Offensive Security · OSINT · Threat Intel

Muhammad Haseeb Ashfaq

> aspiring_penetration_tester

I break things to understand how they hold together. Year 13 student building real offensive-security skills through CTFs, threat intelligence, and OSINT — based in Dubai.

// RECON_FEED
25.2048°N 55.2708°E · DXB · TGT_LOCKED
30+CTF challenges built
7Challenge categories
18TryHackMe rooms
Top 35%THM global rank
01

About

SUBJECT PROFILE
FILE — HA/2027 ACTIVE
Aliaskaido
LocationDubai, UAE
StatusYear 13 · BTEC IT Level 3 (Distinction)
SchoolThe Westminster School, Dubai
FocusOffensive Security / OSINT
NowSOC L1 + Jr Pen Tester path

I'm Haseeb — a self-directed cybersecurity student set on becoming a penetration tester. Most of what I know I've learned by getting hands-on: playing CTFs, taking apart APT campaigns, and chasing the kind of small details that OSINT lives on.

At Westminster I'm working through the BTEC IT Level 3 National Diploma with distinctions across the board, and I recently finished a Cambridge research paper on AI-powered surveillance and privacy — which pushed me deep into AI ethics and cyber-geopolitics.

Outside the classroom I co-built my school's first CTF/Hackathon, compete in web-exploitation and OSINT challenges, and I'm prepping for CompTIA Network+. The goal from here: specialize in offensive security, threat intelligence, and OSINT.

Web Exploitation OSINT Threat Intelligence MITRE ATT&CK
02

Projects

CASE FILES
CASE #001 — FLAGSHIP2026

WSH'26 — Westminster Hackathon & CTF

Organizer & CTF Challenge Developer

Co-organized my school's first intraschool CTF & Hackathon for 30+ participants — and built the whole challenge set and the infrastructure it ran on. End to end: design, cloud deployment, and live administration.

  • 30+ custom challenges across 7 categories
  • Deployed CTFd on Google Cloud Platform
  • Dockerized multi-service stack (Nginx · MariaDB · Redis)
  • Configured VPC networking & firewall rules
  • Built web challenges in Python & Flask
  • Categories: Web · Rev · Crypto · Stego · Forensics · OSINT · Misc
CTFdGCPDockerFlask Burp SuiteGhidraWireshark
CASE #002 — BUILD2026

Raspberry Pi Security Homelab

Self-hosted · Linux · Networking

A security-focused homelab built from scratch on a Raspberry Pi 3B, running headless on Pi OS Lite. The repo documents every major decision — what was tried, what failed, and why the final approach won — not just the configs.

  • Pi-hole + Unbound — DNS sinkhole with a local recursive DNSSEC resolver
  • Tailscale mesh VPN — remote access through double-NAT, no port forwarding
  • Docker-hosted services with Uptime Kuma monitoring & ntfy alerts
  • SSH hardening — key-only auth + fail2ban; nightly rsync backups
LinuxDockerPi-holeUnbound TailscaleDNSSECrsync
View repository
CASE #003 — RESEARCH2025

AI Surveillance & Privacy

Cambridge International Project (CIPQ)

A research paper on how far AI-powered surveillance can go in preventing political conflict in the USA while protecting individual privacy — a deep dive into AI ethics, digital security, and cyber-geopolitics.

AI EthicsPrivacyResearch
CASE #004 — OPS2026

UMassCTF · PinkHatHackers

Web Exploitation & OSINT

Competed in UMassCTF — the University of Massachusetts Amherst's annual capture-the-flag — with the PinkHatHackers team, focusing on web exploitation and OSINT challenges against a global field.

Web ExploitOSINTCTF
CASE #005 — TRAININGONGOING

TryHackMe Pathways

Pre-Security ✓ · SOC L1 & Jr Pen Tester (in progress)

Structured, hands-on training through TryHackMe — Pre-Security completed, now working the SOC Level 1 and Junior Penetration Tester paths toward practical offensive skills.

Blue+RedLabsPentest
CASE #006 — EXPERIENCEPAST

IT Intern · SPM Shipping DMCC

Internship

Early hands-on IT experience inside a working business — exposure to real operations, systems, and the day-to-day of keeping infrastructure running.

IT SupportOperations
CERTIFICATIONS & PROGRAMS
Fujitsu — Cybersecurity Amazon — Solutions in the Cloud Amazon — Verifying AI Knowledge Heriot-Watt — Race Engineer Program Harvard CS50x — Intro to CS (in progress) CompTIA Network+ (target 2026)
03

Skills

CAPABILITY MATRIX
A1

Offensive Security

  • Web exploitation — CTF-tested attack chains
  • Penetration testing fundamentals & methodology
  • Challenge design across Rev, Crypto, Stego & Forensics
A2

Threat Intel & OSINT

  • MITRE ATT&CK — mapping & APT campaign analysis
  • OSINT investigation & collection
  • Network security fundamentals
A3

Tooling & Infra

  • Burp Suite · Ghidra · Wireshark · Nmap
  • Docker & multi-service deployments on GCP
  • CTFd · Nginx · MariaDB · Redis
A4

Code & Dev

  • Python — security automation & OSINT scripting
  • Flask for web challenge apps
  • Git & GitHub · VS Code
05

Contact

ESTABLISH LINK
haseeb@kaido: ~/contact
$ whoami --reach

Let's build something — or break it.

Open to internships, CTF teams, and anyone working in offensive security or threat intel. The fastest way to reach me is email or LinkedIn.

// DOCTRINEPRINCIPLE_001
If you can't find it, build it then break it.
$ ./mindset --offensive