Home Writeups Arsenal Achievements Whoami

~/whoami

Mohammad AlMusa

Security researcher. Builder. Relentlessly curious. I operate at the intersection of offensive security research and software engineering — breaking systems to understand how they work, then documenting it for others.

Offensive Security Bug Bounty Exploit Dev Web Dev

3.96

GPA / 4.0

20

Years Old

2+

Years Hunting

$

Bounties Earned

profile
$ cat profile.yml

name: Mohammad
age: 20
uni: UJ — Aqaba
year: 2nd (Cybersec)
gpa: 3.96/4
os: Parrot OS

$

Offensive Security & Research

Exploit development, reverse engineering, bounties

My core focus areas are offensive security, reverse engineering, exploit development, and Bug Bounty hunting. I treat every target as a puzzle — methodical enumeration, patient analysis, precise exploitation.

Critical SQL Injection — Banking System

Discovered, reported & rewarded financially · Dec 2024

Multiple Vulnerability Reports

Reported to multiple international parties · Jan 2024 – Jan 2026

WebSocket Hijacking PoC

Currently developing proof of concept for reported vulnerability

University CTF Team — Founder & Former Lead

University of Jordan

Current Research

IEEE-targeted paper in progress

IEEE C2-over-DNS Steganography

Writing a research paper targeting an IEEE conference. The project involves developing a C2-over-DNS tool that leverages a novel steganography algorithm to evade detection by Next-Generation Firewalls (NGFWs) and AI-based network detectors — demonstrating how covert channels bypass the most advanced defensive layers.

Development & Freelance

Athar, side projects, and continuous learning

Security expertise means little without the ability to build. I run Athar — a freelance business offering web development services — and I'm continuously expanding my engineering toolkit.

Kava — Café Website

First paid freelance delivery · Jan 2026

Learning React.js

Expanding frontend capabilities

Subly

Subscription management system

Loqta

Startup project — in development

Where I'm Headed

My long-term ambition is to become a recognized scientific researcher in cybersecurity and deliver a groundbreaking contribution to the field — a quantum leap that redefines what's possible. Every vulnerability I find, every tool I build, and every paper I write is a step toward that goal. I don't do this for credentials. I do it because the work itself demands to be done.