About
Umair Sabir
Cyber Security Engineer at AirOverflow · Islamabad, Pakistan
I'm a Cyber Security Engineer at AirOverflow, based in Islamabad, Pakistan. My day-to-day work combines offensive security engagements, cybersecurity tool development, and building the CTF challenges and platforms that AirOverflow runs for the community.
I hold a Master's in Cyber Security from Air University. I'm OSCP certified, along with CRTO and eCPPT. I'm currently pursuing OSED — Windows exploit development — because the topic genuinely interests me.
What I do
My work spans the full offensive-security lifecycle and increasingly touches the development and automation side of security operations. The areas I focus on most:
Penetration Testing
External and internal engagements, Active Directory, web applications, APIs, and networks. Full-cycle VAPT with detailed reporting.
Active Directory Security
Kerberoasting, ACL abuse, delegation attacks, BloodHound path analysis, and hardening reviews.
Web · API · Network VAPT
Manual testing supported by Burp Suite, Nuclei, custom scripts, and proper threat modeling.
DFIR
Memory forensics, malware triage (PDF, Office, JS), sandbox analysis, and incident response support.
Security Tool Development
Open-source offensive and defensive tooling — Sqlhound, SUBROOT, MalwareMaster — primarily in Python and C.
AI Automation & Workflows
Designing and deploying AI-driven workflows for security operations using OpenCLAW, n8n, and custom integrations.
Reverse Engineering
Static and dynamic binary analysis. Used in malware research and exploit development work.
Exploit Development
Currently focused on Windows exploit development as part of OSED preparation — shellcoding, SEH chains, ROP.
Skills & tools
Education
- MS, Cyber Security
Air University, Islamabad - BS, Cyber Security
Air University, Islamabad
Certifications
- OSCP — Offensive Security Certified Professional
- CRTO — Certified Red Team Operator
- eCPPT — Certified Professional Penetration Tester
- OSED — in progress (Windows exploit development)
Experience
Cyber Security Engineer · AirOverflow
- Lead penetration testing engagements across web, API, network, and Active Directory environments.
- Develop and maintain cybersecurity tools used internally and shared with the community.
- Design CTF challenges and build the CTF platforms used for national and international cybersecurity events.
Founder · ByteBoltSec
- Founded a Pakistan-based cybersecurity practice focused on penetration testing and security training.
- Delivered consulting engagements and training programs for clients and students.
Trainer · Ignite — Bahria University
- Conducted practical penetration testing workshops for students under the Ignite program at Bahria University.
Selected achievements
| Year | Event | Result |
|---|---|---|
| 2024 | National Cyber Security Champion — Ignite (Ministry of IT) | Winner |
| 2024 | Hackmasters'24 — OIC CTF, Istanbul | Winner |
| 2024 | BlackHat MEA '24 — Riyadh | Finalist |
| 2023 | National Cyber Security Champion — Ignite (Ministry of IT) | Winner |
| 2023 | BlackHat MEA '23 — Riyadh | Finalist |
| 2023 | MCS CTF '23 — Military College of Signals | Winner |
| 2022 | National Cyber Security Champion — Ignite (Ministry of IT) | Winner |
| 2022 | Pakistan Cyber Security Challenge (NCCS × AU) | Top 10 |
| 2022 | NASCON '22 CTF — FAST-NUCES | 4th place |
| — | National hackathons & CTFs | 20+ wins |
Currently
- Running penetration testing engagements at AirOverflow.
- Designing and maintaining CTF challenges and platforms for AirOverflow's events.
- Studying for OSED — Windows exploit development, custom shellcode, SEH chains.
- Building AI-driven workflows for security operations using OpenCLAW and n8n.
- Maintaining open-source security tools — see the projects page.
- Writing technical posts on offensive security, exploit development, and tooling on the blog.
Get in touch
For consulting, collaborations, training, or just to say hello — the best ways to reach me: