Me

Hi! I’m Mohamed Masmoudi (Enigma522), a cybersecurity enthusiast who loves CTFs, HackTheBox, and digging into vulnerabilities (This is some CVEs I found).
This site hosts my writeups and research. Thanks for stopping by!
Feel free to connect with me on:

Interests

  • Cyber Security
  • CTF
  • Web Exploitation
  • Digital Forensics
  • Pentesting
  • Coding

Education

Software Engineering Degree, 2026
National Institute Of Applied Science And Technology, INSAT

My Experience

Penetration Testing & Security Audits: I perform security assessments on web applications and infrastructure, identify vulnerabilities, and provide remediation advice. I also participate in bug bounty programs.

Red Team Tooling: I’m passionate about building automation tools to support my pentesting journey. I develop custom offensive tools — including a C2 framework with implants and a CLI — using Go and Python.

Software Engineering: As a software engineering student at INSAT, I have strong experience in software development and DevOps. I have worked with programming languages like C++, Python, and Go, and frameworks such as Angular, NestJS, and Flask. Additionally, I am experienced with Docker, CI/CD pipelines using GitLab, and automated deployments with Ansible.

Education & CTFs: I’m currently studying software engineering at INSAT and am an active member of Securinets. I contribute to CTF challenges focused on web exploitation and digital forensics.

Projects

Securinets Quals CTF: Cloud Infrastructure

Designed and deployed the high-availability cloud infrastructure for a major international cybersecurity competition. The system supported over 1,300 concurrent users and 9,000+ unique IPs with 99% uptime.

# GCP# Terraform# HAProxy# Bash# Docker# Cloud SQL# CTFd
Securinets Quals CTF: Cloud Infrastructure screenshot

C2-framework

A full-featured Command & Control (C2) framework in Go with CLI, server, and implant components built for secure post-exploitation and red-team operations.

# Go# C2# python# red-team
C2-framework screenshot

netcut-cli

Lightweight ARP-spoofing tool in Go for LAN management—scan networks, cut device connections, and prototype bandwidth control.

# Go# network# ARP
netcut-cli screenshot

Spider

Asynchronous web crawler in Python for reconnaissance—crawls URLs to a specified depth and extracts key information.

# Python# crawler# recon
Spider screenshot

I have also completed numerous web development projects both at university and as a freelancer, building full-stack applications using modern frameworks and technologies.