~$ whoami

---

Hello. My name is Nima, Welcome to my Website!

I am a Network Penetration Tester, Web Security Researcher and I also used to be a Software Developer.

My Prior Roles and Works in the Software Field

---

• Full Stack Software Developer.

• Full-Time Legacy Code Maintenance, Bug Fixes, and Code Refactoring.

• Full Stack VoIP Engineer: VoIP Software Solutions and the whole VoIP stack including Software Development, Deployment, Network Infrastructure, Security, Support…

• Connecting Legacy Systems to Newer VoIP and Software Technologies.

• Finding solutions for difficult or impossible IT/Software problems. Such as finding novel solutions for bypassing some limitations of a closed-source proprietary legacy programming language and finding workarounds for some programming language bugs. I have solved every important technical problem that was handed to me during my career. Some of them were difficult and challenging enough that they were left unsolved for years, I believe:

Nothing is impossible in IT and Security and the only limitation is in our own Imagination!

• Expanded open-source IP telephony system and developed soft-phones with SIP,RTP protocols and connected these systems and their services to legacy software.

My Work Now

---

I work in Cybersecurity now.

I like almost all technical fields of Cybersecurity but prefer Offensive Security and Red Teaming over Defensive Security and Blue Teaming but I’m curious overall and read everything related to Cybersecurity and I also use Defensive knowledge to my advantage as an Offensive practitioner.

Some of my Experiences

---

• In the PortSwigger’s Web Security Academy Hall of Fame (TOP 50, Jan 2024: Ranked #13,Aug 2024: Ranked #5)

• In the Top 1% of TryHackMe.

• Currently learning German as my fourth language.

• Multiple VoIP Certifications ( ECE: Elastix Certified Engineer, ESM: Elastix Security Master, Asterisk Programming(AMI,AGI, Dial Plans Scripting, PHP, .NET Core APIs…) ).

• Years of experience in Bodybuilding, Nutrition and Human Anatomy.

Certifications (that I’m interested in)

---

• Some OffSec certifications:

  • PEN-200 OSCP

  • PEN-300 OSEP(Evasion Techniques and Breaching Defenses)

  • WEB-300 OSWE(ADVANCED WEB ATTACKS AND EXPLOITATION)

  • Exploit Analysis and Development: EXP-301 OSED(WINDOWS USER MODE EXPLOIT DEVELOPMENT) then EXP-401 OSEE(ADVANCED WINDOWS EXPLOITATION) certifications.

• Some SANS courses and certifications:

  • Web Application Security: SEC642(Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques)

  • Network Penetration Testing: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (GXPN: GIAC Exploit Researcher and Advanced Penetration Tester)

  • Industrial Cybersecurity: ICS410: ICS/SCADA Security Essentials (GICSP: Global Industrial Cyber Security Professional), ICS612: ICS Cybersecurity In-Depth

  • Web3 Security: Blockchain and Smart Contracts: SEC554: Blockchain and Smart Contract Security

  • Misc.: SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

  • Further academic education in Cybersecurity if it is not just theoretical but also practical and up-to-date experience which is applicable to the industry.

Other Areas of Interest

---

PortSwigger, TryHackMe, OffSec, Anonymization, Online Privacy and Invisibility, OSINT, Linux, OS Hardening, Covert Cyber-Attacks, Side-Channel Attacks, Bypassing Air-Gaps, Automation, Github and Open-Source Software, CTFs, Blockchain, ICS, AI, Quantum Computing, Neuroscience, Evolution, Personal Transformation, Performance Improvement…

References

---

Icon made by Freepik from www.flaticon.com