BASED IN MOROCCO 🇲🇦

Abdelkarim

Mouchquelita

@mchklt



SCROLL TO EXPLORE
Penetration Tester & Security Researcher

22-year-old freelance
ethical hacker.

Based in Morocco, I help organizations find and fix critical vulnerabilities before the bad guys do.

Diploma in Computer Systems & Networks — Top of class (2024).
Bachelor in Cybersecurity from Ynov — Ranked #1 (2025).

Practical attacker mindset. Crystal-clear remediation reports. Zero ego, maximum impact.

Abdelkarim Mouchquelita
EXPERTISE

Core Skills

🌐

Web / API Security

OWASP Top 10 Burp Suite Pro OWASP ZAP ffuf sqlmap
🔌

Network & Infra

Nmap Metasploit Wireshark Nessus
🏢

Active Directory

Enumeration Kerberoasting Privilege Escalation BloodHound
💻

Scripting & Automation

Python Bash PowerShell
📜

Source Code Review

PHP Java .NET Python Node.js
PROVEN

Certifications & Training

OSWE Badge - Abdelkarim Mouchquelita

Web Expert (OSWE)

OffSec

Verify
eJPTv2 Badge

Junior Penetration Tester (eJPTv2)

INE Security

CRTA Badge

Red Team Analyst (CRTA)

CyberWarFare

CAPen Badge

AppSec Pentester (CAPEN)

SecOps

HTB Pro Labs Badge

Pro Labs (DANTE • ZEPHYR • POO)

HackTheBox

HALL OF FAME

Bug Bounty Achievements

50
Platforms Secured
$16
k
Bounty Earned
3
Major Hall of Fames

NOTABLE FINDS

Reflected XSS on Tesla
Critical impact on main domain asset
Remote Code Execution on RedBull
Unauth RCE via CVE-2025-30406 ViewState exploit (6 trays Red Bull + swag reward)
🏆
Hall of Fame — Paysafe Bug Bounty
Recognized for multiple high-severity reports
🌐
[0-Day] Critical P1 Reflected XSS on 130+ Websites
Single misconfigured elementsUrl param chained to malicious CSS/JS import
🔓
Authentication Bypass → Full PII Exposure
Bypassed auth leading to sensitive personally identifiable information leak (high payout)
📦
RCE via Dependency Confusion
Real-world attack hijacking unclaimed npm packages for server compromise
📡
Unauthenticated Mosquitto MQTT Exposure
Large-scale port scanning revealed open port 1883 services leading to critical access
OPEN SOURCE

Tools & Projects

Ping-Pong

Python

Real-time host monitoring with instant alerts and automated remediation workflows.

mosquito_monitorer

MQTT

Advanced MQTT payload logger and IoT traffic monitoring suite for security research.

Nmap-Bomber

Bash

Lightning-fast parallel Nmap wrapper with custom reporting and evasion modules.

auth-bypass • browsPEAS

Recon

Toolkit for authentication bypass techniques and modern privilege escalation enumeration.

Sharing knowledge
with the community.

Medium blog with 1,100+ followers and over 100,000 recent post views.

I regularly deliver hands-on courses covering Linux hardening, Windows Server security, Python for pentesters, and modern web application security.

✍️
Read my latest articles →
mchklt.medium.com
1100
MEDIUM FOLLOWERS
100k
POST VIEWS

Let's secure the future together.

Open to full-time roles, bug bounty collaborations, or speaking opportunities.