Available for opportunities Beirut, LB EET — UTC+2

Maurice Haddad.

Cybersecurity Engineer/Microsoft Security Specialist

I architect and operate detection and response systems on the Microsoft security stack — Sentinel, Defender XDR, Entra ID — with a working knowledge of the offensive techniques those systems are built to stop.

View work Get in touch
Maurice Haddad
scroll
About

Engineering security across the full stack — from identity to inbox.

I'm a Cybersecurity Engineer at Exquitech Group, a Microsoft Security partner. My day-to-day spans the full lifecycle of cloud-native SOC operations: deploying Microsoft Sentinel from greenfield, engineering KQL detections, leading incident response on compromised tenants, and architecting Zero Trust controls through Entra ID.

I hold a Bachelor of Engineering in Computer Science from the American University of Beirut, where I focused on ethical hacking, internet security, and security engineering. That background — the offensive instinct paired with rigorous defensive operations — shapes how I think about every detection I write and every policy I deploy.

0+
Months Industry
Experience
0+
THM Rooms
Completed
0
Industry
Certifications
Top 0%
Global Ranking
on TryHackMe
Experience

Building & defending production environments at scale.

Exquitech Group
Nov 2025 — Present
Cybersecurity Engineer · Microsoft Security Partner
Beirut, Lebanon · On-site
  • Deploy Microsoft Sentinel end-to-end for enterprise clients — provisioning Log Analytics Workspaces, data connectors, analytical rules, workbooks, automation rules, and SOAR playbooks.
  • Engineer custom KQL detection rules and triage incidents across Sentinel and Microsoft Defender XDR in multi-tenant client environments.
  • Lead incident response engagements for compromised clients — driving containment, eradication, and remediation of active threats.
  • Implement Microsoft Defender for Office 365 from the ground up; harden email security by configuring SPF, DKIM, and DMARC.
  • Architect Zero Trust solutions and Conditional Access policies via Microsoft Entra ID; deliver client configuration walkthroughs and technical documentation.
Obegi Consumer Products Holding
Jun — Aug 2025
Cybersecurity Intern
Zouk Mosbeh, Lebanon · On-site
  • Gained hands-on experience with the CrowdStrike dashboard, monitoring for suspicious activity and developing a strong understanding of its capabilities.
  • Contributed to hardening Active Directory by identifying misconfigurations and implementing security best practices.
  • Conducted Active Directory penetration testing and developed a remediation report that was adopted across operations in Lebanon, Iraq, and Syria.
  • Received training on Microsoft Defender for Office and fine-tuned threat policies to enhance organizational security posture.
  • Completed training in core networking concepts, key protocols, and common network-based attacks.
IEEE — AUB Student Branch
Sep 2024 — Jun 2025
Cybersecurity Team Lead
Beirut, Lebanon
  • Led a team of 6 members to organize and execute cybersecurity initiatives and events.
  • Initiated and hosted a Cybersecurity Series featuring several leading companies, each offering interactive sessions and internship opportunities.
  • Collaborated with university clubs and external academies to conduct hands-on cybersecurity workshops.
  • Organized and participated in Capture The Flag (CTF) competitions to promote practical cybersecurity skills.
  • Delivered ethical hacking revision and training sessions.
Selected Work

Hands-on projects across the red and blue spectrum.

// Project 01 Offensive Security

Active Directory Pentesting & Hardening

End-to-end Active Directory attack chain executed against a lab forest, followed by a remediation playbook for the same environment.

  • Compromised 10+ high-privilege accounts using Pass-the-Hash, Kerberoasting, and DCSync.
  • Performed deep AD enumeration with PowerView and LDAP — extracting SPNs, ACLs, and trust relationships.
  • Automated end-to-end attack chains with BloodHound and Impacket — mapping trust paths and deploying tailored payloads.
BloodHound Impacket PowerView Kerberos LDAP
// Project 02 Detection

Wazuh SIEM Deployment & Custom Rule Engineering

Production-grade SIEM rollout with custom detection logic for Windows and Linux estates.

  • Deployed Wazuh agents on Windows and Linux to collect event logs and Sysmon telemetry.
  • Engineered custom rules for PowerShell abuse, privilege escalation, and suspicious user activity.
  • Integrated VirusTotal API and configured File Integrity Monitoring for critical assets.
Wazuh Sysmon VirusTotal API FIM
// Project 03 Evasion

AV Evasion Framework

Python tool that obfuscates PowerShell payloads to bypass signature- and heuristic-based AV.

  • Integrates dynamic API resolution, shellcode encryption, and multi-layer obfuscation.
  • Achieved a 99% evasion rate against Microsoft Defender through iterative payload tuning.
  • Built around a modular pipeline so new evasion techniques can be plugged in cleanly.
Python PowerShell Shellcode
// Project 04 Network Security

SDN-Based DDoS Detection in IoT Networks

SDN system that detects and mitigates DDoS attacks in IoT networks via traffic analysis and rate limiting.

  • Built a Contiki-NG simulation in Cooja with SDN controller, normal nodes, and attacker nodes.
  • Implemented detection thresholds, blacklist management, and traffic-similarity metrics for mitigation.
  • Designed UDP-based communication and cosine-similarity scoring to flag abnormal traffic.
Contiki-NG Cooja Python C++
// Project 05 MITM

ARP Spoofing — Attack & Detection

Paired attacker and defender tools demonstrating ARP-based MITM and real-time detection.

  • Attacker tool simulates ARP spoofing to intercept traffic on a local network.
  • Defender tool monitors MAC-IP mappings and alerts on anomalies.
  • Includes automated remediation — restoring legitimate ARP entries to mitigate the attack.
Python Scapy netifaces
Credentials

Verified industry certifications.

SC
Dec 2025Issued

Identity & Access Administrator Associate

Microsoft · SC-300
AZ
Oct 2025Issued

Azure Fundamentals

Microsoft · AZ-900
N+
Jul 2025Issued

CompTIA Network+

CompTIA · N10-009
Recognition

Top 2% globally on TryHackMe.

A consistent practice loop — participating in global CTFs, documenting walkthroughs, and sharpening offensive technique.

400+
Day Streak
150+
Rooms Solved
21
Badges Earned
2%
Global Rank
Stack

Tools, platforms, and technical depth.

Security Platforms
Microsoft SentinelDefender XDRDefender for Office 365Entra IDCrowdStrike FalconWazuh
Offensive Tooling
NmapMetasploitBurp SuiteBloodHoundImpacketPowerViewNessusSQLMapWireshark
Languages
PythonPowerShellKQLSQLBash
Cloud & Identity
AzureActive DirectoryConditional AccessZero TrustSPF / DKIM / DMARC
Operations
Incident ResponsePenetration TestingThreat HuntingSOC OperationsDocumentation
Languages (Spoken)
EnglishArabicFrench
Contact

Let's build something resilient.

LinkedIn GitHub TryHackMe