Loading...
Muntazir Mehdi
Offensive Security
Muntazir Mehdi — Offensive Security
01/about
I'm a junior offensive security professional based in the Eastern Province of Saudi Arabia. Day-to-day I work as an IT analyst — handling infrastructure, endpoints, and access for a corporate environment — and spend the rest of my time on Hack The Box, Active Directory labs, and the offensive security stack.
I earned my CPTS from Hack The Box in April 2026 after completing two pro labs — Dante and Zephyr. Currently working through CRTP, focused on Active Directory attack chains and Windows internals. BTL1 and eJPT came before that.
For roles, I'm not fixed on one track — pentesting, red teaming, SOC/threat detection, or security engineering. As long as the work is hands-on and technical, I'm interested.
~/focus
- Active Directory enumeration & attacks
- Internal network & web app pentesting
- Windows internals & privilege escalation
- Log analysis & detection fundamentals
- PowerShell, Python, C/C++
~/next
- 01CRTP — Active Directory attack tradecraft — Altered SecurityIn progress
- 02Windows Internals + C/C++ — Pluralsight and self-study — low-level foundationsNext
- 03MalDev Academy — Malware development coursePlanned
- 04ODPC — Offensive Development Practitioner — White Knight LabsPlanned
02/experience
Jun 2025 — Present
IT Analyst
GVS Industrial Company · Dammam, Saudi Arabia
Run IT and endpoint security for a 25-user corporate environment. Own user access and Active Directory hygiene, patching cadence, and AV/EDR coverage. First line on incidents — triage and resolve hardware, software, and network issues end-to-end.
Active DirectoryEndpoint SecurityPatch ManagementAccess ControlsIncident Response
Jan 2024 — Apr 2024
Security Analyst
Asia Pacific University · Kuala Lumpur, Malaysia
Ran vulnerability assessments and penetration tests against university lab infrastructure. Surfaced exploitable misconfigurations and weak services, then wrote them up with risk ratings and concrete remediation steps the IT team could action.
Vulnerability AssessmentPenetration TestingTechnical ReportingRemediation
Sep 2023 — Jan 2024
Cyber Security Internship
Asia Pacific University · Kuala Lumpur, Malaysia
Imaged and hardened lab workstations against a standard security baseline. Handled day-to-day hardware and software issues for students and staff, and wrote up procedures for the university's internal knowledge base.
ImagingSecurity BaselinesTroubleshootingDocumentation
03/certifications
Certified Penetration Testing Specialist (CPTS)
Hack The Box · Apr 2026
Certified Red Team Professional (CRTP)
Altered Security· in progress
Blue Team Level 1 (BTL1)
Security Blue Team
Junior Penetration Tester (eJPT)
INE / eLearnSecurity
04/labs
Where I spend most of my off-hours — end-to-end attack chains against realistic corporate and Active Directory environments.
- Completed
Dante
Hack The Box Pro LabsInternal network compromise — pivoting, post-exploitation, and privilege escalation across a corporate-style network.
- Completed
Zephyr
Hack The Box Pro LabsRed team scenario focused on Active Directory attacks — Kerberos abuse, trust relationships, and lateral movement across multiple forests.
05/writing
How I Scored 95% in the Blue Team Level 1 (BTL1) Exam on My Second Attempt
2025·5 min read
My journey from failing the BTL1 exam to scoring 95% on my second attempt. Learn about my preparation strategy, key mistakes, and tips for success.