WHO AM I
Adham A. Makroum
Offensive Security Engineer
Offensive Security Engineer with strong hands-on experience in penetration testing across multiple domains, including Web Applications, APIs, Android Applications, Linux environments, and Active Directory infrastructures. Experienced in testing a wide range of real-world applications, including fintech apps, social media apps, and business-critical enterprise solutions.
Key Strengths
Web & API
- ▸ Web & API pentest on real-world apps (FinTech, social media), covering OWASP Top 10.
- ▸ Client-side & server-side vulns, incl. business logic and API weaknesses.
- ▸ Deep knowledge of frameworks to find config and code-level weaknesses.
Mobile / Android
- ▸ Static/dynamic analysis, reverse engineering, hooking (OWASP MASVS).
- ▸ Flutter, React Native, and native Java applications.
- ▸ Root/RASP detection and advanced SSL pinning bypass.
Network & AD
- ▸ Linux/Windows & Active Directory: enum, exploitation, privesc, post-exp.
- ▸ AD attacks: Kerberoasting, AS-REP, Pass-the-Hash, service misconfigs.
- ▸ Diverse network services and protocols across Linux environments.
Certifications
CRTP
Certified Red Team Professional
Altered Security
eWPTX
Web Application Penetration Tester eXtreme
eLearnSecurity
CEPT
Certified Expert Penetration Tester
InfoSec
Services
01
Web & API Pentest
Identify vulnerabilities in modern web apps and APIs following OWASP Top 10.
02
Mobile Security
Static & dynamic analysis, reverse engineering, and Frida scripting for Android/iOS.
03
Network & AD Pentest
Enumeration, exploitation, privilege escalation, and post-exploitation.
Let's work together
Looking for PTaaS for your apps, APIs, mobile, or infrastructure? Let's talk and tailor a security assessment for your business.