Splint3rsec Portfolio

Whoami

I'm Khalil Abdellah Lemtaffah, known by @splint3rsec.
I am an offensive cybersecurity engineer by day and bug bounty hunter by night. Interested in web applications and API security. I enjoy identifying and reporting vulnerabilities before threat actors in a responsible disclosure manner.
I provide red teaming, pentesting and security consulting services including but not limited to Active Directory security, Windows/Linux pentesting, offensive security testing and code reviewing of web apps, Network, Cloud and Infrastructure.

Experience

• 2024 - Present Offensive Security Engineer, Nokia
• 2019 - Present Bug Bounty Hunter, Independent HackerOne Bugcrowd
• 2023 - 2024 Vulnerability Management Specialist, Ericsson
• 2022 - 2024 Cybersecurity Club Founder / Instructor, Eötvös Loránd University (ELTE)
• 2021 - 2023 Software Developer, Ericsson

Certifications

• 2025 (In Progress) Certified Red Team Professional (CRTP), Altered Security
• 2021 Dante Pro Lab, HackTheBox

Conferences

• 2023 Dodging Dependency Confusions In a Nutshell, PyCon APAC (Tokyo, Japan) Recording Slides
• 2022 BountyCon Finalist, (Singapore)
• 2022 Bug Bounty Recon The Right Way, BSides (Budapest, Hungary) Recording Slides
• 2022 BountyCon EDU 5th place, (Madrid, Spain)
• 2021 - Now Attended multiple cybersecurity and hacking conferences; 39C3, RootedCon, Hacktivity, Black Hat...

Research / CVEs

• 2024 Multiple privacy related issues uncovered in web app pentesting tools (MSc thesis title "Privacy Focused Analysis of Web Penetration Testing Tools")
• CVE-2021-36654 Stored XSS in CMSuno project NIST NVD

Articles

• Check out my posts on Medium

Hobbies / Side Projects

• Local LLM agent hosted on home server for bug bounty hunting
• Chess
• Electronic music production and mixing
• Electric guitar
• Running
• Traveling
• Learning Languages

Get In Touch

For professional services in Red Teaming and Penetration Testing, don't hesitate to reach out to me via email