Welcome to Mustapha Hilaloglu's Portfolio

Cybersecurity Master's student at ESGI seeking an apprenticeship opportunity in cybersecurity. Expertise in secure development, penetration testing, digital forensics, and both offensive and defensive security techniques.

Learn More

Whoami

French Ethical Hacker, cybersecurity student, System & Network Administrator based in Paris, France. My expertise spans from user support to offensive security with a strong background in both Linux and Windows environments.

Currently pursuing a Master's degree in Cybersecurity, I balance academic knowledge with hands-on experience in SOC analysis, incident response, digital forensics, and penetration testing.

My core competencies include:

System and Network Administration (Linux & Windows)
SOC and Incident Analysis
Digital Forensics and Memory Analysis
Offensive Security and Penetration Testing
Active Directory Security Assessment
Security Intelligence Monitoring
PKI Infrastructure and Certificate Management
Programming (Python, C, Rust, Assembly)
Natural Language Processing (NLP)

I regularly participate in CTF competitions to sharpen my skills and share my knowledge through write-ups and blog posts. My approach to cybersecurity combines technical expertise with continuous learning and proactive threat intelligence.

Contact Me

Digital Forensics & Analysis

Memory Analysis & Incident Response

Specialized in digital forensics with practical experience in memory dump analysis, disk imaging, and incident response procedures. Proficient in the complete forensic methodology from preservation to reporting.

Memory Analysis

Volatility Framework 2.6 (Linux & Windows)
Memory dump creation with winpmem.exe
Process analysis and hash extraction
Registry analysis and credential recovery
Timeline reconstruction

Disk Forensics

Disk imaging with dd.exe
File carving with PhotoRec
Partition recovery with TestDisk
MFT analysis and deleted file recovery
Hex analysis with HexEdit

Incident Response

13-step ransomware response procedure
Evidence preservation and chain of custody
Network isolation and containment
Hash verification (MD5/SHA256)
LSASS memory extraction

Secure Data Destruction

Advanced forensic wiping with shred utility
Low-level disk sanitization protocols
Multi-pass overwriting techniques
Hardware disposal security compliance
Anti-forensic data recovery prevention

Operating Systems Expertise

Exegol (Advanced Cybersec) Tsurugi OS (Forensics) Kali Linux Parrot OS Windows/AD

Forensic Pricing Knowledge

Understanding of digital forensics market: is très cher ...

Security Exploits & Vulnerabilities

Recent successful exploitation of critical vulnerabilities across various platforms, demonstrating practical penetration testing skills and vulnerability research capabilities.

CVE-2025-24071

ZIP Exploitation

NTLM hash leak via malicious ZIP file exploitation. Successfully captured and cracked NTLMv2 hashes using Responder and John the Ripper.

ZIP NTLM Responder

CVE-2025-49113

RoundCube RCE

Remote Code Execution in RoundCube webmail. Gained initial access and extracted encrypted MySQL sessions with 3DES decryption.

RCE 3DES MySQL

CVE-2025-27591

Privilege Escalation

Below utility privilege escalation via symbolic link attack on log files. Achieved root access through /etc/passwd manipulation.

PrivEsc Symlink Root

Shadow Credentials

AD Attack

Advanced Active Directory attack technique using certificate-based authentication to compromise service accounts and escalate privileges.

AD Certificates ESC16

Fork Bomb

DoS Attack

Developed fork bomb implementations in both Bash and C language for system resource exhaustion and denial of service testing.

Bash C DoS

OS Hardening

Defense

Windows and Linux system hardening based on CIS benchmarks and ANSSI GNU/Linux security recommendations. NGINX/Apache2 server security configuration.

CIS ANSSI NGINX

Infrastructure Deployment

Experience in deploying and securing various infrastructure components:

Network Security

pfSense Firewall Configuration
AdGuard Home DNS Filtering
Suricata IDS/IPS Deployment
Wazuh SIEM Integration

Application Security

Passbolt Password Manager
FireflyIII Financial Platform
PKI Certificate Authority
GLPI Asset Management

CTF Achievements & Platforms

Active participant in Capture The Flag competitions and cybersecurity training platforms. Currently focusing on HackTheBox Season 8 with multiple successful machine completions.

