01
root@falcon0x1:~# ./init_portfolio.sh
About Terminal Skills Projects Contact Blog
OPEN TO OPPORTUNITIES

falcon0x1

SECURITY ENGINEER

Hello, I'm Mahmoud Elshorbagy

RANK: Security Engineer

TARGET: Web, Mobile, API

MISSION: Penetration Testing

> INITIALIZE CONNECTION DOWNLOAD CV
Mahmoud
🛡️

eWPT Certified

Web Penetration Testing

5+
Certifications
50+
Labs Pwned
5+
Tools Built
100%
Commitment
##

Interactive Terminal

// Try typing "help"

falcon0x1@portfolio:~$
Welcome to falcon0x1 Portfolio Terminal v1.0
Type 'help' for available commands
─────────────────────────────────────────
falcon0x1@portfolio:~$

Pro Tip: Try commands like whoami, skills, or contact

##

Technical Arsenal

"Every tool is a weapon when you know how to wield it."

>> CERTIFICATIONS

eWPT INE Security

eWPT

Web Application Penetration Tester

CyberTalents ITI

Certified Web Pentester

CyberTalents / ITI Joint Program

CyberTalents ITI

Certified Mobile Pentester

CyberTalents / ITI Joint Program

APIsec

API Penetration Testing

APIsec University

ITI

ITI Training Certificate

Offensive Security Track - Hardcopy

SKILLS & TOOLS

Web Sec

90%

Mobile Sec

80%

Network

75%

Scripting

95%

Active Dir

85%

Rev Eng

65%
SCAN_DEPTH: 0.98 SYSTEM: ARCH_LINUX STATUS: DEPLOYED
[ ARSENAL_DB_QUERY // SUCCESS ]
web_sec
[ 09:44:12 ]
Burp Suite Pro OWASP ZAP sqlmap Postman GraphQL JWT Auth
mobile_sec
[ 09:44:15 ]
Frida MobSF JADX Objection apktool adb
net_infra
[ 09:44:18 ]
Nmap Metasploit Wireshark Active Directory
automation
[ 09:44:21 ]
Python Bash C++ Arch Linux Git
##

Projects

"Building tools that break systems, to make them stronger."

FalconRecon

Vulnerability Exploit Chain

Automates the discovery of exposed subdomains, open ports, and potential CVEs in a continuous pipeline using parallel processing.

Impact

Enables Red Teams to map external attack surfaces 3x faster with zero manual intervention, generating actionable security reports instantly.

Tools Used

Bash Nmap Amass Nuclei
Execute Deep-Dive (GitHub)

FalconServiceAnalyzer

Vulnerability Exploit Chain

Analyzes the attack surface of Android services. Automates reconnaissance to discover exposed components and generates direct attack commands simulating malicious local apps.

Impact

Significantly reduces the time required to perform comprehensive static and dynamic analysis on complex Android applications, accelerating zero-day discovery in mobile vectors.

Tools Used

Bash Python ADB
Inspect Source (GitHub)

FalconDelta

Vulnerability Exploit Chain

A powerful Android APK security analysis and comparison tool. Integrates deep DEX analysis to extract hidden API endpoints, hardcoded secrets, and dangerous permission changes across application versions.

Impact

Allows security analysts and penetration testers to instantly visualize the exact attack surface differences between an old and a new APK, accelerating zero-day discovery.

Tools Used

Python 3 Androguard APK Analysis
Inspect Source Code

ZeroTrust

Vulnerability Exploit Chain

A Cyberpunk Privacy Shield application built in Flutter. Integrates K-Anonymity password checks (HIBP), a malicious link analyzer powered by VirusTotal, and localized device integrity verification.

Impact

Demonstrates the ability to architect secure, serverless mobile applications. Ensures military-grade user privacy by maintaining zero backend requirements while actively scanning for root/jailbreak indicators.

Tools Used

Dart / Flutter GetX Security Architecture
View Architecture (GitHub)

Smart Poultry Farm (IoT/ICS)

Architecture & Security

Designed a localized IoT-based control system integrating sensors, controllers, and a mobile interface. Implemented remote access and API-based communication between embedded hardware and mobile applications.

Impact

Addressed critical security considerations related to unauthorized control, API exposure, and system integrity within an Industrial Control System (ICS) environment. Achieved Excellent grade on Graduation.

Technologies Used

IoT Devices API Mobile App ICS Security

# Professional Experience

"Think like an attacker, defend like a guardian."

Trainee — Offensive Security & Penetration Testing Track

Jul 2024 – Nov 2024

Information Technology Institute (ITI), Nasr City, Cairo

  • Conducted comprehensive Black-Box and Grey-Box penetration testing on 15+ lab targets mimicking real-world banking and e-commerce applications
  • Performed manual and automated penetration testing against OWASP Top 10 vulnerabilities
  • Conducted web, API, and Active Directory attacks in controlled lab environments
  • Applied industry-standard methodologies such as PTES and OSSTMM during security assessments
  • Gained hands-on experience with Bash scripting and Red Hat Linux administration
Web Security API Testing Active Directory OWASP

Bachelor of Systems & Computer Engineering

Sep 2019 – Jul 2024

Faculty of Engineering, Al-Azhar University — Cairo, Egypt

  • Cumulative grade: Very Good
  • Graduation Project: IoT/ICS Automation System — Security & Development (Smart Poultry Farm Automation) — Grade: Excellent
  • Designed a localized IoT-based control system integrating sensors, controllers, and a mobile interface
  • Implemented remote access and API-based communication between embedded hardware and mobile application
  • Addressed security considerations related to unauthorized control, API exposure, and system integrity
IoT Security Embedded Systems API Development Mobile App

# Latest Writeups

Swipe right →
Android Security Jan 2026

Android Security: The Falcon's Guide to Permissions & Attack Surfaces

Understanding the Android attack surface when auditing applications. A comprehensive guide to permissions, components, and security testing...

10 min read Read More
Mobile Security Jan 2026

Hacking Android Services: The Lazy Pentester's Guide

Beyond Activities: exploiting Android Services with automation scripts. A practical guide to finding and exploiting service vulnerabilities...

8 min read Read More
Web Security Jan 2026

Web Enumeration & Brute Force: From Manual to Python

The art of being a digital detective. From manual enumeration to Python automation for web security testing...

7 min read Read More
IDOR 2024

Exploiting IDOR Vulnerabilities: A Deep Dive

A comprehensive guide to identifying and exploiting Insecure Direct Object Reference vulnerabilities in modern web applications...

12 min read Read More
Personal Blog Medium Articles

# GitHub Activity

falcon0x1

View Profile →
15+
Repositories
120+
Contributions
50+
Stars
10+
Forks
GitHub Contributions

Initialize Connection

Have a project in mind or want to discuss security? Drop me a message!

Connect With Me

Email

mahmoud.elshorbagy0x1@gmail.com

WhatsApp

+20 155 6688657

LinkedIn

Let's connect professionally

GitHub

Check out my projects