Loading...
Muntazir Mehdi
Offensive Security
Muntazir Mehdi — Offensive Security
01/about
IT by day, offensive security by night. Based in Saudi Arabia, working as an IT analyst. Most of what I actually care about in security happens after work, on HTB, in AD labs, or whatever I'm reading that week.
Got my CPTS in April 2026 after clearing Dante and Zephyr on HTB. Those were the labs that made things click for me. Currently grinding through CRTP. After that it's Windows internals and C/C++, then MalDev Academy, ODPC, and eventually OSCP. It's a long list, I know.
This site is mostly for me. Writing stuff down keeps me honest about what I actually understand versus what I just skimmed. If you're on the same path, maybe some of it is useful.
~/focus
- Active Directory & enterprise attack chains
- Windows internals & low-level exploitation
- Malware development & AV/EDR evasion
- C/C++, PowerShell, Python
~/next
- 01CRTP, Active Directory attack tradecraft, Altered SecurityIn progress
- 02Windows Internals + C/C++, Pluralsight and self-study, the unsexy groundworkNext
- 03MalDev Academy, Malware dev from the ground upPlanned
- 04ODPC, Offensive Development Practitioner, White Knight LabsPlanned
- 05OSCP, OffSec, the one everyone asks aboutPlanned
02/experience
Jun 2025 – Present
IT Analyst
GVS Industrial Company · Dammam, Saudi Arabia
Run IT for a 25-person office. Active Directory, patching, endpoints, AV coverage, and first response for whatever breaks on any given day. Small enough team that I own most of it end to end, which is honestly how I've been learning the defensive side.
Active DirectoryEndpoint SecurityPatch ManagementAccess ControlsIncident Response
Jan 2024 – Apr 2024
Security Analyst
Asia Pacific University · Kuala Lumpur, Malaysia
Ran vuln assessments and pentests against the university's lab infrastructure. Found the exploitable stuff, wrote it up with risk ratings and fix steps, and handed it back to IT. First time I did this kind of work for something real.
Vulnerability AssessmentPenetration TestingTechnical ReportingRemediation
Sep 2023 – Jan 2024
Cyber Security Internship
Asia Pacific University · Kuala Lumpur, Malaysia
Imaged and hardened the lab machines, fixed whatever broke for students and staff, wrote procedures that went into APU's internal knowledge base. Sounds boring on paper but it's where I learned how enterprise IT actually holds together.
ImagingSecurity BaselinesTroubleshootingDocumentation
03/certifications
Certified Penetration Testing Specialist (CPTS)
Hack The Box · Apr 2026
Certified Red Team Professional (CRTP)
Altered Security· in progress
Blue Team Level 1 (BTL1)
Security Blue Team
Junior Penetration Tester (eJPT)
INE / eLearnSecurity
04/labs
Where I actually spend time outside of coursework. Full attack chains, not isolated boxes.
- Completed
Dante
Hack The Box Pro LabsMy first pro lab. Big, messy, and the one that taught me to take proper notes because without them you end up three pivots deep with no clue where you are.
- Completed
Zephyr
Hack The Box Pro LabsPure AD. This is where Kerberoasting, ACL abuse, and cross-forest trusts stopped being textbook terms and started actually making sense.
05/writing
How I Scored 95% in the Blue Team Level 1 (BTL1) Exam on My Second Attempt
2025·5 min read
My journey from failing the BTL1 exam to scoring 95% on my second attempt. Learn about my preparation strategy, key mistakes, and tips for success.