About

I'm Oussama. RahmouniDev isn't a company. It's a product factory I run alone: offensive security tools, system design, thinking frameworks, software engineering, and cybersecurity content. One operator. One stack. No agency overhead.

This factory is part of a larger architecture—a Life Operating System I'm building to solve a specific problem: polymath paralysis. Trying to master backend engineering, red team operations, Quranic scholarship, game theory, and physical conditioning simultaneously doesn't create a genius. It fragments identity, guarantees burnout, and dilutes execution. So I don't build everything at once. I architect one domain, ship it as a repeatable system, and move to the next.

I'm not a "hustler with a prayer mat." Not a "cyber-ninja quoting Rumi." Not a content creator monetizing spirituality. I'm a systems architect who masters domains sequentially, ships artifacts that outlive them, and anchors my work to non-negotiable temporal boundaries—without conflating the sacred with the technical.

What ships here aren't portfolio pieces. They're autonomous factories: tools I run without babysitting, systems I design to own their complexity, and content I publish to expose what others won't. The domain shifts. The factory stays the same. Right now, I'm shipping security intelligence platforms, real-time data infrastructure, and multi-market extraction pipelines. Tomorrow, it could be protocol research, thinking systems, or autonomous agents. I build in public because transparency forces discipline. It filters for operators who value ownership over dependency.

Based in Tunisia • US-registered (RahmouniDev LLC)

If you're building something that needs autonomous systems, security infrastructure, or backend architectures that actually run in production—let's talk.No middlemen. No agency handoffs. Just direct engineering, shipped under constraints.

Technical_Specialization

Engineering Depth.

Backend_Platform

  • Node.js & TypeScript (strict)
  • NestJS & Event-Driven Architecture
  • WebSockets & Real-Time APIs
  • REST, GraphQL & Custom Protocols
  • PostgreSQL, Redis & MongoDB

Data_Intelligence

  • Large-Scale Web Extraction
  • HTTP Internals & TLS Fingerprinting
  • Behavioral Anti-Detection Engines
  • Multi-Market Data Pipelines
  • Mobile API Reverse Engineering

Cloud_&_Infrastructure

  • AWS
  • Docker & Containerized Services
  • Git, GitHub & GitLab CI/CD
  • Linux Server Administration
  • Nginx & Process Management

Security_&_Systems

  • Proxy Networks & Rotation Systems
  • Protocol Engineering (MTProto, WA)
  • Frida & Dynamic App Instrumentation
  • Offensive Security Tooling
  • WAF Bypass & TLS Probing

Offensive_Engineering

  • PE32+ binary construction from scratch (Python struct)
  • C2 cryptography — X25519, HKDF-SHA256, AES-256-GCM
  • Web exploitation — SQLi, SSTI, CMDi, XSS, CVE probing
  • RF & SDR — RTL-SDR, HackRF, GNU Radio, signal decode
  • NFC/RFID — ISO 14443-A, MIFARE Classic, HID Prox, NDEF
  • Wireless — 802.11, BLE GATT, PMKID, Evil Twin, KARMA

Engineering_Philosophy

How I Build.

Systems should own their own complexity — if you need a diagram to explain the control flow, the code is wrong

Real expertise is knowing which layer a problem belongs to: network, protocol, application, or data

Anti-patterns in the wild are a roadmap — once you can break a system, you understand how to build its replacement

The ungettable data is the most valuable — solve the access problem first, the storage problem is solved

Technical_Projects

Building Systems.

APEX — Delivery Market Intelligence

Multi-platform pricing intelligence pipeline for the restaurant delivery industry. Extracts structured menu data, competitor pricing, and market positioning across major delivery platforms — normalized per zip code, refreshed weekly, sold as a B2B data feed to restaurant operators and ghost kitchens.

Node.jsTypeScriptPostgreSQLProxy RotationTLS Fingerprinting

Full store + menu pipeline per market: listing → store detail → item-level pricing. Covers cuisine, priceBucket, ETA, delivery fee, and 100+ items per restaurant.

ARES — Web Exploitation Framework

69-module TypeScript offensive framework covering the full web attack surface. SQLi (error/union/time/boolean), SSTI with engine fingerprinting and RCE escalation, XSS, CMDi, AJP Ghostcat, HTTP/2 race conditions, GraphQL introspection fuzzing, JWT attacks, WebSocket injection, IAM privilege escalation, and CVE probing — all proxy-aware with WAF bypass built in.

TypeScriptNode.jsSOCKS5TorPython

Single-command full web app scan: crawler → headers → injection → auth → CVE → cloud → report. MITRE ATT&CK mapped, CVSS scored, JSON output.

PHOBOS + NYX — Delivery Chain & C2

PHOBOS generates weaponized delivery artifacts — Office macros, HTML smuggling, ISO containers, PE32+ XLL add-ins, WIM droppers, polyglot PDF/ZIP files, steganographic PNGs — each embedding a call to the NYX stager. NYX is the C2 framework: X25519 key exchange, HKDF-SHA256 session keys, AES-256-GCM with monotonic nonces, Go beacon with sleep masking and NTDLL unhooking.

PythonGoTypeScriptNode.jsLinux

21 delivery modules in PHOBOS, each generating a different artifact class. NYX handles beacon tasking, DoH transport, and AMSI bypass — full chain from lure to live session.

SIGINT — RF & Signals Intelligence Toolkit

22-module Python toolkit across 5 signal tiers: NFC/RFID (ISO 14443-A, MIFARE Classic, HID Prox, NDEF poisoning), 802.11 (PMKID capture, Evil Twin, KARMA), BLE (GATT enumeration, iBeacon/Eddystone spoofing), RF (OOK replay, POCSAG pager decode, TPMS tracking), and special signals (ADS-B, GPS spoofing, Zigbee, Z-Wave, NOAA satellite APT).

PythonRTL-SDRHackRFProxmark3Flipper Zero

Hardware-abstracted — same module runs against Proxmark3, HackRF, or RTL-SDR depending on what's connected. CLI-driven, engagement-scoped, structured JSON output per capture.