About
Hi, I’m Mahmoud (aka falcon0x1) 👋
I’m a penetration tester in continuous learning, focused on Web, API, and Android security.
This blog is where I share what I learn while studying, practicing, and testing.
Some posts represent solid conclusions, while others are learning notes written during the process — both are intentional.
Writing helps me understand security topics more deeply, and sharing them helps others who are learning along the same path.
What This Blog Is About
Here you’ll find:
- Notes from labs, courses, and hands-on practice
- Android and API attack surface exploration
- Traffic interception and security misconfigurations
- Logic flaws explained through real, reproducible examples
This is not a theory-only blog.
Everything here comes from doing, not just reading.
How I Use This Blog
I use this blog to:
- Turn study sessions into clear, structured notes
- Document progress and revisit concepts later
- Practice explaining security topics simply
- Build a personal knowledge base I can rely on
If something improves or changes later, I update it. Learning evolves.
My Learning Rule
Learn → Test → Break → Document → Repeat
If I can reproduce an issue and explain why it happens, I consider it learned.
Want to Follow Along?
If you’re interested in application security, Android pentesting, or learning by breaking things:
- GitHub: https://github.com/falcon0x1
- LinkedIn: https://www.linkedin.com/in/mahmoud-elshorbagy-b77b38234/
Feel free to explore, learn, or question anything you see here.