Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ahmad Haikal Azhan Mohd Sharif

Kajang, Selangor

Summary

I am a cybersecurity professional with strong experience leading red teaming and intelligence-led engagements across enterprise environments. As a Project Lead, I have planned and delivered advanced attack simulations that include Active Directory exploitation, mobile intelligence-led testing, and full-scope offensive operations. My technical expertise spans mobile application security on both Android and iOS, web and API penetration testing, host assessments, and comprehensive internal and external vulnerability assessments.

Well-versed in tools such as Impacket, BloodHound, Certipy, Frida, Objection, Burp Suite, and VMware ESXi labs, I combine deep technical execution with leadership and client-facing communication. I am experienced in translating complex technical findings into clear, actionable reporting for executives and technical teams alike, ensuring remediation efforts are prioritized and effective. Passionate about offensive security, I continuously build and refine lab environments to replicate adversary tradecraft and strengthen organizational resilience against real-world threats.

Overview

1
1
year of professional experience
1
1
Certification

Work History

Penetration Tester / Security Consultant

Nexagate Sdn Bhd
12.2024 - Current

As a Project Lead for red teaming assessments, I manage and deliver end-to-end offensive security engagements, including Active Directory exploitation, intelligence-led red team operations, and mobile intelligence-led scenarios. My role involves planning, executing, and reporting complex attack simulations that mirror real-world adversaries, ensuring that clients receive both technical depth and actionable insights.


I am highly skilled in mobile application security testing for both Android and iOS, with experience in reverse engineering, static and dynamic analysis, and bypassing security controls such as root/jailbreak detection and SSL pinning. Beyond mobile, I am also well-versed in traditional penetration testing, including web application testing, API security assessments, and vulnerability assessments covering both internal and external infrastructure.


My expertise extends to host assessments and Active Directory exploitation, where I routinely identify privilege escalation paths, lateral movement opportunities, and configuration weaknesses. Combining technical execution with leadership, I ensure that every engagement results in clear findings, remediation guidance, and executive-level reporting that supports long-term security improvements for clients.

Education

Bachelor of Computer System Security - Cybersecurity

Universiti Kuala Lumpur MIIT
Kuala Lumpur, Malaysia
07-2023

Skills

  • Red Team Engagements & Intelligence-Led Assessments (Active Directory, Mobile, Full-scope)
  • Active Directory Exploitation (NTLM Relay, Kerberos Abuse, AD CS/ESC1-8, PetitPotam, BloodHound pathing)
  • Vulnerability Assessments (Internal & External)
  • Reverse Engineering (apktool, JADX, Radare2, Ghidra)
  • Runtime Instrumentation (Frida, Objection, custom hook scripts)
  • Static/Dynamic Analysis, SSL Pinning & Root/JB Detection Bypass
  • Manual Gadget Injection & APK/IPA patching
  • Web Application Pentesting (OWASP Top 10, IDOR, XXE, SQLi, RCE)
  • API Security Testing (Auth flaws, JWT attacks, rate limiting, broken object level auth)
  • Tools: Burp Suite Pro, ffuf, dirsearch, Postman, Impacket Suite (ntlmrelayx, wmiexec, psexec, smbclient, secretsdump), Certipy, Rubeus, Mimikatz, BloodHound & Neo4j for AD attack path analysis, Masscan, Rustscan, Nmap for network mapping, Patator & Hydra for credential attacks
  • VMware ESXi / DetectionLab setup for AD exploitation R&D
  • Scripting & Automation with Python, PowerShell, and Bash
  • Technical Documentation (PoCs, exploit chains, mitigation guidance)
  • Client Presentations & Debriefing

Certification

FIRST CVSS v4.0 Certificate

OPSWAT Introduction to Critical Infrastructure Protection

OPSWAT OT Security Expert

PICUS Web Application Attack Module

PICUS Sales Engineering Teams Exam



Timeline

Penetration Tester / Security Consultant

Nexagate Sdn Bhd
12.2024 - Current

Bachelor of Computer System Security - Cybersecurity

Universiti Kuala Lumpur MIIT
Ahmad Haikal Azhan Mohd Sharif