About Me

  • Full Name:Tahaa Farooq
  • Phone:+255 XXX XXX XXX
  • Email:[email protected]
  • Website:www.tahaafarooq.dev
  • Address:[REDACTED]

Hello There!

I am a seasoned cybersecurity professional with a distinguished track record, possessing certifications including eJPT, eCPPT, OSCP, CRTP, and multiple HTB Pro Labs Certifications. Boasting nearly five years of industry experience, my primary focus is on red team operations and adversary emulations. I have collaborated with diverse organizations across sectors such as Finance, Education, Health, and Government, employing a proactive approach to securing client assets with the guiding principle "I SECURE SYSTEMS TO STRENGTHEN DEFENSES."

In addition to my cybersecurity specialization, I am a passionate programmer and software developer. My expertise extends to the development of web/mobile applications, APIs, games, desktop applications, and embedded software. This dual proficiency enables me to create software and tools that contribute to the cybersecurity domain. Notable projects include Param-Ninja, Artemis, PAM, and FlameBox; for a comprehensive overview of my repositories, I invite you to explore my Github profile.

Moreover, I hold three CVEs under my name, validating my commitment to identifying and addressing critical vulnerabilities. These CVEs are: "CVE-2023-43960", "CVE-2023-43959" and "CVE-2023-52275". My dedication to research extends to exploring both emerging and established cybersecurity threats, further showcased on my blog.

In summary, my multifaceted skill set, industry experience, and commitment to excellence make me a valuable asset in cybersecurity and software development. For further insights into my work, projects, and research, please visit my GitHub profile and blog.

My Resume

  • Work Experience

  • Founder

    UrchinSec [TZ] - [NOV] 2023 - PRE

    I create, execute and implement the organization's technological vision and strategy.

  • CyberSecurity Operations Lead

    Flashnet Limited [TZ] - [SEP] 2023 - 2023 [DEC]

    Managing all cybersecurity operations on going within the company and ensuring the client's assets are in a well secured posture.

  • CyberSecurity Consultant

    InfoSec (T) LTD [TZ] - [JUL] 2023 - 2023 [SEP]

    Performed pentests and IS consultation on client(s) and assets to ensure they are secure. **Part-Time**

  • Penetration Testing Team Lead

    Cybergen Company Limited [TZ] - 2022 - 2023 [Aug]

    Orchestrating the team in performing a comprehensive penetration testing exercise.

  • Malware Analysis & Reverse Engineering Author

    eForensics Magazine [PL] - 2022 - 2022 [Dec]

    Authored in deep topics in malware analysis and reverse engineering concepts.

  • Penetration Tester

    Sump Apps [FI] - 2022 - 2022

    Performed pentests on different applications and services developed by the team before a release on production.

  • Penetration Testing Team Lead

    Hack-IT Consultancy [TZ] - 2021 - 2022

    Orchestrating the team in performing a comprehensive penetration testing exercise.

  • CyberSecurity Content Engineer

    Hack-IT Consultancy [TZ] - 2020 - 2021

    Authored and managed CTFs and servers hosting and deploying CTF challenges.

  • Education

  • BsC in Computing


    Pursue my bachelor's degree at [redacted] university

  • HighSchool Graduation


    Completed my high-school education :}

  • Certifications

  • Kali Linux Certified Professional

    OffSec - [APR] 2024

    Passed the exam and got certified with KLCP

  • Zephyr, Red Team Operator LvL 1

    HackTheBox - [MAR] 2024

    Completed hackthebox prolabs "Zephyr" and gained system access to all 17 machines and received the certificate.

  • RastaLabs, Red Team Operator LvL 1

    HackTheBox - [AUG] 2023

    Completed hackthebox prolabs "RastaLabs" and gained system access to all 15 machines and received the certificate.

  • Offensive Security Certified Professional

    OffSec - [May] 2023

    Passed the exam and got certified with OSCP

  • eLearnSecurity Junior Penetration Tester

    INE Security - [MAR] 2023

    Passed the exam and got certified with eJPT

  • Dante, Certified Penetration Tester LvL 2

    HackTheBox - [DEC] 2022

    Completed hackthebox prolabs "Dante" and gained system access to all 14 machines and received the certificate.

My Services

Software Development

Transform your concept into reality with tailored software solutions!

Red Team & Adversary Emulation

Elevate your cybersecurity defense with strategic red teaming and adversary emulation services.

Malware Analysis

Unlock insights into cyber threats: Discover how intruders gained access and fortify your defenses against ransomware and malware.

Penetration Testing

I'll give to you the most comprehensive thorough pentest you have ever had unless it's from Mandiant 🥲


Empower your team with tailored cybersecurity education—suitable for groups exceeding 10 participants. Covering a diverse array of concepts and topics, I offer comprehensive training sessions to enhance your team's proficiency in cybersecurity.


Navigating the cybersecurity landscape for your business can be complex. If you find yourself seeking guidance and insights tailored to your specific challenges, my consultation services are at your disposal.

My Recent Blogs

Here is a list of what I recently just wrote on about my researches and activities I come accross the internet

Reverse Engineering Solar-PuTTY

Solar-PuTTY is a standalone free terminal emulator and network file transfer tool based on the well-known PuTTY for Windows. ... Basically it can ...

Bypassing Gallery3D in Tecno Camon X

Bypassing Gallary3D (Hidden Images Feature) In TECNO Camon X. A lil' Bit About It; Let The Fun Begin.

YeaLink Auth Command Injection

Just unconvered a vulnerability that existed in Yealink SIP-TXXX, This vulnerability leads to RCE , but it's Authenticated meaning you must be ...