For the complete documentation index, see llms.txt. This page is also available as Markdown.

About Me

A small brief about me.

└─# Whoami:

This is Obaida Albasha, also known as Caesar3.

Offensive security practitioner with 4+ years of hands-on experience in Capture The Flag (CTF) competitions and lab environments across multiple platforms. Strong focus on red teaming, web application, network and systems exploitation, and active directory attacks.

Currently working in penetration testing and red teaming, performing real-world security assessments and continuously improving my skills while helping organizations enhance their security posture.

Experience:

Junior Penetration Tester at Cytomate, Feb 2026 - Present

  • Perform web application and API penetration testing to identify security vulnerabilities

  • Conduct cloud penetration testing on externally exposed assets

  • Design and execute phishing simulations, including pretext development and campaign delivery

  • Co-develop a Python-based Telegram CTI tool supporting channel enumeration, joining/leaving, message scraping, and malicious bot hunting (bothunt)

  • Contribute to threat intelligence operations by collecting and analyzing data from Telegram channels and other sources

CTF player, Oct 2021 - Present

Actively participate in Capture The Flag (CTF) challenges, machines and hands-on labs across platforms including HackTheBox, TryHackMe, OffSec PG, HackMyVM, FlagYard, INE, CyberDefenders, and other competitive CTF events.

Perform API and Web Application Enumeration & Exploitation, identifying and exploiting vulnerabilities such as:

  • SQL Injection (SQLi)

  • Cross-Site Scripting (XSS)

  • Server-Side Request Forgery (SSRF)

  • Insecure Deserialization

  • etc

Conduct Active Directory and Network Enumeration & Exploitation, including:

  • Abuse of Active Directory ACLs and misconfigurations

  • Kerberos-based attacks (e.g., Kerberoasting, AS-REP Roasting, Delegations)

  • Privilege Escalation and Lateral Movement techniques

  • etc

Practice realistic attack workflows following enumeration → exploitation → post-exploitation methodologies.

Education:

Bachelor of Applied Computing – Cyber Security Track at King Saud University 2020–2022

Completed 3 semesters.

Professional Certifications:

  • 2026:

    • INE, eMAPT (Mobile Application Penetration Tester) (In Progress)

    • The SecOps Group, C-APIPen (Certified API Pentester)

    • INE, eCTHP (Certified Threat Hunting Professional)

  • 2025:

    • CyberWarfare, MCRTA (Multi-Cloud Red Team Analyst)

    • OffSec, OSCP/OSCP+ (OffSec Certified Professional/+)

    • Altered Security, CRTP (Certified Red Team Professional)

    • INE, eWPTX (Web Application Penetration Tester eXtreme)

    • CyberWarfare, CRTA (Certified Red Team Analyst)

  • 2024:

    • INE, eCPPT (Certified Professional Penetration Tester)

  • 2023:

HackTheBox ProLabs:

Skills:

  • Management

  • Problem solving

  • Leadership

  • Love of Learning

  • Infrastructure (Active Directory, Network, System/Host) Penetration Testing:

    • Enumeration

    • Exploitation

    • Privilege Escalation

    • Pivoting & Tunneling

    • Lateral Movement

  • Application (Web, API, Mobile) Penetration Testing

  • Basic Cloud (AWS, Azure, GCP) Penetration Testing

  • Client-Side Attacks

  • C2 Frameworks:

    • Metasploit

    • PowerShell-Empire

  • Threat Hunting (Network, Endpoint)

  • Python Programming

Honors & Awards:

  • 2025:

    • First Place in Salam CTF

    • Won the CyberHub Offensive Challenge

  • 2024:

    • First Place in the CyberHub AD PT CTF Challenge

    • Eighth Place in the CyberHub Network PT CTF Challenge

    • Second Place at the FlagYard Booth - LEAP

    • Sixth Place at the Cyberani CTF Booth - LEAP

    • Sixth Place in the (CyberHub & KSU Cyber) OSINT CTF

  • 2023:

    • Ninth Place in the Cyber Hub CTF

    • Sixth Place in the KSU CTF

Languages:

  • Arabic (Native)

  • English

My LinkedIn & My X & My CV:

My LinkedIn Account
My X Account
My CV

Note:

I created this GitBook to share my experiences in the cybersecurity field, along with insights and notes from studying for certifications and hands-on practice. Please, if you noticed any mistakes, misconceptions, or anything I may have misunderstood, feel free to reach out to me on my LinkedIn or my X (formerly Twitter) accounts.

Last updated