About

Irfanul Montasir

Offensive security engineer, red teamer, and open-source builder. Based in DUBAI, UAE.

IM
Irfanul Montasir
OFFENSIVE SECURITY ENGINEER // SHORBORNO · GRAMEENPHONE // DUBAI, UAE

I work on the red team at Shorborno Holdings Ltd on the Grameenphone project - Bangladesh's largest telco - focusing on penetration testing, Active Directory exploitation, EDR bypass, and custom tooling in C/C++ and Python. My day-to-day centers on simulating adversaries, stress-testing SOC detection, and running purple-team exercises.

Before Shorborno I was a Security Researcher at PentesterSpace, where I worked across mobile, network, and AD pentesting with BloodHound, CrackMapExec, MobSF, and Burp Suite Pro. I've also spent time in non-security IT leadership - building full-stack systems and leading operations - which shaped how I think about defensive posture from the other side.

Outside work I compete in CTFs, contribute to open-source security tooling, mentor students through the IIUC InfoSec Community I founded, and write about technique and methodology. My research interests span application & AI security, IoT and automotive hacking, ML for threat detection, and agentic AI applied to offensive security.

HACKTHEBOX ↗ GITHUB ↗ LINKEDIN ↗ MEDIUM ↗ EMAIL ↗
At a glance
75+
Machines pwned
44
Writeups published
05
Certifications
CRTO · CPTS · eWPTX
eCPPT · eJPT
04
HTB pro labs
APT · Dante · Rasta · Asc.
#1·#2
CyberDrill ntl.
#31
BlackHat MEA '23
02
Publications
Experience
Role history, reverse chronological
May 2025 - Present
Offensive Security Engineer
Shorborno Holdings Ltd (Grameenphone Project) · Dhaka, BD
  • Conduct penetration testing across mobile, network, and Active Directory environments.
  • Build custom APT emulation tools in C/C++ and Python - reflective loaders, indirect-syscall stagers, in-memory execution primitives.
  • Bypass industry-leading EDR/XDR via API hook removal, ETW/AMSI patching, and module stomping to stress-test SOC detection.
  • Perform source-code review and reverse engineering on production applications; run OSINT-driven threat enumeration.
  • Collaborate in purple-team exercises; design pentesting dashboards mapping findings to MITRE ATT&CK and NIST.
Apr 2024 - Apr 2025
Information Technology Manager
Morshed Alam Foodstuff Trading LLC · Al Aweer, Dubai
  • Developed a full-stack inventory system with real-time stock tracking and automated invoicing.
  • Led operations and technical strategy to secure and scale financial processes for high-value transactions.
Mar 2022 - Jan 2024
Security Researcher
PentesterSpace · Dhaka, BD
  • Performed pentesting across mobile, network, and AD environments using BloodHound, CrackMapExec, MobSF, Burp Suite Pro, and Nmap.
  • Deployed IDS/IPS and SIEM tools (Suricata, Wazuh, Splunk, Snort) for proactive threat detection.
  • Conducted compliance-driven assessments aligned with GDPR, ISO/IEC 27001, and NIST with detailed technical reporting.
Education
Nov 2018 - Dec 2023
B.Sc. in Computer Science & Engineering
International Islamic University Chittagong (IIUC) · Chattogram, BD · GPA 3.20 / 4.00
  • Thesis: A Novel Approach for Context-Based Searching from Al-Quran using BERTopic Model.
Certifications
Click any credential for details & personal review
CRTO
Credential
Certified Red Team Operator
Zero-Point Security
Dec 2025 View
CPTS
Credential
Certified Penetration Testing Specialist
HackTheBox
May 2025 View
eWPTX
Credential
Web App Pen Tester eXtreme
INE Security
Feb 2024 View
eCPPT
Credential
Cert. Professional Penetration Tester
INE Security
Apr 2024 View
eJPT
Credential
Junior Penetration Tester v2
INE Security
Mar 2024 View
HackTheBox Pro Labs
Advanced enterprise-network simulations
APT
Pro Lab
APTlabs Pro Lab
HackTheBox
April 2026 View
DANTE
Pro Lab
Dante Pro Lab
HackTheBox
Feb 2026 View
RASTA
Pro Lab
Rastalabs Pro Lab
HackTheBox
Dec 2025 View
ASC.
Pro Lab
Ascension Pro Lab
HackTheBox
Dec 2025 View
Achievements & awards
Competitive CTF placements and platform milestones
#1
National CyberDrill CTF 2020
Champion · BGD e-GOV CIRT
#2
National CyberDrill CTF 2021
Runner-up · BGD e-GOV CIRT
#2
CTF: Super League 2021
Runner-up · IEEE CS BUET
#31
BlackHat MEA 2023
Top 31 of 250+ · Tahaluf & SAFCSP
Elite Hacker
HackTheBox - robinx0
75+ Machines · 70+ Challenges · 5 Fortresses · 4 ProLabs
Publications
Peer-reviewed research
A1
Risk-Based MITRE TTP Scoring for Proactive Cyber Threat Prioritization and Response
S. M. Zia Ur Rashid, M. M. Alam, Irfanul Montasir, A. Haq
14th International Conference on Software and Computer Applications (ICSCA 2025) · Kuala Lumpur, Malaysia
A2
Securing Agentic AI: Threats, Risks, and Mitigation
S. M. Zia Ur Rashid, Irfanul Montasir, A. Haq, M. M. Alam, M. T. Ahmmed
International Conference on Advancement in Cyber Security and Digital Forensics (ICACSDF 2025) · UPES, Dehradun, India
Community
Mentorship and public education
Founder & Mentor - IIUC InfoSec Community
2021 - PRESENT

Ongoing mentorship to IIUC students - running cybersecurity bootcamps, guiding research, and supporting practical skill development in ethical hacking, CTFs, and applied security practice. Speak regularly on offensive security topics.

Technical skills
Domains, tools, and languages

Offensive domains

Pentest (mobile / network / AD)EDR / AV evasionMalware dev & analysisReverse engineeringSource-code reviewRed teamingOSINTOWASP Top 10

Security tools

Cobalt StrikeSliver C2Burp Suite ProBloodHoundRubeusMimikatzImpacketGhidra / IDANmap / NucleiMobSFPwntools / FridaAcunetix / NessusWazuh / Suricata

Languages & frameworks

C / C++PythonJavaScript / TSSwiftSQLReact.jsExpress.jsReact Native

Dev & infra

GitDockerPostgreSQLRedisAWSGCPKali Linux