In an era where cyber threats are accelerating and the demand for experts capable of protecting digital systems is growing, young Omani talent is proving that true skill knows no boundaries. Among these emerging figures stands Omar Al Khattab Al Ghawi, a computer engineering student, certified security researcher, web developer, and the discoverer of security vulnerabilities in some of the most sensitive government institutions in the United States and Oman.
Omar didn’t stop at being a learner he became a security researcher whose name is now recorded in the global vulnerability database (CVE), submitting security reports to entities like the U.S. Department of State. His journey, which began with a simple passion, has evolved into a fully integrated professional path reflecting continuous effort, self-learning, and a strong commitment to professional ethics. You can follow his journey on his Instagram account @htbc, where he shares his practical experiences and insights from the world of cybersecurity.
The Beginning: Curiosity That Turned Into An Academic Path
Like many young people, Omar’s interest in technology began with self-exploration. However, he didn’t stop at just using technology he sought to understand what happens behind the screen. How do systems work? How can they be protected? How can one think like an attacker to build stronger defenses?
These questions led him to study Computer Engineering, where he found the right environment to transform his curiosity into academic and practical knowledge. Throughout his university journey, he didn’t limit himself to the curriculum but began building a parallel path based on self-learning and hands-on experimentation.
Cybersecurity: Specializing In The Red Team
As his interest in information security grew, Omar found his true passion in Red Team operations the field that requires thinking like an attacker to discover vulnerabilities before they can be exploited. This specialization goes beyond theoretical knowledge; it demands practical skills and the ability to simulate real-world attacks.
To prove his competence in this field, Omar obtained the eJPT (eLearnSecurity Junior Penetration Tester) certification from INE, a globally recognized credential in penetration testing. This certification confirms his ability to conduct practical penetration tests, his deep understanding of network security, and his proficiency with ethical hacking tools.
Development: Understanding Systems From The Inside
Omar’s interests didn’t stop at cybersecurity they extended to web development using Python, allowing him to build tools and understand systems from a developer’s perspective. This dual skill set (development + security) enables him to see the complete picture how applications are built and how they can be secured.
Continuous Learning: Diverse Certifications And Experiences
Beyond the eJPT, Omar has earned several certifications reflecting his diverse interests and readiness to keep pace with rapid technological advancements:
· On-the-Job Training – Practical training in computer science
· Next Generation Course – From Oman Challenge
· Computer Essentials And Protect Systems From Penetrations – From Edraak Platform
· Microsoft Student Ambassadors – Imagine Cup – Participation In Microsoft’s Student Program
· Shabab Oman Al Mustaqbal 2024 – AI Course With A Total Of 60 Training Hours
These certifications are not just pieces of paper they reflect Omar’s methodology of continuous learning and his readiness to keep up with the rapid developments in the technology field.
Advanced Hands-On Experiments: From Home Lab To Real Systems
What sets Omar’s journey apart is his practical application of technical knowledge. Through his account @htbc, he has shared several advanced experiments that demonstrate his deep understanding of wireless system security.
Car Key Fob Penetration Testing
In an experiment showcasing his expertise in signal hacking, Omar used a HackRF One with Portapack H2 to test a U.S. police car. He captured the encrypted signal used to unlock the car and replayed it the car responded immediately. This experiment revealed that the absence of rolling codes makes such systems vulnerable to replay attacks.
This type of testing falls under wireless penetration testing, a specialized field requiring deep understanding of radio frequencies and encryption mechanisms.
IMSI Tracking Via Cellular Towers
In another experiment, Omar used advanced techniques to track device locations through cellular towers using Dragon OS on RTL-Sdr and HackRF One. This technique, used in digital and wireless forensics, involves capturing IMSI numbers (the digital fingerprint of a phone) and identifying the tower covering a specific area with accuracy down to a few hundred meters.
Omar emphasized the importance of ethical and legal use of such techniques, stressing that they should only be used in personal labs or for educational purposes never to violate others’ privacy.
