Hello There

I am Aamer Shah.
Computer Engineer,
Movie Maker and Hacker.


I'm an offensive security engineer working as a Red-Team operative. I have been in the field since 2015 with many organizations through my career; starting with Daimler aka Mercedes Benz, Ola; telcos like Ooredoo and Etisalat.

I'm atheltic build; 6'2", love high activity sports like martial arts and ocasional swimmer. I spend time in hacking and do vulnerability research and security bug bounty otherwise.

With that said, I love flying drones and driving cars. Driving a manual vehicle is a blessing in disguise for those who understand the spirit of it. I have created dozens of websites for fun and profit and have been occasional speaker at security conferences. Those who understand technical jargon: I have many zerodays associated to my name. And with the experience I had with reporting issues; I have decided to keep future zerodays to myself only. Money is not a deterministic factor for the decisions I take.

I've Got Some skills.

  • 80%
    Zeroday Research
  • 70%
  • 90%
    Web Pentest
  • 80%
    Network Pentest
  • 75%
    Wireless Pentest
  • 90%
    Mobile Pentest
  • 75%
    Reverse Engineering

My Work Experience (in chronological order).

January 2015 - February 2017

Daimler / Mercedes Benz

Offensive Security Consultant

VAPT of Web Applications (Thick / Fat client, Rich client, Thin client), Daimler Network / Infrastructure security, mobile (Android, iOS) and various CMS and implementing configurations while providing mitigation techniques to application owners as per OWASP and DREAD standards.
● Enforcing DISC (Daimler Information Security Compendium) policies.
● Conducting Kick-Off calls with Product Owners (VPs / Senior VPs).
● Completed security assessments of 15 applications singlehandedly with worth of € 4.5K each.
● Completed security assessment as network PT for 4 geographical locations as a team.

March 2017 - December 2017


Senior Security Consultant

VAPT of Web Applications (Thick / Fat client, Rich client, Thin client) and vulnerability chaining with post-exploitation of various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Triage with developers while maintaining security : efficiency trade-off.
● Threat Modelling (design and implementation viz. CVSS).
● Completed security assessments of 20 applications singlehandedly.

December 2017 - June 2018


Senior Security Engineer

VAPT and SAST of Web Applications, Mobile Applications and RESTful APIs and services and of various CMS (Content Management Systems) and OSL (Open Source Libraries).
● Penetration Testing of third-party payment gateways and plug-ins as per OWASP, SANS …
● Completed security testing and ‘Sign-Off’ of 15+ applications 100+ enhancements
● Responsible for addressing ‘Security Bug Bounty’ and rewards program.

August 2018 - October 2019

Ooredoo Oman

Security Assurance Validator

LVAPT, Blackbox pen-test of in-house applications primarily or a third-party integration covering broadly multiple clients pertaining to Web Applications, Mobile Applications, Network / Infrastructure, IoT, Rich Clients, Thick Clients and System.
● Handling client products like Tenable, AttackIQ and supporting Carbon Black, LogRhythm.
● Digital Forensics and Incident Response to security incidents, violations and potential threats.
● Simulating attack scenarios to test the implemented setup of security monitoring teams.
● Leading Red-Team activity and creating post-exploitation scenarios with execution.
● Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
● Mentoring / managing technical resources for PenTest and skill development.
● Performing malware analysis for in-house app installation requests and apps that have clear
public record but have potentially malicious behavior.
● Completed security assessment of 100+ projects singlehandedly.
● Provided secure design structure for Security and Network Operations.

October 2019 - Present

Etisalat PJSC, UAE

Red Team Operative

Red-Teaming, VAPT of Web, Mobile, Networks and IoT based applications and devices.
● Audit of security controls in place.
● Performing Red-Team activity, creating strategies and relevant scenarios for it.
● Creating secure design / architecture for the new concepts and AI based applications.
● Leading / guiding the security team for security assessments and red-team activities.
● Completed 5 security assessment and counting…

What People Say.

Author image

Aamer is a gifted Pentester with a unique personality, I've worked alongside Aamer for a couple of months, and he proved his dedication and skills by finding security vulnerabilities that could damage the business, I happily recommend him here on LinkedIn, and do so in person whenever I have the opportunity.

Yahya Assad Senior Quality Engineer, Leading Point
Author image

Aamer; hacker is an incredibly knowledgeable resource in the Security space. I know Aamer from past seven years. Apart from his professional skills like coding, penetration testing, network security; he is perfect at photography. He possesses a strong command of security configuration as well as business process implementation. He is a very reliable and goal oriented person. Aamer would be a tremendous asset to any organization.

Akthar Nazir Youth Ambassador, UNIGF - INDIA
Author image

under const.

_______ Pentester, Etisalat

Awards Received


Cups of Coffee


Projects Completed


Happy Clients


Say Hello.

If you have a business proposal for me as an individual or as a company, please share your thoughts. I am actively working as a security consultant as a freelancer for many projects around the world.

Something went wrong. Please try again.
Your message was sent, thank you!


Phone: (+1) 515 3379921



Jumeirah Lakes Towers
Dubai, UAE