Cyber Security Engineer · AirOverflow

Hi, I'm Umair Sabir.

I'm a Cyber Security Engineer at AirOverflow, where I run penetration testing engagements, build security tooling, and develop CTF challenges and platforms. My focus areas are offensive security — penetration testing, Active Directory, web, API, and network VAPT — alongside DFIR, security tool development, and AI-driven automation for security operations.

About·Projects·Blog·LinkedIn·GitHub·Email

Areas of focus

Offensive security

Penetration Testing

External and internal engagements, web applications, APIs, and networks. End-to-end VAPT with clear, actionable reporting.

Red Team Operations

Adversary emulation, phishing campaigns, payload development, and full-chain intrusion exercises aligned with the MITRE ATT&CK framework.

Active Directory Security

Kerberos abuse, ACL chains, delegation attacks, BloodHound-driven path analysis, and AD hardening recommendations.

Cloud Security

Security assessments and configuration reviews across AWS and Azure — identity, networking, container, and Kubernetes attack surface.

Analysis & research

DFIR

Memory forensics, sandbox analysis, log review, and incident response support across Windows and Linux environments.

Malware Analysis

Static and dynamic analysis of malicious binaries, scripts, and document-borne payloads. Indicator extraction and behavioural reporting.

Reverse Engineering

Binary analysis with IDA, Ghidra, WinDbg, and x64dbg. Used in vulnerability research, malware work, and CTF challenge design.

Exploit Development

Windows-focused exploit development — custom shellcode, SEH overwrites, and ROP chain construction. Currently pursuing OSED.

Building & operating

Security Tool Development

Building and maintaining open-source offensive and defensive tooling in Python, Bash, and C — see the projects page.

AI Automation & Workflows

Designing AI-driven workflows for security operations and analysis — OpenCLAW, n8n, and custom automation for triage and reporting.

CTF Design & Platforms

Designing Jeopardy-style CTF challenges across pwn, web, crypto, and forensics, and building the lab and scoring infrastructure that hosts them.

Security Training & Mentorship

Practical penetration-testing workshops and team mentorship — including under the Ignite program and across competitive CTF teams.

Background

Education: MS, Cyber Security · Air University
Certifications: OSCP · CRTO · eCPPT
In progress: OSED — Windows exploit development
Languages: Python · Bash · C · ASM (x86/x64)
Tooling: OpenCLAW · n8n · BloodHound · Burp Suite
Location: Islamabad, Pakistan · UTC +05:00

Selected achievements

2024: National Cyber Security Champion — Ignite (Ministry of IT)
2024: Hackmasters'24 — Winner, OIC CTF (Istanbul)
2024: BlackHat MEA '24 — Finalist (Riyadh)
2023: National Cyber Security Champion — Ignite (Ministry of IT)
2023: MCS CTF '23 — Winner
2022: National Cyber Security Champion — Ignite (Ministry of IT)
—: 20+ national hackathon & CTF wins

About this site

A central place for my work, writing, and projects. New posts go up when I have something useful to share. For collaborations, consulting, or just to say hello, the easiest way to reach me is by email or LinkedIn.