HTB Season 8 Machines

Active Platforms

404CTF Participations

Recent HTB Season 8 Successes

Fluffy

PWNED

CVE-2025-24071 (ZIP hash leak)
Shadow Credentials attack
ESC16 ADCS exploitation

Outbound

PWNED

CVE-2025-49113 (RoundCube RCE)
3DES session decryption
CVE-2025-27591 (Below privesc)

Mirage

PWNED

DNS Hijacking + NATS exploitation
Kerberoasting attack
RBCD + DCSync technique

Artificial

PWNED

TensorFlow RCE exploitation
Hash extraction & cracking
Backrest privilege escalation

Platform Activity

HackTheBox

Active on Season 8 machines

Focus: Windows AD, Web exploits

TryHackMe

Regular participation

Focus: Learning paths, Blue Team

RootMe

Challenge solving

Focus: Cryptography, Programming

Pwn.college

Binary exploitation expertise

Focus: Memory corruption, Shellcode, Heap exploitation

404CTF

Annual competition

Participated: 2023, 2024

pwn.college Achievements

Memory Errors

Buffer overflow exploitation with precise offset calculations and stack canary bypass techniques.

14+ levels completed ADVANCED

Shellcode Injection

Custom x86-64 shellcode development with syscall mastery and constraint circumvention.

8+ levels completed EXPERT

Dynamic Allocation

Heap exploitation techniques including use-after-free vulnerabilities and malloc/free manipulation.

2+ levels completed ADVANCED

Sandboxing

Advanced chroot escape techniques and sandbox containment bypass through filesystem manipulation.

11+ levels completed EXPERT

Program Security

Advanced binary analysis, reverse engineering, and exploit development with constraint solving.

Multiple levels completed ADVANCED

Tool Mastery

Expert use of pwntools, GDB debugging, and Python automation for exploit development.

Cross-category skills EXPERT

Pwn.college Profile View WriteUps

Projects

In Development

RUST

Advanced Ransomware Development

Sophisticated ransomware with EDR and AntiVirus bypass capabilities developed for research and educational purposes.

RUST Malware Research

Assembly

AES Encryption in Assembly

Development of an Assembly program for encryption/decryption with IV and secret key generation for AES CBC mode (128, 192, and 256 bits).

Assembly Cryptography Low-level

Completed

PKI

Automated PKI Infrastructure with CIS NGINX

Complete 3-tier PKI infrastructure with automated deployment script. Includes Root CA, Intermediate CA, and end certificates with CIS-compliant NGINX HTTPS configuration.

PKI OpenSSL NGINX CIS Bash

RUST

Advanced AES Cryptographic System with Worm Capabilities

Encryption/decryption program that incorporates a computer worm, supporting AES CBC mode with 128, 192, and 256-bit keys, including key and IV generation.

RUST Cryptography AES-CBC

Hardware

Rubber Ducky Payload Development

Advanced DuckyScript coding and sophisticated payloads for security research and penetration testing scenarios.

DuckyScript Hardware Penetration Testing

Debian

GLPI Server Migration & Deployment

Deployment of Debian 12 server with GLPI web application, including data migration from old server and GLPI updates.

Debian GLPI System Administration Server Administration Network Administration

Disk LVM encrypt

Debian Encrypted Partition LVM

Deployment of Debian (Arch Linux etc...) with LVM and encrypted partition for enhanced security.

Debian Encrypt_LVM System Administration

Suricata

Suricata IDS/IPS

IDS/IPS deployment with Suricata on Debian server to monitor network traffic. Built with specific security rules and custom signatures.

Suricata BlueTeam SOC IDS/IPS Network Administration System Administration

Wazuh

Wazuh SIEM Cluster

Deployment of Wazuh Server cluster with agents (Dashboard, Manager, Master). Complete SIEM solution for security monitoring.

WAZUH SIEM BlueTeam SOC

Assembly

Shellcode Development

Design and implementation of various shellcode techniques for systems research and security analysis.

Assembly Shellcode From-Low-to-High-level

Polymorphic Code Analysis

Development of polymorphic code techniques and analysis methodologies for security research.

C Low-level Security Research

Python

Hash Scraper

Tool focusing on finding hash (ciphertext) and their plaintext format for digital investigation purposes.

Python Cryptography Digital Investigation

To see my public projects and contributions, check out my profiles:

GitHub Profile pwn.college Profile

Curriculum Vitae

Education

ESGI - Master's Degree in Information Security

Expert in System-Network Architectures and Computer Security - 2024-2026

ESGI - Bachelor in Information Security

Software and Network Project Manager - 2023-2024

INALCO - Dual Degree

Computer Science specializing in NLP and Turkish Language - 2020-2023

Professional Experience

SELCEON CYBERDEFENSE

September 2025 - Now

SOC Analyst

Still-Link

January 2025 - April 2025

Cybersecurity Engineer
Rust Developer
Python Developer
Assembly Developer
Network Technician
Telecom Technician

