Aiman Sam | Junior Pentester and Web Developer

Unemployables #8443

Hey, I'm @zx10r.

I'm a junior penetration tester and web developer specializing in identifying vulnerabilities and building secure web applications.

Check out my projects

TryHackMe badge for zx10r

Hack The Box badge for zx10r

Highlights / Quick Stats

01 Top 1% TryHackMe Ranking

Ranked in the top 1% globally on TryHackMe and listed 44th in Malaysia.

02 350+ TryHackMe Rooms

Completed over 350 rooms covering penetration testing, web exploitation, and network exploitation.

03 Top 3 / 50 Bingo CTF 2025

Placed 3rd with a 3-member team across web exploitation, cryptography, and forensics challenges.

04 Top 10 MCMC Finalist

Finalist in the MCMC Intervarsity Cyber Forensics Challenge 2025 under time-constrained incident analysis.

05 10 Challenges Delivered

Delivered 9 web challenges, 1 Boot2Root machine challenges across CTF events.

06 2 Technical Talks

Delivered two web exploitation sessions for DIV:IDE Academy and Hack@10 CTF preparation.

07 5 Certificates Earned

Including CEHv13, CCNA Intro to Networks, Junior Penetration Tester, and web development training.

08 3.80 Current GPA

Bachelor of Computer Science (Cybersecurity) student at Universiti Tenaga Nasional.

My Background / About Me

About Me

Foundations built through practice.

Looking For

Penetration Tester Security Engineer Blue Team Analyst Cloud Engineer

Second-year Computer Science (Cybersecurity) student focused on penetration testing and ethical hacking. I earned my CEH certification before the age of 20 and have continued building hands-on experience through labs, competitions, and practical security work.

Hands-on vulnerability assessment using OpenVAS and Nessus in practical lab environments.
System exploitation across Windows and Unix environments, including privilege escalation and lateral movement.
Active Directory attack experience including pass-the-hash, Kerberoasting, and domain privilege escalation.
Ranked in the top 1% globally on TryHackMe and placed in national CTF competitions.
Contributed as both a competitor and challenge creator, building web exploitation scenarios and supporting secure CTF infrastructure.
Currently expanding into blue team domains through SIEM, EDR, and detection engineering to become a more well-rounded security professional.

Skills

Applied security and development skills.

Web Exploitation Blue Team Mindset Flask React Cloud Security Node.js Python Security Engineering

Web Exploitation Penetration Testing Active Directory Exploitation Access Control Testing Network Security

Log Analysis SIEM (Splunk) Wireshark System Hardening Threat Detection

Flask React Next.js Node.js PostgreSQL MongoDB

Linux Administration Docker Bash Scripting Python Automation Network Fundamentals Secure Deployment

Certificates

Recognized industry credentials.

CEHv13 Certified Ethical Hacker from EC-Council.
Junior Penetration Tester TryHackMe path focused on practical offensive security fundamentals.
CCNA: Introduction to Networks Cisco networking foundation covering infrastructure and core network concepts.
Full-Stack Web Development Bootcamp Udemy training across JavaScript, Next.js, React, PostgreSQL, and MongoDB.
Python & Bash for Ethical Hackers Practical scripting and automation for penetration testing and security workflows.

My Work / My Projects

Infrastructure Active Directory

Enterprise Grade Home Lab

A fully virtualized enterprise-style home lab designed to simulate real-world network environments for security testing and research. Built with segmented networks, Active Directory, SIEM integration, and monitoring tools, this lab enables hands-on practice in threat detection, incident response, lateral movement, and privilege escalation across Windows and Linux systems.

Hardware Endpoint

Rubber Ducky / Bad USB

A custom-built Bad USB project leveraging keystroke injection techniques to simulate real-world attack scenarios. Used for developing and testing payloads that automate exploitation, credential harvesting, and system compromise, this project demonstrates practical understanding of physical attack vectors and endpoint security weaknesses.

Wireless Audit

Bad Wifi Audit

A wireless security auditing project focused on identifying vulnerabilities in Wi-Fi networks, including weak encryption, rogue access points, and misconfigurations. Utilizes penetration testing tools to perform network reconnaissance, packet analysis, and attack simulations such as deauthentication and credential capture to assess and improve wireless security posture.

Writeups / Blog

Technical writeups covering CTF solves, lab work, exploitation paths, and security lessons pulled from hands-on practice.

Latest Post Web

Web Exploitation Workflow

A practical workflow for approaching web targets in labs and CTFs, from surface mapping and logic flaws to clean exploit validation.

Published · May 9, 2026

Lab Notes Active Directory

Active Directory Lab Notes

Notes from building and attacking an Active Directory lab, with emphasis on enumeration, trust relationships, and privilege escalation paths.

Published · May 9, 2026

Writeup CTF

My First CTF

A short walkthrough of my first rooted CTF target, from initial enumeration to privilege escalation and the habits that made the path clear.

Published · May 6, 2026