— Cybersecurity Specialist

Ayham
Alsarkhi

Penetration Tester. CTF Author. Bug Bounty Hunter.

eWPTX · OSCP in progress

GitHub ↗LinkedIn ↗Email ↗

View work →

2nd

Worldwide

CPTC 2026

Challenges Authored

4 competitions

200+

Participants

managed per CTF

100+

Students

instructed

2nd Place Worldwide

Global CPTC 11 — 2026

Cloud Lead · AD Co-Lead

eWPTX Certified

eLearnSecurity

Advanced Web Pentesting

Penetration Testing Intern

Umniah

Aug – Sep 2025

OSCP

OffSec — In Progress

Active

Domains

What I break

Web & API Pentesting

eWPTX certified. OAuth, JWT, SAML, server-side exploitation, full attack surface coverage.

Cloud (AWS)

IAM enumeration, privilege escalation, misconfiguration chains. Led cloud attack chain at CPTC.

Active Directory

Kerberoasting, DACL abuse, lateral movement, domain dominance. Co-led AD chain at CPTC.

Binary Exploitation

Kernel pwn, ROP chains, heap exploitation. Authored pwn challenges across multiple competitions.

Work

Projects

All projects →

Grad ProjectComing Soon

Post-Incident Network Forensics Platform

ML-powered platform that automates anomaly detection in network traffic and lets analysts query forensic data in plain English.

PythonZeekDockerPostgreSQLChromaDB

CTFd Plugin↗

WaveManager

CTFd plugin for scheduled challenge releases. Organizers define waves — the plugin reveals challenges automatically, keeping competition pace controlled.

PythonFlaskSQLAlchemyCTFdBootstrap 4

CVE↗

ctfd-whale Security Patch

Found and patched a vulnerability in ctfd-whale, the Docker challenge manager used in CTF platforms globally. CVE pending.

PythonDockerCTFd

Writeups

Latest

All writeups →

Writeups published post-triage and responsible disclosure.

AyhamAlsarkhi