Khalil Ammar
01I’m an engineering student at INSAT specializing in Networks and Telecommunications, with a strong interest in cybersecurity. I enjoy exploring how systems work at a low level, especially through reverse engineering, binary analysis, and Android application reversing.
02Outside of my studies, I regularly take part in CTF competitions, work on personal projects, and occasionally create challenges of my own. These experiences have helped me develop practical skills in areas like Android security, exploitation, and debugging.
03I’m currently working on improving my skills in system and web penetration testing through hands-on labs on dedicated learning platforms. My goal is to build a solid understanding of systems and security, and to create tools and solutions that are both useful and reliable.
04In parallel, I’ve been diving deeper into the effective use of AI—focusing on prompt engineering, workflow optimization, and the integration of tools such as MCP servers—to better understand how to systematically leverage AI as a practical, reliable component within technical and security-focused workflows. I am currently exploring the intersection of AI agents and offensive security automation.
"AI is not a substitute for human intelligence — it's a tool to amplify it."
— Dr. Fei-Fei Li, Stanford
Built a deception platform as a layered pipeline: Cowrie/FastAPI collect attacker input, a policy-gated LLM generates realistic responses, and Wazuh ingests normalized telemetry. The key value was not only trapping attackers longer, but learning how to turn noisy interaction logs into structured intelligence we could act on.
Organized by Securinets INSAT. Restricted AI use. Gained hands-on experience and overcame complex challenges. Prizes: 2x .xyz domains, INE premium voucher, Root me parcours metier, Root me gift cards.
Winner in mobile penetration testing track.
Strong offensive security performance at continental level.
Ranked among the leading international teams.
Completed pentesting and SOC learning paths with practical labs.
Strong performance against international teams in the qualifiers.
Developed HANINY, an AI-powered driver monitoring system. Placed 4th out of 54 teams and pitched to over 500 people.
Competed primarily in Reverse Engineering, while also tackling Web, Pwn, and Cryptography challenges.
Hosted a Capture The Flag event, authoring and designing the Web Exploitation challenges.
I design and solve CTF challenges across reverse engineering, mobile security, and exploitation. Browse selected technical notes and systemic challenge breakdowns.
Brute-forcing an obfuscated Go binary by targeting instruction alignment vulnerabilities.
Read Full Report→Repairing a corrupted ELF header and bypassing multiple layers of ptrace anti-debugging.
Read Full Report→Bypassing massive function-pointer obfuscation and usleep slowdowns via GDB scripting.
Read Full Report→Reversing embedded PDF JavaScript and brute-forcing Steganographic image layers.
Read Full Report→Race-condition extraction of temporary runtime scripts and self-integrity MD5 patching.
Read Full Report→A multi-stage challenge involving self-modifying code, network handshakes, and cryptographic brute-forcing.
Read Full Report→
A deep dive into building a real-time ML pipeline for road safety with sub-300ms latency.
Read Full Report→Verified training and formal credentials that back the practical offensive-security work shown in this portfolio.
Red Team Leaders
Advanced certification focusing on managing and executing complex Red Team operations, including planning multi-phase adversary simulations, leading red team engagements, and aligning offensive scenarios with real-world threat intelligence.
View Certificate →Hack & Fix
Comprehensive certification covering the full spectrum of phishing attack methodologies, social engineering tactics, and organizational defenses. Covers email threat analysis, lure identification, user awareness program design, and technical countermeasures to protect against modern phishing campaigns.
View Certificate →
Learning Path
TryHackMe · Completed · 100%
Practical path covering core offensive security skills for junior penetration testing across web applications and enterprise infrastructure.
Open to security internships, CTF collaboration, and network engineering opportunities.
Visit the arcade for a quick game.