~$ whoami

---

Hello. My name is Nima, Welcome to my Website!

I am a Network Penetration Tester, Web Security Researcher and I also used to be a Software Developer.

I have been using computers and been programming from an early age since the prehistoric MS-DOS ages (GW/QBasic and FoxPro) then Visual Basic 6 in old Windows versions and then C#, Microsoft Visual FoxPro, PHP, JavaScript, Python… in Windows and Linux.

My Prior Roles and Works in the Software Field

---

• Full Stack Software Developer working in all layers of Software Development, also some experience in Sales, Support and Deployment. But always preferred technical fields.

• Full-Time Legacy Code Maintenance, Bug Fixes, Enhancement and New Features Development.

• Full Stack VoIP Engineer: VoIP Software Solutions and the whole VoIP stack including Software Development, Deployment, Network Infrastructure, Security, Support…

• Connecting Legacy Systems to Newer VoIP and Software Technologies.

• Finding solutions for difficult or impossible IT/Software problems. Such as finding novel solutions for bypassing some limitations of a closed-source proprietary legacy programming language and finding workarounds for some programming language bugs. I have solved every important technical problem that was handed to me during my career. Some of them were difficult and challenging enough that they were left unsolved for years, I believe:

Nothing is impossible in IT and Security and the only limitation is in our own Imagination!

• Expanded open-source IP telephony system and developed soft-phones with SIP,RTP protocols and connected these systems and their services to legacy software.

My Work Now

---

I work in Cybersecurity now.

I like almost all technical fields of Cybersecurity but prefer Offensive Security and Red Teaming over Defensive Security and Blue Teaming but I’m curious overall and read everything related to Cybersecurity and I also use Defensive knowledge to my advantage as an Offensive practitioner.

Some of my Experiences

---

• In the PortSwigger’s Web Security Academy Hall of Fame (TOP 50, Jan 2024: Rank 13)

• Solved most of Web Security Academy Labs (more than 260) and really appreciate the great effort they’ve been putting to prepare this world-class material. Web Security Academy is the best place to learn and get hands-on experience for the latest and most advanced web vulnerabilities and attacks with over 25 different categories. PortSwigger’s Research is the best in Web Security and all of their services including Web Security Academy and Burp Suite are highly recommended.

• In the Top 1% of TryHackMe, solved more than 200 rooms. This is another great world-class resource that I highly recommend. It is extremely addictive perhaps even more than video games! and you’ll also learn a ton and grow as a Cybersecurity expert, both blue and red team contents are fantastic.

• Multiple TryHackMe certificates for offensive, defensive and general Cybersecurity pathways, and also planning to get the remaining certificates (currently there are around 14 of them).

• Currently learning German as my fourth language! Putting a few minutes aside every day to learn this language. I think I’ll continue my daily learning routine for at least 5-6 more years to gain mastery or at least C1/C2 level fluency then I’ll start my next language.

• Some other certificate courses in Cybersecurity and some Programming language courses.

• Multiple VoIP Certifications ( ECE: Elastix Certified Engineer, ESM: Elastix Security Master, Asterisk Programming(AMI,AGI, Dial Plans Scripting, PHP, .NET Core APIs…) ).

• Network+, CEH: Certified Ethical Hacker.

• Some Physical Training Certifications: Nutrition, Human Anatomy, Bodybuilding, also years of experience in physical training and Bodybuilding.

• As a hobby, I also like to study different science fields in order to get a better view of what Life is.

Certifications (that I’m interested in)

---

• Some OffSec certifications:

  • PEN-200 OSCP

  • PEN-300 OSEP(Evasion Techniques and Breaching Defenses)

  • WEB-300 OSWE(ADVANCED WEB ATTACKS AND EXPLOITATION)

  • Exploit Analysis and Development (not in my priority list now but I might pursue this path in the future): EXP-301 OSED(WINDOWS USER MODE EXPLOIT DEVELOPMENT) then EXP-401 OSEE(ADVANCED WINDOWS EXPLOITATION) certifications.

• Some SANS courses and certifications:

  • Web Application Security: SEC642(Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques)

  • Network Penetration Testing: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (GXPN: GIAC Exploit Researcher and Advanced Penetration Tester)

  • Industrial Cybersecurity: ICS410: ICS/SCADA Security Essentials (GICSP: Global Industrial Cyber Security Professional), ICS612: ICS Cybersecurity In-Depth

  • Web3 Security: Blockchain and Smart Contracts: SEC554: Blockchain and Smart Contract Security

  • Misc.: SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

  • Further academic education in Cybersecurity if it is not just theoretical but also practical and up-to-date experience which is applicable to the industry.

Other Areas of Interest

---

PortSwigger, TryHackMe, OffSec, Anonymization, Online Privacy and Invisibility, OSINT, Linux, OS Hardening, Covert Cyber-Attacks, Side-Channel Attacks, Bypassing Air-Gaps, Automation, Github and Open-Source Software, CTFs, Blockchain, ICS, AI, Quantum Computing, Neuroscience, Evolution, Personal Transformation, Performance Improvement…