Cybersecurity Professional | OSCP+ Certified | Penetration Testing · IoT Development and Security · Hardware Security
Cybersecurity professional and penetration tester with OSCP and OSCP+ certifications. I specialize in network, web application, IoT, and hardware security assessments.
What sets me apart is my engineering background — I spent years building the exact types of production systems I now test: smart lockers controlled via RS485 serial protocols, vending machines connected through USB APIs, NFC/RFID access control systems, MQTT-connected Raspberry Pi agents, and payment gateways processing real transactions.
I built the systems — now I know how to break and defend them.
- 🔴 OSCP+ — OffSec Certified Professional Plus (March 2026)
- 🟠 OSCP — OffSec Certified Professional (March 2026)
- 📍 Based in Riyadh, Saudi Arabia
- 🎓 B.Sc. Software Engineering — Sudan University of Science and Technology
- 🌐 Portfolio: ashrafmohammedsalih.github.io/portfolio
┌─────────────────────────────────────────────────────────────────┐
│ │
│ 🔴 Penetration Testing Network, Web, IoT, Active Directory │
│ 🔧 IoT & Hardware Hacking RS485, MQTT, NFC/RFID, Firmware │
│ 🌐 Web & API Security OWASP Top 10, SQLi, XSS, SSRF │
│ ⚡ Security Automation Python, Bash, Custom Tools │
│ │
└─────────────────────────────────────────────────────────────────┘
 OffSec Certified Professional+ Privilege Escalation · Exploitation · Web App Security · Scripting 🔗 Verify |
 OffSec Certified Professional Network Pentesting · Linux/Windows Security · Active Directory 🔗 Verify |
- OSCP & OSCP+ certified — hands-on exploitation of networks, web apps, and Active Directory
- Built Magnum Scanner — custom recon automation tool for pentesting environments
- Published security research on privilege escalation, Nmap scanning techniques, and systemd exploitation
Riyadh, Saudi Arabia · Vending Machine Solutions
- Deployed Ministry of Industry employee system on dual Windows Server with IIS, MSSQL, and Kerberos authentication
- Built smart locker control using Python on Raspberry Pi with RS485 serial protocol and MQTT
- Developed Wasfaty — automated medication dispensing kiosk integrated with Saudi NUPCO e-Prescribing platform
- Built 4+ Flutter apps: SaladBar Meals, Fushati Canteen, Khozama Meals, Smart Vending App
- Integrated 6 payment gateways: Moyasser, Apple Pay, mada, Tamara, STC Pay, Interpay
Riyadh, Saudi Arabia · Media · Advertising · Exhibitions
- Built 3Minutes Taxi — ride-hailing app trusted by 50,000+ customers
- 🔴 Magnum Scanner — Recon automation tool for HTB/THM/OSCP
- 🖥️ Linux vs. macOS: Architecture Comparison
- 🔍 When to Use Each Nmap Scan Type
- ⚡ systemctl & Systemd for Privilege Escalation
- 🏗️ Flutter Clean Architecture
| Project | Type | Description |
|---|---|---|
| Ministry of Industry | IoT | Employee purchase system — Windows Server, IIS, MSSQL, Kerberos, NFC/RFID |
| Smart Lockers | IoT | Python/Raspberry Pi locker control via RS485 serial + MQTT |
| Khozama Meals | App + IoT | Smart meal subscription with locker pickup — Flutter + MQTT + Hardware |
| Wasfaty | IoT | Automated pharmacy kiosk — Kotlin + Wasfaty NUPCO APIs |
| 3Minutes Taxi | App | Ride-hailing app — 50K+ users, GPS tracking, Flutter |
| Smart Vending App | App | Mobile vending companion — QR scan, browse, pay, dispense |
| Magnum Scanner | Security | Custom recon automation tool for pentesting labs |
🔴 Open to penetration testing, security research, and red team opportunities
🌐 Portfolio · 💼 LinkedIn · 📝 Blog · 📧 Email