0x1RIS¶
Backend engineer with an offensive security edge
Mahmoud Gamal Shehata¶
Security-focused backend developer and penetration tester who believes great code must survive real-world attacks. Architecture-first thinker who plans before building , adapts fast , and uses AI as a force multiplier without losing engineering judgment.
Core Identity¶
I build backend systems that are stable , scalable , and secure by default
My journey is split between two worlds that feed each other: writing server-side applications with clean architecture , and breaking them apart to understand what makes them fail. The result is code that doesn't just pass code review - it survives penetration testing
Security isn't a checklist phase for me. It's embedded in how I design APIs , structure databases , and handle authentication flows. When you spend years on both sides of the fence , you stop writing vulnerable code by accident
Technical Focus Areas¶
Backend Engineering
- Node.js & Next.js application architecture
- RESTful & GraphQL API design patterns
- Database modeling (SQL , NoSQL , ORM optimization)
- Authentication & authorization implementations
- System design , scalability & microservices
- CI/CD pipelines & cloud deployment
Security Research - Web application penetration testing (OWASP Top 10 , API security) - Binary exploitation & reverse engineering - Active Directory attack & defense - Cloud security assessment - Bug bounty hunting & responsible disclosure
Tool Building - ReconX - automated reconnaissance framework - DroidForge - Android payload generation & obfuscation - TrafficShield - network traffic management for pentest labs - Custom automation scripts for Linux security workflows
Professional Experience¶
Cybersecurity Mentor HIMIT - Self-employed | 08/2024 – Present - Mentored students on C programming , memory management , exploit development , and reverse engineering techniques - Designed curriculum bridging academic concepts with real-world offensive security applications
AI/ML in Cybersecurity Trainee Kafr Elsheikh University | 07/2025 – 08/2025 - Applied AI/ML techniques for anomaly detection and automated threat analysis - Improved threat detection accuracy by 30% through ML-driven pattern recognition
Cybersecurity Training Program MCIT - Ministry of Communications and Information Technology | 04/2025 – 06/2025 - Covered IT fundamentals , networking , and cybersecurity best practices in a structured government program
Cybersecurity For Beginners - Cloud & Infrastructure Mahara-Tech & VMWARE | 04/2025 – 05/2025 - Covered cloud security , OWASP Top 10 , network virtualization , and Red Hat administration
Independent Security Research & CTF TryHackMe , HackTheBox , PwnCollege | 09/2023 – Present - Active CTF participation across multiple platforms - Focus areas: web exploitation , binary exploitation , cryptography , and reverse engineering
Training Labs 05/2021 – 11/2023 - Practiced and exploited OWASP Top 10 vulnerabilities in controlled environments
Projects¶
SMail - Zero Trust E2EE Email System - 2025 End-to-end encrypted email system with post-quantum key exchange - FastAPI backend , Flutter frontend , RSA-4096/X25519/AES-256-GCM - Zero Trust architecture with Perfect Forward Secrecy - Client-side encryption/decryption - server never sees plaintext - Gmail bridge with IMAP sync , encrypted streaming AEAD attachments - Audit logging with cryptographically linked hash chains - 30+ REST endpoints spanning auth , email , keys , folders , bridge - Solo-developed from crypto layer to Flutter UI
Online POS - Car Parts Shop - 2025 Serverless POS system with QR code inventory management - Vite + vanilla JavaScript , NeonDB serverless Postgres - bcryptjs + JWT auth , QR scanning via html5-qrcode - XLSX export/import for inventory - Optimized for low-light warehouse conditions
FerroWA - Encrypted WhatsApp Desktop Client - 2025 Tauri 2 desktop client with Rust backend and native Linux notifications - ChaCha20-Poly1305 for config encryption , Argon2 for PIN hashing - HMAC-SHA256 integrity verification , jemalloc allocator - zeroize on drop - secrets never persist in memory - WebSocket bridge for WhatsApp Web protocol , WebKitGTK cookie access
Great Society - Property Management - 2025 Full-featured property management platform with Arabic-first interface - React 19 , Material UI 7 , Radix UI , Supabase backend - Property listings with search , filtering , and real-time notifications - Image uploads with optimized JPEG compression - Super admin dashboard with full CRUD - Deployed on Hostinger with Vercel for previews
TrafficShield - 06/2025 Self-hosted network traffic management tool for authorized pentest labs - Bandwidth throttling , per-client blocking , and traffic shaping - Designed for local network testing environments
DroidForge - 05/2024 – 08/2024 Automated Android payload generator - Payload generation and obfuscation for Android pentesting - Reduced manual effort by 85% through automation
ReconX - 07/2023 – 08/2023 Automated reconnaissance framework - Integrated subdomain enumeration and vulnerability scanning - Python and Bash implementation improving recon speed by 50%
Web Application Testing Labs - 11/2023 – 02/2024 Personal web and API security training environment - Built intentionally vulnerable applications for practice - Covered exploitation and report writing
Vulnerable C Applications & Exploits - 05/2025 – 08/2025 Educational binary exploitation environment - Built vulnerable C programs demonstrating buffer overflows and heap spraying - Analysis using GDB and reverse engineering tools
Certifications¶
| Certification | Issuer | Year |
|---|---|---|
| Offensive Security Certified Professional (OSCP) | OffSec | 2024 |
| eWPTX (Web Application Penetration Tester eXtreme) | eLearnSecurity | 2022 |
| Active Directory Attacks & Defense | - | 2023 |
| CompTIA Security+ | CompTIA | 2022 |
| CompTIA Network+ | CompTIA | 2022 |
| MCSA 70-410 (Windows Server) | Microsoft | 2023 |
| Secure Coding Practices | - | 2023 |
| Linux Administration | - | 2023 |
| Cryptography Fundamentals | - | 2023 |
| Container Technology | - | 2023 |
Core Skills¶
| Category | Skills |
|---|---|
| Languages | JavaScript , Python , PHP , C , SQL , Bash |
| Backend | Node.js , Express , Next.js , REST APIs , GraphQL , JWT , OAuth2 |
| Databases | PostgreSQL , MySQL , MongoDB , Redis , SQLite |
| DevOps | Docker , Git , CI/CD , Linux Administration , Cloud Basics |
| Security | Web App Pentesting , Binary Exploitation , AD Attacks , Network Security , Reverse Engineering |
| Tools | Burp Suite , Nmap , Metasploit , Wireshark , SQLmap , John , Gobuster , Pwntools , Cutter , GDB |
| Soft Skills | Analytical Thinking , Architecture Design , Technical Writing , Mentoring , Risk Assessment |
Adaptive Engineering Philosophy¶
I adapt to what the problem requires
Not every project needs microservices. Not every API needs GraphQL. I evaluate tradeoffs , pick the right tool , and design for maintainability over cleverness
I leverage AI effectively - for boilerplate , pattern recognition , and accelerating research - but architecture decisions , security reviews , and critical logic remain hands-on. Engineering judgment is non-negotiable
Contact & Profiles¶
- Email: mahmoud.gamal.work.pentest@gmail.com
- LinkedIn: linkedin.com/in/0x1ris
- GitHub: github.com/m7moud-II
- TryHackMe: tryhackme.com/p/0x1RIS
- HackTheBox: ctf.hackthebox.com/user/profile/850802
- HackerRank: hackerrank.com/profile/0x1RIS
Languages¶
- Arabic - Native
- English - Proficient
Designed for impact. Built to scale. Hardened by experience.