Loading...
Muntazir Mehdi
Offensive Security
Muntazir Mehdi — Offensive Security
01/about
I work as an IT analyst in Saudi Arabia. Outside work, most of my time goes into HTB, AD labs, and studying whatever I am currently weak at.
I completed CPTS in April 2026 after finishing Dante and Zephyr on HTB. Those labs changed how I approach learning. Right now I am focused on CRTP and building a stronger AD foundation.
From there I am moving into Windows internals and C/C++, then MalDev Academy, ODPC, and finally OSCP. This site is my personal notebook. I use it to track what I can actually do, not just what I have read.
~/focus
- Active Directory attack paths and privilege escalation
- Windows internals and endpoint behavior
- Offensive tooling with PowerShell, Python, and C/C++
- Malware development and AV/EDR evasion roadmap
~/next
- 01CRTP, Active Directory attack tradecraft, Altered SecurityIn progress
- 02Windows Internals + C/C++, Pluralsight and self-studyNext
- 03MalDev Academy, Malware dev from the ground upPlanned
- 04ODPC, Offensive Development Practitioner, White Knight LabsPlanned
- 05OSCP, OffSec, the one everyone asks aboutPlanned
02/experience
Jun 2025 – Present
IT Analyst
GVS Industrial Company · Dammam, Saudi Arabia
I run IT for a 25-person office. That includes Active Directory, patching, endpoints, AV coverage, and first response for whatever breaks. The team is small enough that I own most of it end to end, which is how I have been learning the defensive side properly.
Active DirectoryEndpoint SecurityPatch ManagementAccess ControlsIncident Response
Jan 2024 – Apr 2024
Security Analyst
Asia Pacific University · Kuala Lumpur, Malaysia
I ran vuln assessments and pentests against the university lab infrastructure. I found exploitable misconfigurations, wrote risk-rated reports with fix steps, and handed them back to IT. It was my first time doing this kind of work for a real environment.
Vulnerability AssessmentPenetration TestingTechnical ReportingRemediation
Sep 2023 – Jan 2024
Cyber Security Internship
Asia Pacific University · Kuala Lumpur, Malaysia
I imaged and hardened lab machines, fixed day-to-day issues for students and staff, and wrote procedures for APU's internal knowledge base. It sounds basic on paper, but it is where I learned how enterprise IT actually holds together.
ImagingSecurity BaselinesTroubleshootingDocumentation
03/certifications
Certified Penetration Testing Specialist (CPTS)
Hack The Box · Apr 2026
Certified Red Team Professional (CRTP)
Altered Security· in progress
Blue Team Level 1 (BTL1)
Security Blue Team · 95%, second attempt
Junior Penetration Tester (eJPT)
INE / eLearnSecurity
04/labs
Where I test myself outside normal study. Longer scenarios, full attack chains, and decisions that feel closer to real environments.
- Completed
Dante
Hack The Box Pro LabsMy first pro lab. Big and messy. It taught me to keep clean notes because three pivots later you can lose track fast.
- Completed
Zephyr
Hack The Box Pro LabsPure AD. This is where Kerberoasting, ACL abuse, and cross-forest trusts stopped being theory and started making practical sense.
05/writing
How I Scored 95% in the Blue Team Level 1 (BTL1) Exam on My Second Attempt
2025·5 min read
My journey from failing the BTL1 exam to scoring 95% on my second attempt. Learn about my preparation strategy, key mistakes, and tips for success.