IMAD
OUGUAHI
Red Teamer. Web Exploitation Expert. AI Automation Engineer.
I find vulnerabilities before they become incidents.
The mind behind the hunt.
My journey in cybersecurity began long before my formal studies — driven by CTF challenges since 2019, I honed an offensive mindset well before entering the industry. After four years in a role that offered limited growth, I made the decisive choice to return to my true calling: Offensive Security and Penetration Testing.
Now a CompTIA Security+ certified professional and developer of the CloudReaper framework, I combine years of self-taught passion with rigorous technical training. I specialize in auditing complex infrastructures, identifying critical vulnerabilities, and continuously pushing technical limits.
| Location | Casablanca, Morocco |
| Experience | 4+ years in cybersecurity |
| Current | M2 — SUPEMIR 2024–2025 |
| Bootcamp | DataProtect / SkillsLab — Red Teaming (Aug–Dec 2025) |
| Platforms | HackTheBox · TryHackMe · CTFtime |
| CTF | 1st Place (recent) · 3rd National (2019) |
| Languages | Arabic (Native) · English B2 (IELTS) · French B2 (TCF TP) |
| ouguahii@gmail.com |
Tools of the trade.
Offensive Security
Web Security
Network & Email
Reverse Engineering
Defense & Standards
Exploitation Frameworks
AI & Automation Arsenal
AI & LLMs
Automation
Cloud & Infra
Security Automation
Earned, not given.
CompTIA Security+ (SY0-701)
CompTIA
HTB Certified Web Exploitation Specialist
HackTheBox — CWES
Certified Red Team Analyst (CRTA)
CWL
ISO/IEC 27001:2022 Information Security Associate
SkillFront
4 years in the field.
GM SARL — Cybersecurity Consultant & Email Security Specialist
- Architected and deployed email authentication frameworks across 20+ enterprise domains, reducing successful phishing attacks by 90%
- Conducted Black/Gray Box penetration tests identifying critical vulnerabilities in web applications and network infrastructure
- Led advanced OSINT investigations for threat profiling and developed targeted countermeasures
- Spearheaded the company's new branch operations in Istanbul, Turkey
- Delivered cybersecurity awareness training to 100+ employees
EcoSmart Business — Web Security Developer (Internship)
- Developed secure web applications adhering to "Security by Design" and OWASP Top 10 principles
- Conducted comprehensive code reviews, remediating SQL Injection, XSS, and CSRF vulnerabilities
- Implemented SSL/TLS encryption across production servers and integrated security testing into CI/CD pipelines
ISTA NTIC / COSUMAR / FerLio — System Admin & Industrial/Dev Internships
Work in the field.
OPEN SOURCE
CloudReaper
A professional-grade offensive tool that exposes origin IP addresses hidden behind Cloudflare using advanced OSINT techniques. Features a Multi-Source OSINT Engine aggregating DNS history, SSL Certificate Transparency logs, and SPF records — combined with an Intelligent Verification Engine using multi-factor scoring. Built with a high-performance multi-threaded Python architecture.
ACTIVE
Red Team Operations
Simulating real-world attacks to test and strengthen security postures. Advanced pentesting and full-scope assessments.
ACTIVE
Bug Bounty Hunting
XSS, SQLi, IDOR, API logic flaws. Proactive responsible disclosure on major platforms.
COMPLETE
Email Security Hardening
SPF/DKIM/DMARC on 20+ domains. Measurable 90% phishing reduction.
IN PROGRESS
M2 Pentest Project
Black-box pentest of a private platform. Full security report and remediation roadmap.
COMPLETE
CTF Competitions
1st place recently, 3rd national in 2019. Active on HackTheBox and TryHackMe.
From the field.
Let's work together.
Available for penetration testing, security audits, red team engagements, and AI automation projects. Freelance & contract.