Resume

Ayham Alsarkhi

Cybersecurity Specialist · Amman, Jordan

Download PDF

Profile

Led the cloud attack chain (AWS) and co-led Active Directory exploitation for the team that placed 2nd globally at CPTC 11. eWPTX-certified web application pentester with active bug bounty experience across H1 programs. Authored 23 original CTF challenges across 4 competitions — from kernel exploitation to cloud misconfiguration chains. Designs and operates CTF infrastructure serving 200+ concurrent participants. Believes offensive skills make better defenders, and is building toward both.

Awards

Global Silver Medalist — 2nd Place

Collegiate Penetration Testing Competition (CPTC 11) · 2026

2026
  • Led the cloud attack chain (AWS) — IAM enumeration, privilege escalation, and misconfiguration exploitation against a simulated enterprise environment.
  • Co-led Active Directory exploitation — enumeration through domain dominance in a full black-box corporate network.
  • Produced professional remediation reports and defended technical findings before a mock executive board.

Experience

Aug 2025 – Present

Tech Lead

Cybersecurity Club, PSUT

  • Design and operate CTF platform infrastructure on Docker Swarm — zero downtime for 200+ concurrent participants across multiple live events.
  • Author advanced challenges in binary exploitation, forensics, and cloud; oversee all challenge categories across the club's competitions.
  • Train members in Active Directory and cloud pentesting in preparation for CPTC and other competitive events.

Aug 2025 – Sep 2025

Penetration Testing Intern

Umniah

  • Ran full-scope web application penetration tests using Burp Suite Professional, covering the full attack surface and identifying critical vulnerabilities.
  • Performed automated and manual scanning with Nessus and Nmap; validated findings to eliminate false positives before delivery.

2024 – 2025

Beginners Instructor

Cybersecurity Club, PSUT

  • Designed and delivered a structured beginners curriculum: Linux, networking, Python, and Bash.
  • Took students from zero knowledge to competing in their first CTF.

2024 – 2025

Head of Hackathon Division

Overflow, PSUT

  • Led the hackathon division at Overflow student club, organizing events and driving cross-club collaboration.

Education

Sep 2022 – Jun 2026

Bachelor's in Cybersecurity

Princess Sumayya University for Technology

GPA: Very Good

Certifications

eWPTX

Advanced web application penetration testing — API security, authentication attacks (OAuth, JWT, SAML), and server-side exploitation.

OSCP

In Progress

OffSec Certified Professional

Skills

Security & Pentesting

Burp SuiteMetasploitNmapNessusSQLmapDalfoxWiresharkmsfvenom

Binary Exploitation

pwntoolsGDB / GEFGhidraAssembly (x86)Kernel ExploitationROP Chains

Active Directory

BloodHoundMimikatzLDAP EnumerationKerberoastingWindows Privesc

Cloud & Infrastructure

AWS PentestingIAM EnumerationDockerDocker SwarmContainer Security

Programming

PythonCBashAssemblyTypeScript