web apps, APIs, and Android. Hall of Fame at NASA & Samsung. Exploiting logic flaws, authorization bypasses, and business weaknesses that scanners miss.
>_ About
$ whoami
I'm a Junior Offensive Security Engineer with 1.5+ years of hands-on experience in Web, API, and Android penetration testing. I hunt bugs on YesWeHack and have been recognized in the Hall of Fame by NASA and Samsung — with additional acknowledgements from Ferrero and Zivver.
My approach goes beyond automated scanners — I think like an attacker to uncover business logic flaws, authorization bypasses, and chained attack vectors that turn defensive assumptions into offensive opportunities. I also co-authored a published research paper on Intrusion Detection Systems (Springer).
Web & API Exploitation
End-to-end penetration testing across web apps and APIs — XSS, SQLi, SSRF, JWT, IDOR, and chained logic attacks.
Android Security
APK reverse engineering, mobile API interception, and static/dynamic analysis to find client-side trust issues.
Hall of Fame
Responsible disclosure recognized by NASA, Samsung, Ferrero, and Zivver through YesWeHack bug bounty.
>_ Experience
// where I've trained
Bug Bounty Hunter — Independent Security Research
Sept 2024 – Present🎯YesWeHack
- ▸Large-scale reconnaissance: subdomain enumeration, endpoint discovery, parameter analysis, and attack-surface mapping via custom automation.
- ▸Disclosed vulnerabilities (authentication / authorization flaws, API abuse, business logic weaknesses) to NASA, Samsung, Ferrero, and Zivver.
Penetration Testing Trainee
Sept 2025 – Feb 2026🔐Corelia (Remote, France)
- ▸End-to-end Web & API pentesting: XSS, SQLi, XXE, SSRF, CSRF, CORS misconfig, file upload / inclusion, path traversal, RCE, broken auth / access control, JWT, business logic.
- ▸Android testing via APK reverse engineering and traffic interception — insecure storage, client-side trust, and cryptographic misuse.
Offensive Security Trainee
July 2025 – Aug 2025⚡WE Innovate (Telecom Egypt)
- ▸Practiced web, Android, and network attack simulations in OWASP-aligned lab environments.
>_ Skills
// tools of the trade
Web & API Attack Techniques
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- XML External Entity (XXE)
- Cross-Site Request Forgery (CSRF)
- CORS Misconfiguration Exploitation
- File Upload / Inclusion Abuse
- Path Traversal
- Remote Code Execution (RCE)
- Authentication Bypass
- Insecure Direct Object Reference (IDOR)
- JWT Attacks
- Business Logic Exploitation
Mobile Security
- Android Penetration Testing
- APK Reverse Engineering
- Mobile API Interception
- Static & Dynamic Analysis
- Insecure Storage Detection
- Cryptographic Misuse Review
Frameworks & Standards
- OWASP Top 10 (Web 2021)
- OWASP API Security Top 10
- OWASP Mobile Top 10
- MITRE ATT&CK
- Recon & Attack-Surface Mapping
- Custom Automation Scripts
Tools
- Burp Suite
- Nmap
- Metasploit
- Wireshark
- JADX
- apktool
Languages
- Python
- Bash
- JavaScript
- PHP
- SQL
>_ Certifications
// validated expertise


eWPTXv3
INE Security
January 2026

eMAPT
INE Security
2026

eJPTv2
INE Security
2025
>_ Projects
// what I've built
Bad USB — IoT Security
Hardware attack simulation demonstrating USB-based attack vectors using a Digispark (ATtiny85) device. Executes HID attacks to deliver reverse shell payloads, highlighting the importance of endpoint and physical-layer security.
Machine Learning IDS
Machine-learning Intrusion Detection System that ingests Suricata network telemetry and classifies malicious traffic using XGBoost. Exposes detections through a React dashboard backed by a Flask API.
Secure E-Commerce Platform
Full-stack e-commerce application built with security-first architecture. Implements OWASP Top 10 mitigations, secure authentication, parameterized queries, input validation, and comprehensive logging.
>_ Leadership
// community & impact
Founder & Club President
Nov 2025 – PresentCyberVerse — El Sewedy University of Technology
Founded and lead a student-run cybersecurity club focused on offensive security training, CTF practice, and peer-led research.
President
Nov 2024 – PresentStudent Union — Faculty of Computer Engineering
Represent the student body of the Computer Engineering faculty and coordinate technical events, workshops, and academic initiatives.
Technical Assistant
May 2025Cybersecurity Bootcamp — UNESCO / ICESCO
Supported delivery of an international cybersecurity bootcamp, helping participants build hands-on offensive and defensive skills.
Instructor
Feb 2025Python Programming Bootcamp
Designed curriculum and taught Python fundamentals to a cohort of beginners, covering scripting basics and applied problem-solving.
>_ Education
// academic background
B.Sc. Network and Cybersecurity
Expected: July 2027El Sewedy University of Technology
>_ Feedback
// what people say

Mohamed Sami
CTO at ALPHA Defense Systems
“It was nice meeting such potential students 🙏 please let's keep in touch”

Hazem El-Sayed
Penetration Tester @Deepstrike | 2x CVEs | e(WPTX|MAPT) | CAP
“Amazing useful writeup Mohamed 👏”

Yara Ahmed
AI Engineer | Teaching Assistant | Graduate of Banha University
“Congratulations to you all. You are hardworking, dedicated, and truly talented. Your effort really shows, and you should be proud of yourselves. Well done and best of luck ahead. 👏👏”

achraf bradji
Solidity Developer @ Smart Contract Engineer
“Strong write-up and practical tooling. Respect. Keep it up 🔥”

Mohamed Sami
CTO at ALPHA Defense Systems
“It was nice meeting such potential students 🙏 please let's keep in touch”

Hazem El-Sayed
Penetration Tester @Deepstrike | 2x CVEs | e(WPTX|MAPT) | CAP
“Amazing useful writeup Mohamed 👏”

Yara Ahmed
AI Engineer | Teaching Assistant | Graduate of Banha University
“Congratulations to you all. You are hardworking, dedicated, and truly talented. Your effort really shows, and you should be proud of yourselves. Well done and best of luck ahead. 👏👏”

achraf bradji
Solidity Developer @ Smart Contract Engineer
“Strong write-up and practical tooling. Respect. Keep it up 🔥”
>_ Contact
// get in touch