Close

Hamza Zeroual

Cybersecurity Student & Pentester

Download Resume

About Me

I am a dedicated cybersecurity engineering student at ENSIAS with a passion for offensive security, reverse engineering, and blockchain development. My journey in cybersecurity has equipped me with hands-on experience in malware analysis, penetration testing, and secure software development.

Through various projects and practical work, I have developed expertise in Windows internals, anti-debugging techniques, and evasion strategies. I am particularly interested in the intersection of cybersecurity and emerging technologies like blockchain, where I've built decentralized applications using Solidity and Web3.js.

My approach to cybersecurity is both defensive and offensive - understanding how systems can be compromised helps me build more secure solutions. I continuously challenge myself through CTFs, hackathons, and personal research projects to stay at the forefront of cybersecurity innovation.

Beyond technical skills, I am committed to sharing knowledge with the cybersecurity community through blog posts, open-source contributions, and collaborative projects. I believe that cybersecurity is a collective effort, and I'm always eager to learn from others and contribute to the field.

Experience

D&A Trust

Cybersecurity Intern

Participated in various Red Teaming missions involving black-box, grey-box, and white-box penetration testing targeting mobile applications, APIs, and web platforms. Performed OSINT investigations and dark web monitoring for enterprise clients to detect data exposure and potential threats.

Conducted security assessments by bypassing advanced protections such as SSL pinning and root detection, analyzing application behavior, and reviewing source code where available. Contributed to secure code review and vulnerability identification across Android and web environments.

Authored detailed technical reports with proof of concept, severity ratings, and actionable recommendations.

As part of my final year project (PFE), developed a framework for adversarial payload generation and automated security testing of virtual machines in the cloud, focusing on risk analysis and advanced evasion techniques.

Wafacash Cybersecurity

Mobile & API Pentester Intern

Performed security assessments on Android applications and REST APIs, including reverse engineering, dynamic and static analysis using MobSF, Frida, Objection, and Burp Suite.

Hack The Box & TryHackMe

Red Team / Web Pentesting

Solved various CTF challenges covering Linux and Windows environments, web application fuzzing, exploitation of OWASP Top 10 vulnerabilities, privilege escalation, and network pivoting.

AI Club ENSIAS

Hackathon Participant – Phishing Detection Project

Participated in a 48-hour hackathon organized by the AI Club of ENSIAS. Collaborated with a team to design and implement a phishing detection system using machine learning and deep learning techniques. Built and evaluated models to classify URLs and emails as legitimate or malicious, achieving high accuracy with minimal false positives.

Certifications

Fundamentals of Dark Web Training

SOCRadar®

July 2025

Skills:
• Dark Web Monitoring
• Tor vs I2P vs FreeNET
• Threat Intelligence

Threat Intelligence Fundamentals

SOCRadar®

July 2025

Skills:
• Threat Intelligence Lifecycle
• Threat Actor Profiling
• OSINT Techniques

Introduction to Zero Trust

The Linux Foundation

June 2025

Skills:
• Zero Trust Principles
• Zero Trust Architecture
• Policy Governance

AWS Microservices & CI/CD

Amazon Web Services

January 2025

Skills:
• Microservices Architecture
• CI/CD Pipelines
• AWS Cloud Services

OT Security Expert (OOSE)

OPSWAT Academy

Aug 2025 · Exp: Sept 2025

Skills:
• OT/ICS Security
• Risk Management
• Threat Detection & Response

Log Analysis for Cyber Defense

redteamleaders

ID: 6ef7df4b6be3fc12

Skills:
• Log Analysis
• SIEM & Event Monitoring
• Incident Investigation

Education

ENSIAS - National School of Computer Science and Systems Analysis

2022 - 2025

Engineering Degree - Information Systems Security (SSI)

Specializing in cybersecurity with comprehensive training in offensive and defensive security, reverse engineering, and secure systems development.

Key Competencies
  • Security: Penetration Testing, Malware Analysis, Reverse Engineering, Cryptography
  • Development: Secure Software Development, Web Security, Mobile Security
  • Systems: Windows Internals, Linux Security, Network Security, Cloud Security
  • Blockchain: Smart Contracts, Decentralized Applications (DApps), Web3 Development
Final Year Project

Adversarial Payload Generation for Evasion: Research and development of advanced techniques to generate adversarial payloads capable of bypassing modern security solutions using machine learning and evasion strategies.

Certifications

Projects

OWASP crAPI

API Pentesting – OWASP crAPI

Performed a comprehensive security audit of the OWASP crAPI API including Broken Object Level Authorization (BOLA), broken authentication, SSRF, JWT token forgery, NoSQL injection, and mass assignment vulnerabilities.

View Project
WebGoat Exploitation

Vulnerability Exploitation – WebGoat

Completed all WebGoat modules covering XSS, SQL Injection, JWT vulnerabilities, broken authentication, and others. Created automated scripts and manual exploitation proofs using Burp Suite and Python.

View Project

All My GitHub Projects

Explore my complete collection of projects across Cybersecurity, Development, and Hackathons

Loading GitHub projects...

Skills

Cybersecurity

Penetration Testing
Malware Analysis
Reverse Engineering
Windows Internals
OWASP Top 10

Programming

Python
C/C++
JavaScript
Solidity
Bash/PowerShell

Tools & Frameworks

Burp Suite
Metasploit
IDA Pro / Ghidra
Wireshark
Nmap

Blockchain & Web3

Smart Contracts
Web3.js / Ethers.js
Hardhat / Truffle
React / Next.js
IPFS

Get in Touch