Fresh graduate in Information Security & Assurance (CGPA 3.75) from USIM. Yayasan Peneraju scholar. Hands-on in offensive security, blue team, and building real tools. Currently a Helpdesk Support Engineer at VSTECS KU, actively pursuing red team & SOC roles.
I'm a cybersecurity professional with a focus on offensive security and detection engineering. Fresh graduate from Universiti Sains Islam Malaysia (USIM) with a Bachelor in Information Security and Assurance, graduating with a CGPA of 3.75 and multiple Dean's Awards.
I operate across both ends of the security spectrum — from penetration testing web apps and internal networks, to building AI-powered SOC pipelines and SIEM detection rules from scratch. I don't just study security theory; I build, simulate, and break things in real lab environments.
As a Yayasan Peneraju scholar, I completed the Peneraju Teknologi SPRINT Certified Cybersecurity Engineer program, sharpening both technical skills and professional discipline. Outside of security, I build tools — including an open-source MCP server (vaultbridge) used daily with Claude AI.
End-to-end AI-powered SOC environment on VMware. Wazuh 4.9.2 SIEM + Suricata IDS + Sysmon. Python/Flask middleware with a 6-touchpoint LLM pipeline (Groq). SOAR automation via Slack. 86%+ AI triage accuracy over 100+ analyst verdicts. Detected SSH brute force, Nmap recon, Mimikatz, and persistence attacks end-to-end.
Python MCP (Model Context Protocol) server that bridges Claude Desktop and Obsidian. Exposes 5 tools over stdio transport. Security-hardened v1.1.0 includes path traversal protection, audit logging, read-only mode, and auto-created notes. Used daily in production. Published under MIT license.
Full black-box pentest against a simulated segmented network (DMZ + internal). Exploited Drupalgeddon2 (CVE-2018-7600), WordPress XML-RPC brute force + PHP web shell, anonymous FTP IIS shell upload. Pivoted via Metasploit autoroute + SOCKS5 proxy. SAM database dumped; hashes cracked. Score: 82%.
Collection of machine and challenge writeups from Hack The Box. Documents enumeration, vulnerability analysis, exploitation paths, privilege escalation, and lessons learned from authorized lab environments.
Structured notes and walkthroughs from Hackviser web security labs. Covers practical vulnerability discovery, exploitation methodology, remediation thinking, and repeatable learning notes across real-world web attack classes.
Configured Wazuh agent on Windows to monitor folders for malicious files in real time. Integrated VirusTotal API for automated hash scanning. Deployed custom YARA rules for pattern detection. Validated detection pipeline with EICAR test files. Functional threat intelligence pipeline.
Certified Web Security Expert from Hackviser. Practical exploitation of XSS, SQLi (union-based, blind, NoSQL), IDOR, SSRF, SSTI, XXE, LFI/RFI, CSRF, race conditions, JWT weaknesses. CMS exploitation (WordPress, Joomla). Advanced WAF bypass techniques. End-to-end real-world web scenarios.
Designed and built Python and PowerShell scripts to automate daily network and server health reporting at KPMG Malaysia. Significantly reduced manual effort, improved consistency, and supported proactive infrastructure management. Delivered as part of the internship network and server team.
| Competition | Ranking | Year |
|---|---|---|
| AI Red Teaming CTF (Hack The Box) | 106th Worldwide | 2025 |
| CODE COMBAT CTF | 35th (Group) | 2025 |
| Holmes CTF (HTB – First All Blue CTF) | 760th Worldwide | 2025 |
| 3108 Bahtera Siber CTF | 207th Solo | 2025 |
| University CTF (Tinsel Trouble) | 121st (Group) | 2025 |
| IBOH 2025 | Qualifying Round | 2025 |
| IGOH 2025 | Qualifying Round | 2025 |
Open to Penetration Tester, SOC Analyst, Security Engineer, and Red Team roles. Feel free to reach out — I respond promptly.