System and Network Administrator - Paris

2023 - December 2024

User and Network Support Technician
Windows System and Network Administrator
Linux System and Network Administrator
SOC Analyst
Incident Analyst
Offensive Security Specialist
Security Intelligence Monitoring

1DWEB - Cybersecurity and Web Developer Intern

Paris, since 2023

Leisure Center Activity Leader

Paris, since 2020

Phone and Computer Repair, Sales

Since 2019

BELLE CREATION - Team Manager

2017-2018

Certifications & Technical Skills

Certifications

CCNA Certificate
Network Defense
Cisco Endpoint Security

CTF Platforms

TryHackMe
HackTheBox CTF
RootMe
Pwn.college
Participation in 404CTF 2023/4

Technical Skills

System-Network Administration (Linux & Windows)
Programming: Python3, C, Rust, x86 Assembly
Digital Forensics & Memory Analysis
Risk and vulnerability analysis
Penetration testing
Network routing and switching
Active Directory
PKI and Certificate Management
WiFi security
NLP: SpaCy, NLTK, Unitex, Tropes
Data analysis: Pandas, scikit-learn

Technical Toolset by Expertise

Digital Forensics

Volatility Framework, winpmem, dd, TestDisk, PhotoRec, HexEdit, strings, SQLite, md5sum/sha256sum, shred

Binary Exploitation

pwntools, GDB, John the Ripper, Hashcat, Burp Suite, Responder, Metasploit

Active Directory Pentest

impacket (GetUserSPNs, getTGT, secretsdump), bloodyAD, Certipy, BloodHound, evil-winrm, kerbrute, ntlmrelayx, PetitPotam, mitm6

Linux Penetration Testing

nmap, gobuster, ffuf, curl, nc/netcat, SSH, enum4linux

Web Application Security

Nuclei, smbclient, smbmap, showmount, Burp Suite

SIEM & Network Analysis

Suricata, Wazuh, pfSense, Wireshark

System Administration

Docker, NGINX, Apache2, GLPI, AdGuard Home, Passbolt, FireflyIII

Development & Automation

Python3, Bash, PowerShell, Git, Visual Studio Code, OpenSSL

Business & Management Skills

Microsoft Office Suite (Word, Excel, PowerPoint, Outlook)
Advanced Excel: Data analysis, pivot tables, macros
PowerPoint: Executive presentations and security reporting
Outlook: Professional communication and calendar management
Project management and team coordination
Risk assessment documentation and reporting
Security policy development and communication

Languages

Turkish: Bilingual
English: Professional working proficiency
French: Native

Interests

Kung-Fu Wing-Chun (4 years, Black belt level)
Self-defense (6 years)
Sanda (kick-boxing & wrestling, 4-5 years)
Kung-Fu Wushu (11 years)

Blog & CTF WriteUps

I regularly share my discoveries, analyses, and CTF challenge solutions. As a cybersecurity enthusiast and participant in platforms like TryHackMe, HackTheBox, RootMe, and 404CTF, I document my learning journey and technical findings:

HTB

February 2025

HTB Season 8 - Fluffy Machine WriteUp

Complete walkthrough of the Fluffy machine featuring CVE-2025-24071 exploitation, Shadow Credentials attack, and ESC16 ADCS privilege escalation.

HTB

February 2025

HTB Season 8 - Outbound Machine Analysis

Technical analysis of RoundCube CVE-2025-49113 exploitation, 3DES session decryption, and Below privilege escalation vulnerability.

FORENSICS

February 2025

Digital Forensics Incident Response Methodology

Complete 13-step incident response procedure for ransomware attacks, including memory analysis with Volatility and evidence preservation techniques.

PKI

February 2025

Automated PKI Deployment with CIS NGINX Hardening

Building a complete 3-tier PKI infrastructure with automated deployment script and CIS-compliant NGINX HTTPS configuration for enterprise security.

January 2025

Advanced Active Directory Attack Techniques

Deep dive into modern AD exploitation including Kerberoasting, NTLM relay attacks, Shadow Credentials, and Resource-Based Constrained Delegation.

CTF

March 2025

404CTF 2025 - Reverse Engineering Challenges

Detailed walkthrough of the reverse engineering challenges from the 404CTF 2025 competition, including assembly analysis and obfuscation techniques.

View All Articles

Contact

Have a question or interested in collaborating on a project? Feel free to reach out. I'm always open to discussing cybersecurity challenges, CTF competitions, digital forensics, or potential opportunities.

Contact Information

Email: mustapha.hilaloglu@gmail.com

Location: Paris, Île-De-France

LinkedIn: linkedin.com/in/Mustapha-hilaloglu

GitHub: github.com/Gordibus

Contact Me Gmail Outlook Yahoo Mail