Loading...
Hi, I'm
Digital Forensics Investigator · Software Engineer · Cybersecurity Researcher
A developer since 2018 — built more than 12 applications and worked on large development projects and highly sensitive government projects.
Malware analysis, backdoor detection, memory analysis, C2 data extraction, and taking down scam sites.
Finding vulnerabilities in major platforms like Epic Games, Snapchat, Discord, Meta, TikTok, plus documented CVEs.
Founder of the GhostByte team — 1st place in HackWave25 CTF, participation in BlackHat and more.
From Low-Level to Full-Stack — Learn, Apply, Repeat
My journey with native languages started here. I learned C, C++, Assembly, Binary and C#. This stage was the real foundation — through it I learned the core logic of programming languages.
The key point here is that C helped me understand how most languages work later on. After learning these, I could easily go on to learn others.
In 2020 my focus was entirely on games and laziness. COVID spread and stopped us from everything — football, the gym, going out and hanging around. All activity stopped.
But this year was a year of awareness for me. I realized I had to refocus and stop wasting my time. That realization is what pushed me to come back strong in 2021.
I finished learning PHP in just 5 months of continuous study. I liked it because it helped me a lot in big projects — building dashboards for schools and government bodies, coding Telegram bots and protection bots, and government websites, using structural languages like HTML and CSS.
Post celebrating finishing PHPI learned Python and Lua for FiveM, and Dart because it follows the same style. Python was the language that helped me most in building cyber tools, earning through tool-making, coding APIs, dealing with all kinds of sites and APIs, and building vulnerability scanners and request send/analysis tools. Even my first educational malware was made with it.
Dart + Flutter — I learned them because the job market needed app developers at the time. With AI's help I set up a simple roadmap to learn Dart with the Flutter framework. It was the best choice — coding one app that runs on Android and iPhone at once is amazing. The professional edge is the near-native handling and being able to build a full app without relying on third parties, unlike Expo React Native which depends about 77% on external libraries and services.
I started learning Rust, Go and JavaScript. I slacked a bit with Rust and focused more on Go and JS because my projects needed them more. I kept at it for 12 months and succeeded in mastering and using them in real, large projects.
PHP Backend API + Go + JavaScript + HTML + CSS
I went back to learn Rust seriously. I got to know the front-end then moved into the back-end. It was one of the hardest experiences — the language is somewhat complex, the compiler is very strict, and dealing with Cargo and debugging was one of the most annoying things for me. But thankfully I finished it in 2024.
My passion for it grew after the White House Office of the National Cyber Director (ONCD) issued, in February 2024, an official recommendation for developers to adopt memory-safe languages, chief among them Rust. Especially after I learned it's used in huge projects like Discord and others.
UDP Flooding Tool — September 13, 2024I built 3 apps in partnership with a telecom company and designed the API architecture securely and professionally. AI played a big role in analyzing and improving security weaknesses and work quality.
There are also many side projects I didn't mention because they aren't at the level of the big ones listed. All these projects and experiences are what made me able to handle any programming environment easily and understand any new language by reading its logic and grasping how it works.
Programming is not memorization.
Learn → Apply → Repeat
The more you apply what you've learned, the much easier programming becomes. Many people think programming means memorizing all the code — that's wrong. You start by understanding the basics, then build real projects, and if you forget a certain library or function, you look up its documentation and learn to use it. By repeating this process you'll start to memorize the workflow automatically.
A quote of my own — inspired by my study of hardware in digital forensics and my knowledge of the difference between them.
A file-hosting site that achieved great success — 230K visits and 604 files uploaded daily. It was shut down due to the load, while gaining great experience in running high-traffic, high-demand sites.
A protection system for Discord servers against scammers — an alert bot that protects servers from theft and sabotage, with the site tnbeh.com.
A Chrome extension for testing HTTP requests — an offline tool for vulnerability researchers to test APIs and flaws like SQLi and XSS. Released for free.
A platform to analyze, decrypt and publish reports on malware — made for security researchers.
A large project — I worked as a developer to update and improve the platform.
A standalone protection system for FiveM scripts — protecting files and code from theft and tampering.
An OSINT bot on Telegram to extract data and search for users easily.
A network stress-testing tool written in Rust — for research and educational purposes.
Designing government dashboards and APIs and building their protection systems — cannot be disclosed to ensure privacy.
more projects I can't announce due to privacy
Among Discord bug hunters on the BugCrowd platform
A P1 vulnerability — the highest severity level
Finding sensitive vulnerabilities in government sites across multiple countries, with official letters of appreciation
A Cross-Site Scripting flaw in the Bdtask Multi-Store Inventory Management System — injecting malicious scripts via category and brand names.
A flaw in the ARMember plugin for WordPress — file upload and bypassing security restrictions with subscriber-level privileges and above.
A flaw in SourceCodester Best House Rental Management System 1.0 — SQL injection via the username parameter in admin_class.php.
CEO & Founder
This achievement was entirely a team effort; although I didn't take part as an individual, the guys did brilliantly and got it done. They took first place hours after the challenge began — special thanks to Saad, ./DaLToN and the rest of the team.
View the Post
Detecting and analyzing advanced backdoors through memory analysis and recognizing malware patterns. Building educational tools to demonstrate bypass methods, and reporting them.
Creating educational EXE files that demonstrate methods to bypass major antivirus software like Avast and others — with official reporting and an acknowledged bypass.
Analyzing fake sites claiming to offer voice-changing tools to deceive Discord users — extracting C2 data and contacting hosting companies to take them down.
Finding serious vulnerabilities in the Lobby voice-chat app — reporting recurring flaws to the company until the app was fully shut down due to security and financial problems.
CEH
CEH v12
CHFI
CND
CPENT
DFE
EHE
Got a project or an idea? Fill out the form and your request reaches me directly.