Alaa ALThubyani's CV

Current interests

(1) Exploring the mechanisms and principles of Processes and Access Controls in various operating systems, such as Linux and Windows.
(2) Developing and analyzing Malware samples and techniques that exploit the vulnerabilities and features of Windows operating system.
(3) Emulating the tactics and procedures of real-world adversaries to test the security and resilience of systems and networks.

Skills

Penetration Testing

Experienced in conducting penetration testing on various targets and domains:
- Skilled in network and web application security testing and reporting
- Familiar with various tools and frameworks for vulnerability assessment and exploitation

Red Team

Expert in performing red teaming and adversary simulation exercises:
- Capable of evading antivirus and other security solutions
- Experienced in active directory attacks and cross-domain attacks
- Capable of developing and deploying custom malware and payloads

Logs Management

Experienced in working with logs and SIEM solutions:
- Skilled in ELK stack and other log management tools
- Familiar with the logic and architecture of SIEM systems

Blue Team

Capable of performing blue team tasks and responsibilities:
- Skilled in identifying and mitigating vulnerabilities in systems and networks
- Capable of analyzing and interpreting logs from various sources and platforms, such as auditd, apache, mysql, sysmon, IIS, and Windows Native logs

Programming

Strong background in programming and code review:
- Highly proficient in Python, Java, C, C#, Assembly, PHP, and JavaScript.
- Experienced in developing malware and other offensive software.
- Familiar with web development and software engineering concepts and tools.

Infrastructure

Knowledgeable in building and managing infrastructure for various purposes:
- Skilled in virtualization, docker, terraform, puppet , bolt , ansible , and other DevOps technologies
- Experienced in building red teaming infrastructure and attack simulation lab

Work Experience

Technology Control Co. (SA, Riyadh)

Principle SOC Research Consultant

Feb 2023 — Ongoing

KPMG Saudi Arabia (SA, Riyadh)

Sr. Cyber Security Consultant (PT & RT)

Oct 2022 — Jan 2023

KPMG Saudi Arabia (SA, Riyadh)

Cyber Security Consultant (PT & RT)

May 2021 — Sep 2022

The General Authority of Meteorology and Environment Protection (SA, Jeddah)

Cyber Security Incident Responder & Investigation Officer

Dec 2017 — Mar 2019

The General Authority of Meteorology and Environment Protection (SA, Jeddah)

IT Specialist

May 2017 — Nov 2017

Enaya Care International Company (SA, Jeddah)

System Developer

Apr 2017 — May 2017

Education

University of Birmingham (UK, Birmingham)

MSc in Cybersecurity

2019 - 2020

King Abdulaziz University (SA, Jeddah)

BSc in Computer Science

2011 — 2016

Certifications

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

May 2024

OffSec Experienced Penetration Tester (OSEP)

Mar 2023

eLearnSecurity Certified Penetration Tester eXtreme (eCPTXv2)

Mar 2023

Offensive Security Web Expert (OSWE)

Apr 2022

Certified Red Team Expert (CRTE)

Jul 2021

Certified Red Team Professional (CRTP)

Mar 2021

eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv1)

Jun 2020

eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)

Jul 2019

eLearnSecurity Junior Penetration Tester (eJPT)

Feb 2019