Abdelkarim Mouchquelita - mchklt — CEO

Freelance Penetration Tester | Cybersecurity Graduate | Bug Bounty Hunter | OSWE Passionate cybersecurity specialist with a proven track record in offensive security and ethical hacking. At 22, I've turned my self-driven curiosity into real impact: securing over 50 platforms through bug bounty programs, uncovering critical vulnerabilities like reflected XSS on Tesla's portal and a remote code execution (RCE) chain on a RedBull asset earning Paysafe Hall of Fame recognition and more than 5 digits total bounties. Top of my class in a Bachelor's in Cybersecurity at Ynov Casablanca (2025) and Diploma in Computer Systems & Networks at Cité des Métiers et des Compétences, Nador (2024), I'm bridging academic excellence with hands-on freelance experience to build secure digital futures. My freelance journey over 2+ years has been all about the attacker-mindset: delivering black-box assessments for big companies through bug bounty, focusing on OWASP Top 10 risks (SQLi, IDOR, SSRF, XSS) using Burp Suite, sqlmap, ffuf, and Nmap. I've chained exploits in Active Directory environments with BloodHound and Metasploit, audited cloud misconfigs (AWS S3 permissions), and automated workflows with custom Python, Bash, and PowerShell scripts like Nmap-Bomber for parallel bulk scans and Ping-Pong for real-time host monitoring with Telegram alerts. Completing advanced Hack The Box Pro Labs (DANTE, ZEPHYR, POO) sharpened my skills in privilege escalation, lateral movement, and domain compromise, while my Medium blog (mchklt.medium.com) with +1,000 followers and +100,000 views shares case studies to mentor the next gen on ethical hackers. Beyond code and exploits, I thrive on teaching and community: delivering personal programs on web penetration testing, PowerShell/Python scripting, and web security fundamentals, always emphasizing clear reporting (CVSS scoring, PoCs, remediation snippets). I'm flexible, immediate availability, and ready to relocate for the right challenge. Let's connect if you're building resilient teams in fintech, telecom, or startups I'm here to turn threats into strengths. #PenetrationTesting #EthicalHacking #Cybersecurity #BugBounty #OffensiveSecurity #OWASP #RedTeaming #Python #NetworkSecurity

Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Penetration Testing and Bug Bounty Hunting.

Location: Nador, Oriental, Morocco

Experience: 1 yr 6 mos

Skills

Penetration Testing
Bug Bounty Hunting
Network Administration
Technical Support

Career Highlights

Secured over 50 platforms through bug bounty programs.
Earned Paysafe Hall of Fame recognition for critical vulnerabilities.
Top of class in Bachelor's in Cybersecurity.

Work Experience

Bugcrowd & Intigritii & private clients

Self Employed (2 yrs 9 mos)

Bugcrowd

Bug Hunter (Freelance) (2 yrs 10 mos)

Cités des Métiers et des Compétences

Intern as Technician in Computer Systems and Networks (1 yr 6 mos)

Education

Bachelor's Degree at YNOV Campus

Diploma of Specialized Technician in Computer Systems and Networks at Cités des Métiers et des Compétences

Entrepreneurship Program (PIE) at Cités des Métiers et des Compétences

Abdelkarim Mouchquelita - mchklt

CEO

Nador, Oriental, Morocco1 yr 6 mos experience

Key Highlights

Secured over 50 platforms through bug bounty programs.
Earned Paysafe Hall of Fame recognition for critical vulnerabilities.
Top of class in Bachelor's in Cybersecurity.

Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Penetration Testing and Bug Bounty Hunting.