Building A Home Penetration Testing Lab: HTBCLAB
Believing in the importance of a practical environment for skill development, Omar built a home penetration testing lab he named HTBCLAB. This lab provides him with:
- Isolation And Security: A safe, isolated environment to experiment with hacking tools and techniques without legal or technical risks.
- Realistic Simulation: The ability to simulate real-world attack scenarios in a controlled environment.
- Complex Scenario Building: The opportunity to design and execute advanced penetration testing scenarios that reflect real-world challenges.
Omar describes this lab as “a digital gym for your cybersecurity muscles,” emphasizing that the goal is purely educational.
Professional Security Discoveries: From The U.S. Department Of State To A Certified CVE
What truly distinguishes Omar Al Khattab’s journey is his transition from learning and experimenting in his home lab to professional security research discovering real vulnerabilities in highly sensitive systems at a global level.
Vulnerability In The U.S. Department Of State Website
As part of his security research activities, Omar examined the U.S. Department of State website (official archive) and discovered a Reflected XSS vulnerability on the following page:
By injecting JavaScript code through the year parameter, he was able to trigger an alert box, confirming the existence of the vulnerability. This discovery demonstrated his ability to analyze sensitive government systems and identify weaknesses with precision.
Internationally Certified Vulnerability: CVE-2025-53770
The most significant achievement in Omar’s journey was his discovery of a critical security vulnerability in the official website of the National Center for Statistics and Information in Oman (www.ncsi.gov.om). This vulnerability was assigned CVE-2025-53770 with a severity score of 9.8 out of 10 an exceptionally critical rating.
Potential impact of the vulnerability:
· Remote Code Execution (RCE)
· Bypassing security controls and protections
· Unauthorized access to user data
· Service disruption or misuse
To discover this vulnerability, Omar developed a custom scanning tool that confirmed the presence of the weakness on the target server.
Recommendations he provided:
· Update systems and packages to the latest patched versions
· Temporarily disable vulnerable functionality if possible
· Monitor logs for any indicators of exploitation
Receiving a CVE (Common Vulnerabilities and Exposures) is an international recognition of a security researcher’s capabilities and stands as a significant achievement for any cybersecurity professional, especially in the Arab region.
Ethical Responsibility In Cybersecurity
What sets Omar Al Khattab apart is not just his technical skills but his strong ethical awareness. Across all his experiments and discoveries, he emphasizes:
· Never using hacking tools on devices or numbers you don’t own
· Complying with local and international laws
· Using technical knowledge only for educational and defensive purposes
· Responsibly disclosing vulnerabilities to the relevant authorities
This awareness reflects significant maturity and makes him a role model in the field of cybersecurity.
Projects And Digital Identity
Omar manages his projects through his accounts @_zrw and @sahp, where he showcases his journey and skills. These platforms are not just social media accounts they are part of building his digital identity as an ambitious young technologist.
His personal account @htbc is the main window to follow his journey, where he shares his hands-on experiments, security discoveries, and cybersecurity insights.
A Message To The Next Generation
Omar Al Khattab represents a model for Arab youth who understand that the digital future requires real skills, not just theoretical certificates. His story says:
You can start with a simple passion and transform it into an integrated academic and professional path if you’re willing to learn and work hard. Don’t be afraid to experiment, and don’t hesitate to share your knowledge cybersecurity is a collective responsibility.
Conclusion
At a time when cyber threats are increasing and the need for cybersecurity experts is growing, Omar Al Khattab proves that Arab talent is capable of competing on a global stage. With a journey that combines:
· Computer engineering and academic education
· eJPT international certification in penetration testing
· Advanced hands-on experiments in wireless hacking
· A home penetration testing lab for realistic scenario simulation
· Discovery of security vulnerabilities in international and local institutions
· An internationally certified CVE with a critical severity score of 9.8
· Commitment to professional ethics in security research
He stands as a role model for any young person looking to make their mark in the world of technology.
To follow his technical journey, hands-on experiments, and security discoveries, visit his Instagram account @htbc.
His journey is far from over it is only the beginning of a long path of creativity and excellence.
Read Next – Affordable Restaurants in Al Jaddaf: Best Budget Eats
