I’m Koussay Dhifi, a Software Engineering student and Junior Penetration Tester (eJPT) based in Tunis, Tunisia.

I hold a Bachelor’s degree (Licence) in Computer Science from ISTIC Borj-Cedria and I am currently pursuing an Engineering degree in Software Engineering at the Faculty of Sciences of Tunis (FST). My academic background covers computer networks, operating systems, databases, and software engineering, with a strong practical focus on cybersecurity.

I am eJPT-certified and actively train in offensive security through hands-on labs, real-world simulations, and CTF challenges. My main technical focus areas include:

Web application penetration testing (XSS, DOM-based vulnerabilities, authentication and logic flaws)

Information gathering & reconnaissance (manual methodology, attack surface mapping)

Network fundamentals & network-level attack understanding

Basic exploitation workflow and post-exploitation concepts

Secure coding and vulnerability analysis at a low level (C)

I place strong emphasis on manual testing and understanding root causes rather than over-reliance on automated tools. I regularly work on PortSwigger Web Security Academy and TryHackMe, and I document my findings through detailed, step-by-step write-ups, focusing on methodology, payload construction, and defensive lessons learned.

In parallel, I have experience in software development and research. I completed a data science and machine learning internship with ISTIC and Aizu University (Japan), contributing to data analysis and model development, and I have worked as a full-stack developer on production-oriented applications. This background allows me to approach security issues with a strong understanding of how systems are designed and implemented.

This blog functions as a technical logbook where I publish:

Penetration testing and CTF write-ups

Research-oriented articles on cryptography, network protocols, and system security

Practical security experiments and tooling notes

My professional objective is to join a security team, CERT, or penetration testing role at a junior level, where I can contribute, learn from real incidents, and continue developing strong fundamentals in offensive and defensive security.

I value methodology, documentation, and continuous learning, and I strongly believe in responsible disclosure and privacy-aware security practices.