MOSEC logo MOSEC

Cybersecurity Portfolio

Mohammad Almashahreh

Cybersecurity researcher focused on bug bounty, web security, SOC analysis, cloud security, static analysis, and practical security research.

View writeups Open SecureCycle
Animated MOSEC cybersecurity character
21 Writeups, guides, and labs
7 Bug bounty labs
8 SOC labs
1 SecureCycle tool

About

Building a practical path into offensive and defensive security.

I build projects that turn cybersecurity concepts into clear writeups, safe labs, and learning paths. My work connects bug bounty methodology, secure code review, static analysis, SOC thinking, cloud security basics, and hands-on web security practice.

This website is the main portfolio hub. Click any writeup card to open its page, lab, or repository.

Bug Bounty

Web Security Writeups

Business logic, IDOR, token lifecycle, authentication edge cases, and safe vulnerable-app simulations.

Static Analysis

Secure Code Review

Semgrep-style rules, risky code patterns, secret scanning, YARA basics, and source-code review workflows.

SOC

Detection Thinking

Alert triage, log review, incident notes, MITRE mapping, and practical defensive reasoning through hands-on SOC labs.

Cloud Security

Identity and Exposure

IAM, SaaS identity, CI/CD OIDC, cloud logging, storage exposure, and cloud security investigation fundamentals.

Learn SOC With Me

Hands-on SOC labs with synthetic evidence.

Practice alert triage, timeline building, MITRE ATT&CK mapping, detections, and report writing through browser-based labs.

Writeups

Writeups, guides, and safe practice labs.

Click a card to open the related page, lab, or repository.

Tool

SecureCycle

Security across every phase of the software development lifecycle: local code scanning, policy control, taint analysis, and AI-assisted remediation prompts.

  • Scan current file, selected paths, or the full project
  • Show findings in editor diagnostics
  • Control Center for rules, settings, logs, and history
  • OWASP-style and taint-analysis rule baselines
Open SecureCycle repo 
rules:
  - id: no-eval-js
    message: Avoid eval because it can lead to code injection.
    severity: ERROR
    languages:
      - javascript
      - typescript
    pattern: eval(...)

Contact

Let’s connect.

For my latest projects, writeups, and labs, GitHub is the best place to follow my work.

GitHub Email