About

avatar

Hamza Haroon

AI Security Engineer | Offensive Security Researcher | Red Teamer
mailgithublinkedintwitter

👋 I'm Hamza Haroon a.k.a TheGriffyn

An AI Security Engineer and Offensive Security Researcher specializing in building and breaking autonomous systems.

I work at the intersection of AI, cybersecurity, and offensive security, focusing on developing intelligent attack simulations, analyzing real-world threats, and engineering scalable security infrastructure.

I believe the future of offensive security lies in autonomous systems capable of thinking, adapting, and executing attacks at scale. My work focuses on bridging the gap between human-driven pentesting and AI-powered security automation.

With a strong background in OSINT, malware analysis, and digital forensics, I enjoy designing realistic security challenges and solving complex security problems.

🚀 Core Expertise

  • Offensive Security & Red Teaming
  • AI in Cybersecurity (Agentic Systems & Automation)
  • Network Forensics & PCAP Analysis
  • Web Application Security
  • DevOps & Infrastructure Engineering
  • CTF & Cyber Range Development

💼 Experience

Senior Security Researcher — Nua Security (Sep 2025 – Present)

  • Leading a security research team and contributing to core engineering of Shax, an autonomous AI offensive security platform
  • Driving research in offensive security, web application security, and AI-driven attack simulation

Agentic AI Engineer — Nua Security (Jan 2025 – Aug 2025)

  • Engineered core AI systems for Shax, focused on autonomous offensive security workflows
  • Designed and deployed agent-based AI systems for cybersecurity automation

Content / DevOps Engineer (Application Security) — Nua Security (Oct 2023 – Jan 2025)

  • Led QA and publishing of cybersecurity challenges (Trustline Challenges)
  • Designed and maintained scalable infrastructure pipelines (DevOps)
  • Analyzed penetration testing reports, prioritized vulnerabilities, and supported remediation

VAPT Engineer — AirOverflow (Nov 2022 – Present)

  • Conducting penetration testing for public and private sector organizations
  • Security trainings for various organizations
  • Developing CTF challenges across DFIR, AI, Crypto, Malware, and Reverse Engineering

Education

Certifications

HacktheBox

HackTheBox

Achievements

🎯 Achievements

  • 🥈 2nd Place — Pakistan Cybersecurity Challenge (NCCS) (2024)
  • 🥈 2nd Place — Pakistan Cybersecurity Challenge (NCCS) (2023)
  • 🥉 3rd Place — National Cyber Security Hackathon CTF (Ignite & MoITT) (2023)
  • 🌍 World Top 35 — Black Hat MEA CTF World Finals (2023, 2024, 2025)
  • 🥉 3rd Place — NUST Hackathon CTF (MCS) (2023)

🏆 Honors

  • Wall of Fame — Air University (2023)
    Recognized as a top performer in the Cyber Security Department

Projects

  • Shax - Shax is an autonomous AI agent that performs end-to-end web application penetration testing at machine speed and scale. I worked on the core AI/agentic engineering, security research, and system architecture, building the offensive security intelligence that enables the agent to autonomously discover, exploit, and report vulnerabilities across enterprise applications. I also lead the Security Research team, driving the offensive security roadmap and aligning AI capabilities with real-world pentesting methodologies.
  • National Cybersecurity Trainings 2023 - I was one of the three Technical Organizers for the online module of the Ignite's Nationwide Cyber Security Training Workshops 2023 across 9 cities in Pakistan where thousands of students attempted my challenges. I was responsible for all the technical infrastructure, challenges, training of instructors across Pakistan. The project was done under Ignite by Ministry of IT and Telecom.
  • AIRange - AIRange is a student built and managed Cyber Range with Capture The Flag and Attack Defense platform solely for learning of Air University Students.

Additional Experiences

Reach out to me