About – BOOK

Last Updated on January 16, 2026 by aghanim

This website is created by Alaa Ghanim. I’m currently working as a penetration tester and this website is mainly used for documenting my cyber security journey. There is so much to learn and keep track of, so its kind of a library where I add everything new I learn and use it as a reference point.

When I write, I try to write in a way I understand. Many of the topics in cyber security can be advanced and hard to understand, so writing it with my own words helps me understand it better. Also testing each technique in my lab will help me understand it even better.

My homelab consists of a HP MicroServer gen 8 running TrueNas with 32TB pool and a Windows with i9 9900k, 64GB ram, 1060TI. This is where my main VMs are hosted (WordPress, NGINX, Ludus, Plex). My main daily drive is a Legion 7 (3090, 32GB ram, Ryzen 9 5900HX).

I mostly edit Handbook I – Basic – BOOK_GHANIM, Handbook II – Advanced – BOOK_GHANIM, Handbook IV – RedTeam – BOOK_GHANIM (RedTeam notes is password protected because of ZeroPoints Policy, if you’re enrolled message me and I’ll give you the password). And sometimes I write new blog post if I find that a topic deserves one.

I enjoy red teaming engagements with lateral movement in the network and AV evasion. I especially enjoy MalDev and recommend https://maldevacademy.com to anyone new to the topic. As malware development require one to understand the underlying system they’re writing the malware for, it is essential one is confident with at least one programming language. For that reason I choose to spend a year (2025) only learning C#. In my opinion, that has elevated my ability to do red team engagements. To be able to develop your own tools, modify existing tools to fit your need, or understanding how a system works by studying the source code feels really great.

Why C#? I was a little familier with C# from before, and my collegues at work had extensive experience in the language, so it was natural to choose to learn it. C# is regularly maintained, is vast, and can be used to create almost anything. From websites, cross-platform applications, API backends, malware, C2 frameworks. It’s a beautiful, flexible and straight-forward language. My goal is to spend at least two to three years really mastering it (as well as doing other cyber security related work) before eventually moving on to learning a low level language such as C. I think a combination of those two languages will go well together.

The journey is long, but I enjoy every bit of it. There is always something to learn, and always someone better than you that you can learn from. In my experience, the more I learn the less I know. Cyber security is so vast, so big, its impossible to be good at everything. Find your niche and persue that. Documentation is in my opinion one of the greatest way to improve. You are forced to understand and test what you learn which is great for learning.

If you want to talk about hacking or maldev, feel free to add me on LinkedIn. Always looking to expand my network.