
Nqood — نقود
Arabic-first AI money tracker · full-stack, solo — schema to UI to ops
$
Hello, I'm
I build apps. I break APKs. I read Binder traces for fun. The stack runs from kernel to UI — I've touched all of it.
Software engineer working across mobile, backend, and offensive security. I ship production software on Android, web, and Windows desktop, design REST APIs in ASP.NET Core and Go, and reverse-engineer Android apps to find real vulnerabilities. I care about systems that hold up in production — maintainable code, sound architecture, and security that's designed in, not bolted on.
I've built RESTful backends in Go and ASP.NET Core and designed multi-store persistence layers for fast, low-cost analytics at scale. On the security side, I hold a DEPI certification in Vulnerability Analysis & Penetration Testing, have reported triaged findings on HackerOne, and ranked Top #43 on Hextree's Google-sponsored Android security platform.
Most engineers stop at the API. I go deeper — framework, runtime, kernel. Understanding the machine is how I master it.
Production apps shipped to real users on Android, web, and Windows desktop.
REST APIs in ASP.NET Core and Go, backed by SQL Server, PostgreSQL, Redis, and MongoDB.
Android pen testing and reverse engineering, OWASP MASVS, HackerOne findings, Hextree Top #43.
Clean Architecture, CI/CD pipelines, auditing systems, and security designed in from the start.
Engineering and security work across product teams, freelance clients, and independent research.
Future of Egypt · Cairo, Egypt
Led Flutter-based web development inside the organization's digital transformation, turning operational workflows into production software.
Syanatuk — Appliance Maintenance Center · Remote
Built and shipped a Windows desktop app that digitized a maintenance business end to end.
El Mohamady Educational Platform · Remote
Built a cross-platform e-learning platform used by teachers and students for daily academic work.
Digital Egypt Pioneers Initiative (DEPI) · Egypt
Completed a government-backed program focused on real-world penetration testing of web and Android applications.
HackerOne · Hextree · Remote
Independently researched Android applications, reported real-world findings through HackerOne, and sharpened offensive skills through challenges.
From shipped products to security assessments. Each opens a full case study.

Arabic-first AI money tracker · full-stack, solo — schema to UI to ops

MDM-managed, air-gapped internal communication (POC)

Mobile application penetration testing

Windows desktop app for an appliance maintenance center

Cross-platform e-learning for a high school

Graduation project — sustainable shipping app
Self-hosted financial-intelligence REST API
RESTful backend with Go & Gin
ASP.NET Core REST API with integration tests

Classical cryptography learning app

Logistics & trip-management UI/UX (internal)

Unity 3D physics platformer
Grouped by how often I actually use them in production — not arbitrary percentages.
Live from the GitHub API — repositories, stars, and the contribution graph, fetched in real time.
Triaged · Ride-hailing platform
Found a CSRF-protection bypass enabling SMS abuse against arbitrary users on a production ride-hailing app.
Reported · Logistics platform
Identified an exposed third-party API key in a production Android app, exploitable for unauthorized use and quota abuse.
Vulnerability Analysis & Penetration Testing
Digital Egypt Pioneers Initiative — a government-backed program covering web and Android penetration testing, PortSwigger Academy labs, and OWASP compliance assessments.
Open to software engineering and security roles. The fastest way to reach me is email — I read everything.