Abdullah Baghuth
// Senior Security Engineer @ COGNNA · Riyadh, SA
Security Architecture · Detection Engineering · DFIR · Cloud Security (GCP) · Published CVE Researcher
Who I Am
Senior Security Engineer with 5+ years of experience across security architecture, detection engineering, and digital forensics & incident response (DFIR). I specialize in securing enterprise and cloud environments on GCP, optimising EDR stacks, and engineering detection coverage in Google SecOps (Chronicle).
At COGNNA (Riyadh) I lead security architecture design, build SIEM detection rules and dashboards, automate workflows with n8n, and manage the full incident lifecycle — from compromise assessment to remediation tracking. I have also published three critical CVEs (CVE-2022-2921, CVE-2022-2927, CVE-2022-2888) through responsible disclosure on Huntr.dev.
A strong believer in the power of open knowledge — every CVE report, blog writeup, and open-source tool is my contribution back to the community that shaped me.
🛡️ Core Competencies
Featured Work
Ethical Hacking Toolkit (EHTK)
A comprehensive open-source collection of tools, cheat sheets, and resources for ethical hackers and penetration testers. Covers CEH, OSCP, eCPPT, and PNPT frameworks — battle-tested in real engagements.
View Project →Linux Commands Reference
A curated, practical guide to the most essential Linux commands for security professionals and system administrators — battle-tested in real pentesting engagements and designed for rapid field reference.
View Project →Elastic-Case BlueTeam Challenge
Published SOC/Blue Team challenge on CyberDefenders using the ELK stack. Helps defenders practice real-world incident response, log analysis, and threat hunting scenarios in a safe environment.
View Project →MITRE ATT&CK Research & Tooling
Active research and contributions to MITRE ATT&CK-aligned tooling and threat modeling. Uses Mitre-Assistant to map adversary TTPs, build detection strategies, and validate security controls.
View Research →Cybersecurity Blog
Technical writeups covering malware analysis, Windows internals, DFIR techniques, CTF walkthroughs, and adversary simulation — all freely shared with the community to advance collective knowledge.
Read Blog →Certifications & Achievements
Google Cloud Security
Professional Cloud Security Engineer
Google PCSE
Validates expertise in designing and implementing secure infrastructure on GCP — IAM, data protection, network security, and governance controls.
Verify Credential →Google SecOps Engineer
Professional Security Operations Engineer
Google PSOE
Validates expertise in security operations, threat detection, Chronicle SIEM, and building detection-as-code pipelines in Google SecOps.
Verify Credential →CCD
Certified CyberDefender — CyberDefenders
Certified CyberDefender
Demonstrates Blue Team skills in threat hunting, SOC operations, log analysis, and incident response across real-world scenarios.
View Platform →CEH v11
Certified Ethical Hacker — EC-Council
CEH v11
Covers all 20 ethical hacking domains — from footprinting and network scanning to malware analysis and social engineering.
Verify Credential →CVE Researcher
Huntr.dev · 3 Critical CVEs
CVE-2022-2921 · 2927 · 2888
Published three critical CVEs through responsible disclosure on Huntr.dev. Collaborated with development teams to guide mitigation strategies.
View Profile →CyberDefenders
Blue Team Challenge Author & CCD
CyberDefenders Contributor
Published the Elastic-Case Blue Team challenge using ELK stack. Helps SOC analysts practice real-world incident response and log analysis.
View Challenge →🔗 For verified credentials visit linkedin.com/in/abdullah-baghuth
Latest Writeups
Dissecting Modern Malware: Windows Internals & Evasion Techniques
A deep-dive into how modern malware abuses Windows APIs, process injection, and LOLBins to evade detection and establish persistence.
Read More →CTF Walkthrough: Chaining Logic Flaws to RCE
Step-by-step walkthrough of a complex CTF challenge combining SSRF, SSTI, and privilege escalation to achieve full remote code execution.
Read More →Building Detection Rules with MITRE ATT&CK & ELK Stack
How to operationalize the MITRE ATT&CK framework into actionable detection rules in Elasticsearch, tested against real adversary TTPs.
Read More →Let's Connect
Whether you're looking for a penetration tester, want to collaborate on security research, or just want to talk about the latest threat landscape — my inbox is always open.
📧 abdullahsalem7737@gmail.com