Available for opportunities

Muhammad Shahzaib

~/shahzaib — bash
shahzaib@kali:~$
View Projects GitHub
scroll
01 about

Adversarial Thinker.
Security Builder.

University student operating with an industry-level toolkit. My approach is entirely hands-on: I built my foundation in practical networking and system administration, dropped down to C to understand memory and execution, and use a "vibe coding" mindset to rapidly ship real-world solutions.

I apply deep, low-level understanding to cybersecurity with a strong focus on adversarial thinking, red teaming, and DFIR. Beyond breaking systems, I focus on secure cryptographic design and DevSecOps, with a growing interest in AI safety and robust system behavior under attack.

Lahore, Punjab, Pakistan
B.Sc. Cyber Security — Superior University
sk6910895@gmail.com
59th
HackTheBox Global Rank
out of 1,014 teams
33/34
HTB Challenges Solved
14,675 points
2
OT/ICS Certifications
OPSWAT OOSE + Schneider PSCE
7+
Security Tools Released
Open source on GitHub
02 skills

Technical Arsenal

Offensive Security

Red Teaming Exploit Development Payload Crafting Reverse Engineering Vulnerability Assessment Penetration Testing
🔬

Malware Analysis & DFIR

Static & Dynamic Analysis IDA Pro x64dbg Ghidra PE Analysis Autopsy FTK Imager Wireshark

OT/ICS Security

SCADA Systems PLC Security Hardening Industrial Control Networks Critical Infrastructure
🛡

Security Tools

Metasploit Burp Suite Nmap Nessus OWASP ZAP Splunk Chronicle SIEM EDR
💻

Scripting & Programming

Python C C++ Bash PowerShell JavaScript TypeScript PHP SQL
🔐

Cryptography

AES-256 GCM PBKDF2 Key Management Steganography Encoding/Obfuscation Analysis
🖥

System Administration

Linux (Ubuntu, CentOS) Windows Server System Hardening Access Control Backup & Recovery
🚀

DevOps & Infrastructure

CI/CD Pipelines Docker Git Apache Kafka Spring Boot REST APIs MySQL
03 projects

Notable Projects

01

ShadowLink

Zero-Knowledge Encrypted Messaging App

A fully deployed privacy-first web application for secure anonymous communication. All encryption and decryption occurs entirely client-side using AES-GCM — the server never has access to plaintext messages.

  • PBKDF2-based key derivation with dynamic per-room cryptographic salts
  • PHP backend hardened with UUID v4 validation, IP-based rate limiting, and strict CSP headers
  • Zero plaintext exposure even under server compromise scenarios
HTML CSS JavaScript PHP MySQL AES-GCM
02

Beamly

Encrypted File-Sharing Platform

Real-time, end-to-end encrypted file-sharing web application. Encryption keys are generated client-side and never transmitted to the backend, aligning with zero-trust architecture principles.

  • Chunked file uploading with WebSockets for real-time transfer status
  • Secure key exchange — keys never reach the server
Node.js Express MySQL WebSockets
03

Cerberus

Evasive Windows Reverse Shell Framework

C-based framework generating highly evasive Windows reverse shell payloads. Leverages direct system API calls and process-level manipulation to bypass common EDR detection mechanisms.

  • Memory injection, API unhooking, obfuscated shellcode delivery
  • Applicable to red team engagements and defensive control validation
C Windows API Red Team
04

nRF Box

2.4GHz Wireless Security Research Platform

Portable, battery-powered wireless attack surface analysis tool integrating ESP32 with three NRF24L01 transceiver modules. Designed to explore and stress-test 2.4GHz wireless protocol vulnerabilities.

  • Multi-mode scanning: WiFi (including hidden SSIDs), BLE, channel activity mapping
  • WiFi deauth frame injection, BLE spoofing, "Sour Apple" attack module
  • Complete hardware design from schematic to soldered prototype
C ESP32 Embedded RF Security
05

Secure-Stegano-Pro

AES-256 Encrypted Steganography Tool

Dual-layer data protection tool that conceals files, folders, and text within image files. All payloads secured using AES-256 GCM authenticated encryption with secure IV management.

Python AES-256 GCM Steganography
06

CryptX

File & Folder Encryption Toolkit

GUI-driven AES encryption application for file and folder protection, implementing proper key handling, padding, and IV randomization for production-grade cryptographic security.

Python AES GUI
04 experience

Experience & Education

Feb 2026 — Present Active

Co-Head of Technical Team

Superior Cybersecurity Society — Superior University · Lahore, Pakistan

  • Lead the technical wing of the university's official cybersecurity society, overseeing hands-on training sessions, CTF preparation, and skill-building activities.
  • Organize and conduct workshops on offensive and defensive security topics including penetration testing, malware analysis, and networking fundamentals.
  • Mentor junior members in practical cybersecurity skills, guiding them through labs, challenges, and real-world tool usage.
Nov 2025 — Dec 2025

Software Engineering Virtual Intern

JPMorgan Chase · Remote

  • Contributed to CI/CD pipeline development by integrating Apache Kafka for async messaging and configuring Maven build automation.
  • Designed and deployed Spring Boot microservice infrastructure, applying DevSecOps practices including secure API design and authentication controls.
  • Developed and documented REST API endpoints with enforced authentication and input validation, aligned with OWASP API security guidelines.
Dec 2025

Cyber Security Job Simulation

Deloitte Australia (Forage) · Remote

  • Analyzed web server logs to surface indicators of compromise, unauthorized access patterns, and breach timelines for a simulated enterprise incident.
  • Developed a structured incident response report with prioritized containment strategies and remediation steps.
Sep 2024 — Present Education

B.Sc. Cyber Security

Superior University · Lahore, Pakistan

Certifications

OOSE

OPSWAT OT Security Expert

OPSWAT Academy · Oct 2025

PSCE

Schneider PLC Secure Configuration Expert

OPSWAT Academy · Oct 2025

ACS

Diploma in Advanced Cyber Security

PNY Trainings · CCNA, CEH v12, MCSA, DFIR

GSO

Google Security Operations Fundamentals

Google · Threat Detection & Incident Response

05 achievements

Key Achievements

#59

HackTheBox University CTF 2025

Jersey Arcade

Ranked 59th globally out of 1,014 teams, achieving 14,675 points and completing 33/34 challenges across web, binary exploitation, reverse engineering, and forensics.

Top 10

SOFTEC CTF — FAST-NUCES

Ranked Top 10, solving complex adversarial challenges across web exploitation, reverse engineering, and cryptography under constrained conditions.

OSS

Open Source Security Portfolio

Developed and publicly released a portfolio of security tools on GitHub spanning cryptography, payload development, privacy engineering, and automated malware analysis.

2x

Dual OT/ICS Certified

Dual-certified in OT/ICS security (OPSWAT OOSE + Schneider PSCE), with applied knowledge of PLC hardening, SCADA architecture, and industrial network defense strategies.

06 contact

Let's Connect

Open to internships, collaborations, CTF teams, and security research opportunities.

Email sk6910895@gmail.com GitHub m-shahzaib5911 🔗 Live Project ShadowLink