~/allen.sh

penetration tester · web application security

Allen
Nghayoui

I find vulnerabilities in web applications, document them carefully, and help teams fix them.

read writeups get in touch
available for engagements based in Lebanon · open to remote

 —  about

Computer Science graduate from Notre Dame University ‑ Louaize. Summa Cum Laude, 3.99 GPA.

My path into security started with full-stack development and was sharpened through competitive CTFs and hands-on labs on Hack The Box Academy.

Today I work as a freelance penetration tester with Purple Edge and recently completed an internship with Semicolon Security, where I tested web applications and APIs for real clients.

 —  arsenal

web & application security

OWASP Top 10 Broken Access Control XSS SQL Injection CSRF Auth Misconfig

tools

Burp Suite Nmap Empire C2 SQLMap ffuf gobuster Ghidra Jadx-Gui BloodHound

languages & technologies

Python JavaScript PowerShell Bash C++ Linux / Unix x86_64 Assembly SQL AWS Git

areas of knowledge

Active Directory Pentesting Mobile Security Cloud Security Reverse Engineering

 —  experience

2025 — present

current

Penetration Tester

Freelance · Purple Edge

  • Conducted web application penetration tests identifying business logic and access control vulnerabilities of high and medium impact.
  • Delivered clear, actionable reports including technical findings, impact, and reproduction steps.
  • Collaborated with development teams to validate implemented fixes.

feb — apr 2026

Penetration Tester Intern

Semicolon Security

  • Conducted web application and API penetration testing.
  • Contributed to reports with technical findings, proof-of-concepts, and remediation recommendations.

2024 — present

Cybersecurity Researcher

Independent

  • 4th place qualifiers and 7th place finals in a national CTF competition (2025).
  • Continuous training via HackTheBox Penetration Tester Path (Active Directory, Linux, Web).
  • Received reward and appreciation for responsibly reporting a vulnerability to a bug bounty program.

jun — nov 2023

Full-stack Web Developer

Cellular Fitness

  • Built and deployed a full-stack application with Node.js, Express, and Next.js.
  • Designed the PostgreSQL database and deployed infrastructure on AWS.

 —  projects

PwnPoint

2026

Capture The Flag (CTF) platform built with Laravel and MySQL

A small Capture The Flag (CTF) platform built with Laravel and MySQL meant to teach myself Laravel development. Contains users auth flows, browsing challenges, submitting flags, and climbing the leaderboard.

PHP Laravel Laravel Sanctum MySQL Docker GitHub Actions
repo

 —  certificates

Cybersecurity Specialist

Feb 2026

Semicolon Academy

120 hours of hands-on training and examinations across 8 modules in offensive and defensive cybersecurity.

Malware Analysis Skill Path

Dec 2025

LetsDefend

Theoretical and practical modules in malware analysis.

 —  recent writeups

No writeups yet.

 —  contact

I'm available for freelance engagements, bug bounty collaborations, and full-time opportunities in offensive security.

email allen.nghayoui@gmail.com
linkedin linkedin.com/in/allennghayoui
github github.com/allennghayoui