Hi, I’m Khaled Al-Refaee (Ozex) — a cybersecurity consultant and penetration tester focused on offensive security, vulnerability assessment, red teaming, and practical security research.

This blog documents my technical notes, public remediation guides, vulnerability advisories, lab walkthroughs, and consultant-style reporting references. The goal is to make each post useful for both technical teams and decision-makers by connecting exploitation risk with detection, remediation, and business impact.

Focus Areas

  • Web, API, mobile, infrastructure, and internal network penetration testing
  • Active Directory attack paths, Kerberos/NTLM risks, and lateral movement analysis
  • Red team simulation and adversary emulation in controlled environments
  • Vulnerability reporting, remediation guidance, and executive risk translation
  • SAMA, NCA, OWASP, CWE, MITRE ATT&CK, and NIST-aligned security mapping
  • OT/ICS and enterprise security assessment research

Certifications

  • OSCP+
  • OSWP
  • CRTP in progress
  • OSEP in progress

Blog Philosophy

Every post should aim to answer four questions:

  1. What is the issue?
  2. Why does it matter?
  3. How can it be validated safely?
  4. How can it be fixed and communicated professionally?

Feel free to support the blog here: Buy Me a Coffee.