Abdelkarim Mouchquelita

● Penetration Tester & Security Researcher

22-year-old freelance
ethical hacker.

Based in Morocco, I help organizations find and fix critical vulnerabilities before the bad guys do.

Diploma in Computer Systems & Networks — Top of class (2024).
Bachelor in Cybersecurity from Ynov — Ranked #1 (2025).

Practical attacker mindset. Crystal-clear remediation reports. Zero ego, maximum impact.

EXPERTISE

Core Skills

🌐

Web / API Security

OWASP Top 10 Burp Suite Pro OWASP ZAP ffuf sqlmap

🔌

Network & Infra

Nmap Metasploit Wireshark Nessus

🏢

Active Directory

Enumeration Kerberoasting Privilege Escalation BloodHound

💻

Scripting & Automation

Python Bash PowerShell

📜

Source Code Review

PHP Java .NET Python Node.js

PROVEN

Certifications & Training

Web Expert (OSWE)

OffSec

Verify

Junior Penetration Tester (eJPTv2)

INE Security

Red Team Analyst (CRTA)

CyberWarFare

AppSec Pentester (CAPEN)

SecOps

Pro Labs (DANTE • ZEPHYR • POO)

HackTheBox

HALL OF FAME

Bug Bounty Achievements

50

Platforms Secured

$16

k

Bounty Earned

3

Major Hall of Fames

NOTABLE FINDS

✕

Reflected XSS on Tesla

Critical impact on main domain asset

⚡

Remote Code Execution on RedBull

Unauth RCE via CVE-2025-30406 ViewState exploit (6 trays Red Bull + swag reward)

🏆

Hall of Fame — Paysafe Bug Bounty

Recognized for multiple high-severity reports

🌐

[0-Day] Critical P1 Reflected XSS on 130+ Websites

Single misconfigured elementsUrl param chained to malicious CSS/JS import

🔓

Authentication Bypass → Full PII Exposure

Bypassed auth leading to sensitive personally identifiable information leak (high payout)

📦

RCE via Dependency Confusion

Real-world attack hijacking unclaimed npm packages for server compromise

📡

Unauthenticated Mosquitto MQTT Exposure

Large-scale port scanning revealed open port 1883 services leading to critical access

OPEN SOURCE

Tools & Projects

All on GitHub

Ping-Pong

Python

Real-time host monitoring with instant alerts and automated remediation workflows.

VIEW REPO

mosquito_monitorer

MQTT

Advanced MQTT payload logger and IoT traffic monitoring suite for security research.

VIEW REPO

Nmap-Bomber

Bash

Lightning-fast parallel Nmap wrapper with custom reporting and evasion modules.

VIEW REPO

auth-bypass • browsPEAS

Recon

Toolkit for authentication bypass techniques and modern privilege escalation enumeration.

VIEW COLLECTION

Sharing knowledge
with the community.

Medium blog with 1,100+ followers and over 100,000 recent post views.

I regularly deliver hands-on courses covering Linux hardening, Windows Server security, Python for pentesters, and modern web application security.

✍️

Read my latest articles →

mchklt.medium.com

1100

MEDIUM FOLLOWERS

100k

POST VIEWS

Let's secure the future together.

Open to full-time roles, bug bounty collaborations, or speaking opportunities.

abdelkarimmouchquelita@gmail.com ✉️

Github 🐛 Bugcrowd ✍️ Medium 🔥 TryHackMe LinkedIn

22-year-old freelanceethical hacker.

Core Skills

Web / API Security

Network & Infra

Active Directory

Scripting & Automation

Source Code Review

Certifications & Training

Web Expert (OSWE)

Junior Penetration Tester (eJPTv2)

Red Team Analyst (CRTA)

AppSec Pentester (CAPEN)

Pro Labs (DANTE • ZEPHYR • POO)

Bug Bounty Achievements

NOTABLE FINDS

Tools & Projects

Ping-Pong

mosquito_monitorer

Nmap-Bomber

auth-bypass • browsPEAS

Sharing knowledgewith the community.

Let's secure the future together.

22-year-old freelance
ethical hacker.

Sharing knowledge
with the community.