Contact

Skills

Core Skills

Penetration TestingBug Bounty HuntingNetwork AdministrationTechnical Support

Other Skills

Burp SuiteNmapMetasploitPythonBashsqlmapffufGitDockerLinuxWindows troubleshootingActive Directory managementLinux administrationPacket TracerOSHA Certified

About

Experience

1 yr 6 mos

Total Experience

1 yr 6 mos

Average Tenure

Current Experience

Bugcrowd & intigritii & private clients

Self Employed

Aug 2023 – Present · 2 yrs 9 mos

Collaborated independently with Bugcrowd, Hackerone and Intigriti to secure 50+ platforms by identifying and reporting critical vulnerabilities. Earned $XX,000+ in bounties and Paysafe Hall of Fame recognition for impactful findings, including reflected XSS on Tesla and an RCE chain on RedBull. Conducted targeted assessments with RedBull on Intigriti; invited to Yahoo and HackerOne Live Hacking Events (Morocco). Delivered actionable PoCs, CVSS-scored reports, and remediation guidance, using OWASP Top 10 testing and Python/Bash automation for secure implementations. Skilled with tools and technologies including Burp Suite, Nmap, Metasploit, Subfinder, Nuclei, ffuf, SQLmap, Hydra, Git, Docker, Linux, and automation with Python and Bash.

Burp SuiteNmapMetasploitPythonBashsqlmap+6

Bugcrowd

Bug Hunter (Freelance)

Jul 2023 – Present · 2 yrs 10 mos · Remote

I've independently hunted vulnerabilities across 50+ platforms through bug bounty programs on Bugcrowd, turning my attacker-mindset into tangible impact for global organizations. With over 2 years of hands-on ethical hacking, I've earned $xx,xxx+ in bounties and Paysafe Hall of Fame status by uncovering critical flaws like reflected XSS on Tesla and RCE chains on RedBull assets. from reconnaissance to exploitation and remediation, always scoped ethically with clear PoCs, CVSS scoring, and developer-friendly fixes. This solo hustle has not only sharpened my technical edge but also fueled my passion for mentoring via redacted case studies, check out my portfolio www.mchklt.com for walkthroughs. (Note: These are just a fraction; I've submitted dozens more undisclosed cases.)
Key highlights from my Bugcrowd submissions and related case studies:
How I Hacked RedBull – CVE-2025-30406: Recon with Amass/Subfinder revealed a hidden misconfig, chaining to full RCE via custom exploit.
How I Found My First RCE: Early bounty win exploiting a file upload flaw into command execution, teaching me the thrill of end-to-end testing.
How I Exploited Dependency Confusion for RCE: Hijacked npm packages in a supply chain attack, demonstrating real-world package manager vulns.
How I Exploited Parameter Misconfiguration for XSS: GET param flaws enabled JS injection on 130+ endpoints using waymore/katana critical XSS bounty.
How I Bypassed Authentication to Expose PII: Fuzzed headers for X-Forwarded-For bypass, accessing internal panels and leaking sensitive data.
(mchklt.medium.com for more cases)
Skills honed: OWASP Top 10 (SQLi, SSRF, IDOR), web/API/network/AD pentesting (Burp Suite Pro, sqlmap, ffuf, Nmap, Metasploit), cloud audits (AWS S3), and automation (Python/Bash/PowerShell tools like Nmap-Bomber for parallel scans). Available for remote/hybrid roles or relocation let's connect to discuss opportunities!

Burp SuitesqlmapffufNmapMetasploitPython+3

Cités des métiers et des compétences

Intern as Technician in Computer Systems and Networks

Nov 2022 – May 2024 · 1 yr 6 mos · Nador, Oriental, Morocco · On-site

My internship at CMC Nador was instrumental in advancing my IT proficiency. I gained hands-on expertise in Windows troubleshooting, server administration, Active Directory management, virtualization technologies like Hyper-V and VirtualBox, Linux administration, and scripting languages such as Python, Bash, and Powershell. Additionally, I delved into network administration, exploring Packet Tracer for simulations and enhancing my understanding of network security. Engaging in practical projects and collaborative tasks consolidated my skills, preparing me for a dynamic career in IT.

Windows troubleshootingActive Directory managementLinux administrationPythonBashPacket Tracer+2