Mohamed Mostafa Ali

Cybersecurity Student | SOC Analyst | AI Security Researcher

Mohamed Mostafa
B.Sc. Computer Science (Cybersecurity)
Arab Academy for Science, Technology & Maritime Transport
GPA: 3.61/4.0 (Excellent)
Top 1% TryHackMe (300+ rooms and 40+ badges)

Professional Summary

Cybersecurity student with hands-on experience in threat detection, malware analysis, and AI-driven security solutions. Currently developing DroneSentinel – an AI-powered security gap monitoring system as my graduation project.

Security Domains

SOC Operations, Threat Intelligence, Penetration Testing, Digital Forensics

Technical Skills

Python, Bash, Docker, ELK Stack, ML/AI, Terraform, Splunk

Experience

WE Innovate Bootcamp (SOC Analyst), NBE (IT Trainee), CIB (Intern)

Seeking opportunities to apply my skills in threat detection engineering and contribute to innovative cybersecurity solutions.

Download Resume

Projects (Chronological Order - Oldest First)

University Financial System Threat Modeling and Security Testing Using MTM 2016

Screenshot - Project One
  • Conducted comprehensive threat modeling for a university's financial system
  • Focused on securing Kerberos-based authentication
  • Designed Data Flow Diagram (DFD) and identified 113 threats with 85% mitigation
  • Developed attack tree validated against MITRE ATT&CK framework

System Performance Monitor Project with Bash and Docker

Screenshot - Project Two
  • Developed containerized system monitoring script using Docker
  • Provides dynamic and efficient performance insights
  • Monitors system metrics and displays real-time statistics
  • Utilizes shell scripting and container orchestration techniques
  • Overcame challenges related to runtime configurations
  • Ensured compatibility with modern GPU-based environments

Self-Initiated Sliver C2 & Botnet Small Lab: Cloud-Based Red Teaming

Screenshot - Project Two
  • Built cloud-based red teaming practice lab using Azure and Terraform
  • Experimented with infrastructure as code (IaC) and automated deployments
  • Lab consists of C2 machine and botnet of two compromised VMs
  • Utilized Sliver framework for command and control
  • Analyzed traffic using Wireshark for C2 communications insight
  • Gained hands-on experience in post-exploitation and lateral movement

Self-Initiated Cloud-Based SSH Honeypot with AbuseIPDB Integration

Screenshot - Project Two
  • Developed low-interaction SSH honeypot deployed on Azure using Terraform
  • Designed to log unauthorized access attempts and analyze attack patterns
  • Integrated AbuseIPDB with SSH honeypot tool Pshitt
  • Provides real-time IP reputation checks and automated reporting
  • Detailed logging of attack sources, credentials, and metadata

TuxTrace – Forensic Artifact Generation Tool

Screenshot - Project Two
  • Built Python-based tool to simulate activity for multiple users
  • Each user has unique profiles generating realistic forensic artifacts
  • Generates .bashrc, .bash_history, auth.log, /tmp files, and Cron jobs
  • Dockerized for easy deployment in training and forensics labs

⭐ ExeRay – AI Powered Malware Detection (Top starred and forked among others)

Screenshot - Project Two
  • Developed machine learning system to detect malicious .exe files
  • Analyzes static features (entropy, imports, metadata)
  • Combines Random Forest/XGBoost AI models with heuristic rules
  • Provides fast, accurate classification
  • Reduces reliance on signature-based detection
  • Presented the ExeRay scientific research paper at the 9th International Undergraduate Research Conference (IUGRC 2025), held at the Military Technical College (MTC), Cairo, Egypt.
  • The full academic paper (PDF) is included in this repository (Click on Github icon) under the assets/ folder: ExeRay Paper.pdf

Metasploitable 2 Security Assessment – 46 Findings Report

Metasploitable 2 Assessment
  • Comprehensive penetration testing report against Metasploitable 2 VM
  • Identified 46 security findings across network services and web applications
  • Covered Network Services (17), Web Applications (22), Privilege Escalation (4), Enumeration (3)
  • Tools used: Metasploit, Nmap, Nikto, SQLMap, manual exploitation
  • Team-based project simulating real-world healthcare IT infrastructure testing

Decentralized IoT Authentication on Ethereum

IoT Authentication Smart Contract
  • Solidity smart contract for secure IoT device authentication on Ethereum blockchain
  • Features device registration/deregistration (owner-only)
  • Secure data recording using hashed payloads with replay attack protection
  • Event-based logging for full transparency and audit trails
  • Paris EVM compatible (post-Merge Ethereum)
  • Provides decentralized authentication and data integrity for IoT devices

MISP Threat Intelligence Journey

MISP Threat Intelligence
  • Comprehensive exploration of MISP (Malware Information Sharing Platform)
  • Threat intelligence platform setup and configuration
  • Analysis of IOC (Indicators of Compromise) sharing and collaboration
  • Integration with other security tools and platforms
  • Real-world threat intelligence workflows and best practices

Conpot ICS Honeypot Analysis

Conpot ICS Honeypot
  • Industrial Control Systems (ICS) honeypot deployment using Conpot
  • Simulates realistic industrial protocols (Modbus, S7Comm, BACnet, SNMP)
  • Captures attacker reconnaissance behavior and ICS-targeted threats
  • Analysis using Nmap, Wireshark, and traffic capture tools
  • Documented attacker interaction patterns and tool behaviors
  • Critical for infrastructure security in energy, water, and manufacturing

IoTCPS-AI-IDS: AI-Based Intrusion Detection System

IoT AI IDS System
  • Deep learning-based Intrusion Detection System for IoT Cyber-Physical Systems
  • Achieves 99.6% accuracy detecting IoT network attacks
  • Detects Mirai botnet, DoS, MITM, and scanning attacks
  • Real-time detection with TensorFlow backend
  • Includes model serialization, preprocessing pipeline, and evaluation tools
  • Trained on IoTID20 dataset (3.2 million network flows, 85+ features)

DroneSentinel: AI-Based Security Gap Monitoring System

DroneSentinel Project
  • Graduation Project - Specialized AI-based drone detection system
  • Focused security gap monitoring (not general detection)
  • Three security gaps: Radar overhead blind spot, Perimeter chokepoints, Visual verification
  • Uses YOLOv8 + BoT-SORT for advanced tracking and analytics
  • AES-256 encryption, secure authentication, audit trails
  • Real-time alerts, multi-channel notifications, performance analytics
  • Cost-effective alternative to human guards (90% savings)

Certificates

Certificate 1 Certificate 2 Certificate 3 Certificate 4 Certificate 5 Certificate 6 Certificate 7 Certificate 8 Certificate 9 Certificate 10 Certificate 11 Certificate 12 Certificate 13 Certificate 14 Certificate 15 Certificate 16 Certificate 17

Contact Me

mohamedmostafa10110@gmail.com
+20 109 793 6088