Ahmad Haikal Azhan Mohd Sharif
Kajang, Selangor
Summary
I am a cybersecurity professional with strong experience leading red teaming and intelligence-led engagements across enterprise environments. As a Project Lead, I have planned and delivered advanced attack simulations that include Active Directory exploitation, mobile intelligence-led testing, and full-scope offensive operations. My technical expertise spans mobile application security on both Android and iOS, web and API penetration testing, host assessments, and comprehensive internal and external vulnerability assessments.
Well-versed in tools such as Impacket, BloodHound, Certipy, Frida, Objection, Burp Suite, and VMware ESXi labs, I combine deep technical execution with leadership and client-facing communication. I am experienced in translating complex technical findings into clear, actionable reporting for executives and technical teams alike, ensuring remediation efforts are prioritized and effective. Passionate about offensive security, I continuously build and refine lab environments to replicate adversary tradecraft and strengthen organizational resilience against real-world threats.
Overview
1
1
year of professional experience
1
1
Certification
Work History
Penetration Tester / Security Consultant
Nexagate Sdn Bhd
12.2024 - Current
As a Project Lead for red teaming assessments, I manage and deliver end-to-end offensive security engagements, including Active Directory exploitation, intelligence-led red team operations, and mobile intelligence-led scenarios. My role involves planning, executing, and reporting complex attack simulations that mirror real-world adversaries, ensuring that clients receive both technical depth and actionable insights.
I am highly skilled in mobile application security testing for both Android and iOS, with experience in reverse engineering, static and dynamic analysis, and bypassing security controls such as root/jailbreak detection and SSL pinning. Beyond mobile, I am also well-versed in traditional penetration testing, including web application testing, API security assessments, and vulnerability assessments covering both internal and external infrastructure.
My expertise extends to host assessments and Active Directory exploitation, where I routinely identify privilege escalation paths, lateral movement opportunities, and configuration weaknesses. Combining technical execution with leadership, I ensure that every engagement results in clear findings, remediation guidance, and executive-level reporting that supports long-term security improvements for clients.
Education
Bachelor of Computer System Security - Cybersecurity
Universiti Kuala Lumpur MIIT
Kuala Lumpur, Malaysia07-2023
Skills
- Red Team Engagements & Intelligence-Led Assessments (Active Directory, Mobile, Full-scope)
- Active Directory Exploitation (NTLM Relay, Kerberos Abuse, AD CS/ESC1-8, PetitPotam, BloodHound pathing)
- Vulnerability Assessments (Internal & External)
- Reverse Engineering (apktool, JADX, Radare2, Ghidra)
- Runtime Instrumentation (Frida, Objection, custom hook scripts)
- Static/Dynamic Analysis, SSL Pinning & Root/JB Detection Bypass
- Manual Gadget Injection & APK/IPA patching
- Web Application Pentesting (OWASP Top 10, IDOR, XXE, SQLi, RCE)
- API Security Testing (Auth flaws, JWT attacks, rate limiting, broken object level auth)
- Tools: Burp Suite Pro, ffuf, dirsearch, Postman, Impacket Suite (ntlmrelayx, wmiexec, psexec, smbclient, secretsdump), Certipy, Rubeus, Mimikatz, BloodHound & Neo4j for AD attack path analysis, Masscan, Rustscan, Nmap for network mapping, Patator & Hydra for credential attacks
- VMware ESXi / DetectionLab setup for AD exploitation R&D
- Scripting & Automation with Python, PowerShell, and Bash
- Technical Documentation (PoCs, exploit chains, mitigation guidance)
- Client Presentations & Debriefing
Certification
FIRST CVSS v4.0 Certificate
OPSWAT Introduction to Critical Infrastructure Protection
OPSWAT OT Security Expert
PICUS Web Application Attack Module
PICUS Sales Engineering Teams Exam
Timeline
Penetration Tester / Security Consultant
Nexagate Sdn Bhd
12.2024 - Current
Bachelor of Computer System Security - Cybersecurity
Universiti Kuala Lumpur MIIT
Similar Profiles
GAUTHAMT VELAYUDAMGAUTHAMT VELAYUDAM
OPERATION EXECUTIVE at AGENSI SRI BINTANG SDN BHD, SB LOGISTICS SDN BHD, KAMI GLOBAL VENTURE SDN BHDOPERATION EXECUTIVE at AGENSI SRI BINTANG SDN BHD, SB LOGISTICS SDN BHD, KAMI GLOBAL VENTURE SDN BHD
ELAINE TEHELAINE TEH
FOUNDER / BUSINESS DEVELOPMENT DIRECTOR at TEAM MOXIM SDN BHD (formerly The Moxim House Sdn Bhd)FOUNDER / BUSINESS DEVELOPMENT DIRECTOR at TEAM MOXIM SDN BHD (formerly The Moxim House Sdn Bhd)
Muhammad Hafiz Bin EmranMuhammad Hafiz Bin Emran
Senior Assistant Technical Operation (Helpdesk) at DST Network Sdn Bhd | USMS Sdn BhdSenior Assistant Technical Operation (Helpdesk) at DST Network Sdn Bhd | USMS Sdn Bhd
Bavani RajooBavani Rajoo
Admin & Accounts Executive at Kanna Network Enterprise / SDC WorkshopAdmin & Accounts Executive at Kanna Network Enterprise / SDC Workshop
Lee Chui YingLee Chui Ying
Assoc, Product Owner at Standard Chartered Global Business ServicesAssoc, Product Owner at Standard Chartered Global Business Services