root@kali:~$ cat about.txt

About Me

Professional Summary

Hello, I'm Adham Khairy (0xSponge), a Bug Bounty Hunter and Penetration Tester with hands-on experience in web application, mobile application, network, and Active Directory exploitation. With a strong background in scripting, reverse engineering, and OSINT, I have a proven ability to identify, exploit, and document security weaknesses while providing actionable remediation strategies.

Currently pursuing my Bachelor's degree in Computer Science at Helwan University, I combine academic knowledge with practical offensive security skills to stay at the forefront of cybersecurity.

Experience

Independent Security Researcher
Remote
Aug. 2024 – Present
  • Completed 530+ TryHackMe rooms and 175+ PortSwigger Web Security Academy labs, covering Web, Active Directory, and privilege escalation techniques
  • Participated in 15+ online/offline CTF competitions, collaborating with teams to solve web, network, and Misc challenges under time pressure
  • Active Bug Bounty Hunter on HackerOne, responsibly disclosing findings and earning bounties
Offensive Security Bootcamp Trainee
We Innovate (On-site)
Jun. 2025 – Aug. 2025
  • Completed in-depth training in Web, Network, and Active Directory penetration testing, with an introduction to Android security
  • Practiced exploitation techniques including SQLi, XSS, AD enumeration, Kerberoasting, and privilege escalation
  • Concluded bootcamp with a full Active Directory engagement and presented findings to peers and instructors, improving technical presentation and teamwork skills
Cybersecurity Intern
Hack Secure (Remote)
Apr. 2025 – May 2025
  • Learned penetration testing fundamentals including recon, enumeration, and exploiting common web vulnerabilities

Educational Journey

Bachelor of Computer Science - Helwan University (Oct. 2024 – Present)

Expected Graduation: June 2028

Relevant coursework includes:

Computer Networks Information Security Operating Systems Algorithms Data Structures

Core Skills

Technical Skills:

Web Application Security Network Security Active Directory Attacks Privilege Escalation Mobile Security Vulnerability Exploitation

Tools & Platforms:

Burp Suite Metasploit Nmap SQLmap Gobuster Hydra John the Ripper Kali Linux

Programming & Scripting:

Python Bash C JavaScript PHP SQL PowerShell

Certifications

In Progress:

eWPTX - Web Application Penetration Tester eXtreme (INE Security) eMAPT - Mobile Application Penetration Tester (INE Security)

Completed Certifications:

Certified Red Team Analyst (CRTA) - Oct. 2025 TryHackMe - Red Teaming Tester Path - Sep. 2025 Cisco CCNA - Jun. 2025 Google IT Support Professional - Jul. 2025 TryHackMe - Junior Penetration Tester Path - Jun. 2025 Google IT Automation with Python - Feb. 2025

Philosophy

I believe that understanding how to break systems is fundamental to building secure ones. My approach to cybersecurity is methodical, ethical, and focused on continuous learning. Through hands-on practice, bug bounty hunting, and CTF competitions, I constantly push my boundaries to stay ahead of emerging threats.

By sharing knowledge and contributing to the security community, I aim to help create a safer digital environment for everyone. Every vulnerability discovered and responsibly disclosed makes the internet a little bit safer.