Mohibullah Barakzai

Penetration Tester & Security Researcher

Practical experience in exploit development, reverse engineering, vulnerability research, and adversary emulation — with a growing focus on uncovering complex attack paths and building resilient defenses in enterprise environments.

About me

Penetration Tester and Security Researcher with a strong foundation in networking, Linux, and cybersecurity. Certified in CompTIA Security+, CEH, Google Cybersecurity Certificate, CCNA, and Kali Linux.

Skilled in C++, Python, and JavaScript for exploit prototypes, automation, and web security testing. Currently pursuing the Offensive Security track including OSCP, OSWE, and OSED.

Passionate about red teaming, exploit development, and adversary emulation aligned to real-world threat models.

Projects

ShadowOps‑Lab v2.0.0

A reproducible red+blue security framework engineered with audit‑grade rigor, demonstrating adversarial simulation and SOC defense with reproducibility standards.

View full project details →

Apple Security Bounty

Reported and validated a critical macOS ImageIO framework vulnerability as part of Apple’s Security Bounty program, providing reproducible proof‑of‑concept and responsible disclosure.

View write‑up →

Active Directory Attack & Defense Lab

Built a custom AD lab simulating enterprise environments, covering enumeration, credential abuse, privilege escalation, and Sigma‑style detection strategies.

Explore lab →

Skills

Core skills

  • Programming: Python, Bash, PowerShell, C++, JavaScript
  • Operating systems: Windows, Linux (Kali, ParrotOS, Ubuntu), macOS
  • Offensive tools: Burp Suite, Nmap, Wireshark, Metasploit, BloodHound, CrackMapExec, Responder, Mimikatz
  • Defensive & SOC: Velociraptor, Wazuh, Elastic Stack
  • Competencies: Reverse Engineering, Malware Analysis, Threat Intelligence, Red/Blue Teaming

Certifications

  • Earned: CompTIA Security+, CEH, Google Cybersecurity Certificate, CCNA, CompTIA Linux+
  • In progress: OSCP, OSWE, OSED
  • Goal: OSCE³

Platforms & labs

  • Learning: TryHackMe, Hack The Box, PentesterLab
  • Bug bounty: HackerOne, Bugcrowd
  • CTF: CTFTime, Red Team CTF
  • Practice labs: Custom AD attack/defense lab, exploit development sandbox

Methodology

  • Approach: Scoped recon → exploitation → post‑exploitation → reporting
  • Detection mapping: Attack paths (BloodHound), Sigma rules, mitigations

Professional summary

Mohibullah Barakzai
Penetration Tester | Security Researcher

Practical experience in exploit development, reverse engineering, and adversary emulation. Skilled in uncovering complex attack paths and translating offensive findings into measurable defensive improvements. Certified in Security+, CEH, Google Cybersecurity, CCNA, and Linux+, with hands‑on work across Windows, Linux (Kali, ParrotOS, Ubuntu), and macOS. Building custom AD attack–defense labs and developing detection strategies aligned to MITRE ATT&CK. Currently advancing through Offensive Security certifications (OSCP, OSWE, OSED).

  • Core strengths: Networking, Linux, exploit development, adversary emulation, red/blue teaming
  • Languages: Python, C++, JavaScript
  • Roadmap: OSCP → OSWE → OSED → OSCE³
  • Focus: Responsible disclosure and measurable defensive outcomes

Contact

Open to collaboration in penetration testing, security research, and red team projects.

Résumé available upon request