Hello, I'm

Mohamed Aziz
Haddadi

DFIR Specialist / Blue Team Analyst / CTF Player

Get In Touch Explore My Work
Mohamed Aziz Haddadi
pulgaa@kali
$
$
$ _
Scroll
01 About

I'm a cybersecurity enthusiast specializing in Digital Forensics & Incident Response and Blue Team operations.

My expertise includes malware analysis, threat intelligence, and SOC analysis. Ranked in the top 1% on TryHackMe, I've consistently achieved top placements in competitive CTFs including Top 4 in Securinets Qualifications, Top 10 in Cybertek, Top 5 in Darkest Hour 2026, and notable achievements in Tio CTF. Currently seeking opportunities in cybersecurity roles and internships where I can apply my defensive security skills to protect organizations from evolving threats.

Top 1% TryHackMe Global
10+ CTFs Competed
3 Certifications
02

Skills

Tools and technologies I work with daily

DFIR & Forensics

Volatility Autopsy Wireshark FTK Imager KAPE Velociraptor

Blue Team & SOC

Splunk YARA Snort ELK Stack Sysmon TheHive

Programming

Python Bash JavaScript SQL PowerShell

Tools & Platforms

Ghidra CyberChef Burp Suite Git Docker Linux
03

Journey

Key milestones and achievements

2023

Software Engineering Student — INSAT

  • Enrolled in the National Institute of Applied Science and Technology, building a foundation in software engineering and systems architecture
  • Completed 15+ coursework modules spanning networking, OS fundamentals, and programming, scoring top 10% in core CS subjects
  • Developed initial interest in cybersecurity by self-studying 50+ hours of defensive security content on TryHackMe
2024

Cybersecurity Foundation & Securinets Member

  • Earned the Google Cybersecurity Professional Certificate, completing 8 courses covering SIEM tools, incident response, and Linux security in under 3 months
  • Joined Securinets INSAT as an active member, participating in 5+ internal training sessions on web exploitation and forensics
  • Built and deployed 3 personal security lab environments to practice malware analysis and network traffic investigation
🛡️ Google Certified
2025

CTF Competitor & Challenge Author — MOJO-JOJO

  • Placed Top 4 out of 200+ teams in Securinets National Qualifications and Top 7 in Finals, solving 85% of DFIR challenges
  • Joined MOJO-JOJO as a core team player and authored 4 original forensics challenges used in competitive CTF events
  • Completed the TryHackMe SOC Level 1 certification path, mastering Splunk, YARA rules, and Sysmon log analysis
🏅 Top 4 Securinets ⚔️ MOJO-JOJO
2026

Technical Team Member — Securinets INSAT

  • Promoted to Technical Team Member at Securinets, leading forensics workshop sessions for 30+ club members and coordinating CTF logistics
  • Secured 1st place at QnQSec CTF and Top 5 at Darkest Hour 2026, outperforming 150+ competing teams across both events
  • Reached Top 1% globally on TryHackMe (out of 3M+ users), completing 100+ rooms focused on DFIR, malware analysis, and threat intelligence
🥇 #1 QnQSec CTF 🏅 Top 5 Darkest Hour ⭐ Top 1% TryHackMe 🛡️ Securinets Tech Team
04

Writeups

CTF solutions and security deep-dives

CTF Writeup

Cybertek CTF — Malsou9a

Full analysis of a .NET malware implant found in a memory dump — from DLL extraction and AES key recovery to C2 communication, PDF payload analysis, and JavaScript deobfuscation to retrieve the flag from Azure Blob Storage.

Memory Forensics Malware Analysis AES Encryption C2 Analysis PDF Analysis JavaScript Deobfuscation Azure Blob Storage
Memory Forensics • Malware Analysis Read Writeup
CTF Writeup

Securinets 2025 — Lost File

Ransomware-style challenge requiring memory capture analysis and reverse engineering of an encryption tool to recover a deleted key.

Memory Forensics Reverse Engineering IDA Pro Cryptography
Memory Forensics • Encryption Recovery Read Writeup
CTF Writeup

Securinets 2025 — Recovery

Analysis of a DNS-based covert channel used for data exfiltration and ransomware delivery. Includes malware reconstruction and custom LCG decryption.

Network Analysis DNS Exfiltration Reverse Engineering Ransomware
Network Forensics • Malware Reassembly Read Writeup
CTF Writeup

Securinets 2025 — Silent Visitor

Investigation of a malicious npm package and its Go-based payload through Windows disk image analysis.

Disk Forensics Malware Analysis Registry Analysis Phishing
15 Questions • Disk Forensics Read Writeup
View All Writeups
05

Projects

Personal security tools and research

ZipKrack — ZIP Password Cracker

Tool

A fast, lightweight Python CLI tool for cracking encrypted ZIP file passwords using dictionary attacks — featuring real-time feedback, auto-extraction, password logging, and both interactive and command-line modes.

Password Cracking Python CLI Dictionary Attack Security Testing
View Details

XWorm v3.1 — Malware Analysis & Config Decryption

Security Research

A deep-dive technical analysis of the XWorm RAT (v3.1), covering its layered loading mechanism, AES-256 configuration decryption, C2 protocol, and multi-component persistence strategies.

Malware Analysis Reverse Engineering .NET Cryptography Python FlareVM
View Details

DFIR Automation Scripts

Tool

A collection of Python scripts to automate repetitive DFIR tasks — artifact parsing, IOC extraction, and evidence triage. Designed to speed up incident response workflows.

DFIR Python Automation Blue Team
View Details

PackDetect — Packer Detection & Unpacking Tool

Tool

A Python CLI tool that identifies packed malware using Shannon entropy analysis, a signature database of 9 known packers, and structural heuristics that catch unknown packers — then attempts automatic unpacking via UPX and MPRESS.

Reverse Engineering Malware Analysis PE Format Entropy Analysis Python CLI
View Details
06

Certifications

Google Cybersecurity

Google Cybersecurity Professional Certificate

Google · 2024
TryHackMe SOC Level 1

TryHackMe SOC Level 1

TryHackMe · Certified
Top 1% TryHackMe

Top 1% on TryHackMe

Global Ranking