Summary

Overview

Work History

Education

Skills

Certification

Timeline

Ahmad Haikal Azhan Mohd Sharif

Kajang, Selangor

Summary

I am a cybersecurity professional with strong experience leading red teaming and intelligence-led engagements across enterprise environments. As a Project Lead, I have planned and delivered advanced attack simulations that include Active Directory exploitation, mobile intelligence-led testing, and full-scope offensive operations. My technical expertise spans mobile application security on both Android and iOS, web and API penetration testing, host assessments, and comprehensive internal and external vulnerability assessments.

Well-versed in tools such as Impacket, BloodHound, Certipy, Frida, Objection, Burp Suite, and VMware ESXi labs, I combine deep technical execution with leadership and client-facing communication. I am experienced in translating complex technical findings into clear, actionable reporting for executives and technical teams alike, ensuring remediation efforts are prioritized and effective. Passionate about offensive security, I continuously build and refine lab environments to replicate adversary tradecraft and strengthen organizational resilience against real-world threats.

Overview

1

1

year of professional experience

1

1

Certification

Work History

Penetration Tester / Security Consultant

Nexagate Sdn Bhd

12.2024 - Current

As a Project Lead for red teaming assessments, I manage and deliver end-to-end offensive security engagements, including Active Directory exploitation, intelligence-led red team operations, and mobile intelligence-led scenarios. My role involves planning, executing, and reporting complex attack simulations that mirror real-world adversaries, ensuring that clients receive both technical depth and actionable insights.

I am highly skilled in mobile application security testing for both Android and iOS, with experience in reverse engineering, static and dynamic analysis, and bypassing security controls such as root/jailbreak detection and SSL pinning. Beyond mobile, I am also well-versed in traditional penetration testing, including web application testing, API security assessments, and vulnerability assessments covering both internal and external infrastructure.

My expertise extends to host assessments and Active Directory exploitation, where I routinely identify privilege escalation paths, lateral movement opportunities, and configuration weaknesses. Combining technical execution with leadership, I ensure that every engagement results in clear findings, remediation guidance, and executive-level reporting that supports long-term security improvements for clients.

Education

Bachelor of Computer System Security - Cybersecurity

Universiti Kuala Lumpur MIIT

Kuala Lumpur, Malaysia

07-2023

Skills

Red Team Engagements & Intelligence-Led Assessments (Active Directory, Mobile, Full-scope)
Active Directory Exploitation (NTLM Relay, Kerberos Abuse, AD CS/ESC1-8, PetitPotam, BloodHound pathing)
Vulnerability Assessments (Internal & External)
Reverse Engineering (apktool, JADX, Radare2, Ghidra)
Runtime Instrumentation (Frida, Objection, custom hook scripts)
Static/Dynamic Analysis, SSL Pinning & Root/JB Detection Bypass
Manual Gadget Injection & APK/IPA patching

Web Application Pentesting (OWASP Top 10, IDOR, XXE, SQLi, RCE)
API Security Testing (Auth flaws, JWT attacks, rate limiting, broken object level auth)
Tools: Burp Suite Pro, ffuf, dirsearch, Postman, Impacket Suite (ntlmrelayx, wmiexec, psexec, smbclient, secretsdump), Certipy, Rubeus, Mimikatz, BloodHound & Neo4j for AD attack path analysis, Masscan, Rustscan, Nmap for network mapping, Patator & Hydra for credential attacks
VMware ESXi / DetectionLab setup for AD exploitation R&D
Scripting & Automation with Python, PowerShell, and Bash
Technical Documentation (PoCs, exploit chains, mitigation guidance)
Client Presentations & Debriefing

Certification

FIRST CVSS v4.0 Certificate

OPSWAT Introduction to Critical Infrastructure Protection

OPSWAT OT Security Expert

PICUS Web Application Attack Module

PICUS Sales Engineering Teams Exam

Timeline

Penetration Tester / Security Consultant

Nexagate Sdn Bhd

12.2024 - Current

Bachelor of Computer System Security - Cybersecurity

Universiti Kuala Lumpur MIIT

Similar Profiles

GAUTHAMT VELAYUDAMGAUTHAMT VELAYUDAM
OPERATION EXECUTIVE at AGENSI SRI BINTANG SDN BHD, SB LOGISTICS SDN BHD, KAMI GLOBAL VENTURE SDN BHDOPERATION EXECUTIVE at AGENSI SRI BINTANG SDN BHD, SB LOGISTICS SDN BHD, KAMI GLOBAL VENTURE SDN BHD
ELAINE TEHELAINE TEH
FOUNDER / BUSINESS DEVELOPMENT DIRECTOR at TEAM MOXIM SDN BHD (formerly The Moxim House Sdn Bhd)FOUNDER / BUSINESS DEVELOPMENT DIRECTOR at TEAM MOXIM SDN BHD (formerly The Moxim House Sdn Bhd)
Muhammad Hafiz Bin EmranMuhammad Hafiz Bin Emran
Senior Assistant Technical Operation (Helpdesk) at DST Network Sdn Bhd | USMS Sdn BhdSenior Assistant Technical Operation (Helpdesk) at DST Network Sdn Bhd | USMS Sdn Bhd
Pattarawadee SaiyawongsePattarawadee Saiyawongse
Freelancer at Graphic Design ServicesFreelancer at Graphic Design Services
Aiwan Mohamad Khaliq Noor SaharifAiwan Mohamad Khaliq Noor Saharif
IT Executive/MIS at Safeguards Secure Solutions Sdn BhdIT Executive/MIS at Safeguards Secure Solutions Sdn Bhd