I'm Oussama. RahmouniDev isn't a company. It's a product factory I run alone: offensive security tools, system design, thinking frameworks, software engineering, and cybersecurity content. One operator. One stack. No agency overhead.

This factory is part of a larger architecture — a Life Operating System I'm building to solve a specific problem: polymath paralysis. Trying to master backend engineering, red team operations, Quranic scholarship, game theory, and physical conditioning simultaneously doesn't create a genius. It fragments identity, guarantees burnout, and dilutes execution. So I don't build everything at once. I architect one domain, ship it as a repeatable system, and move to the next.

I'm not a "hustler with a prayer mat." Not a "cyber-ninja quoting Rumi." Not a content creator monetizing spirituality. I'm a systems architect who masters domains sequentially, ships artifacts that outlive them, and anchors my work to non-negotiable temporal boundaries — without conflating the sacred with the technical.

What ships here aren't portfolio pieces. They're autonomous factories: tools I run without babysitting, systems I design to own their complexity, and content I publish to expose what others won't. The domain shifts. The factory stays the same. Right now, I'm shipping security intelligence platforms, real-time data infrastructure, and multi-market extraction pipelines. Tomorrow, it could be protocol research, thinking systems, or autonomous agents. I build in public because transparency forces discipline. It filters for operators who value ownership over dependency.

US-registered (RahmouniDev LLC)

If you're building something that needs autonomous systems, security infrastructure, or backend architectures that actually run in production — let's talk.No middlemen. No agency handoffs. Just direct engineering, shipped under constraints.

Technical_Specialization

Engineering Depth.

Backend_Platform

  • Node.js & TypeScript (strict)
  • NestJS & Event-Driven Architecture
  • WebSockets & Real-Time APIs
  • REST, GraphQL & Custom Protocols
  • PostgreSQL, Redis & MongoDB

Data_Intelligence

  • Large-Scale Web Extraction
  • HTTP Internals & TLS Fingerprinting
  • Behavioral Anti-Detection Engines
  • Multi-Market Data Pipelines
  • Mobile API Reverse Engineering

Cloud_&_Infrastructure

  • AWS
  • Docker & Containerized Services
  • Git, GitHub & GitLab CI/CD
  • Linux Server Administration
  • Nginx & Process Management

Security_&_Systems

  • Proxy Networks & Rotation Systems
  • Protocol Engineering (MTProto, WA)
  • Frida & Dynamic App Instrumentation
  • Offensive Security Tooling
  • WAF Bypass & TLS Probing

Offensive_Engineering

  • PE32+ binary construction from scratch (Python struct)
  • C2 cryptography — X25519, HKDF-SHA256, AES-256-GCM
  • Web exploitation — SQLi, SSTI, CMDi, XSS, CVE probing
  • RF & SDR — RTL-SDR, HackRF, GNU Radio, signal decode
  • NFC/RFID — ISO 14443-A, MIFARE Classic, HID Prox, NDEF
  • Wireless — 802.11, BLE GATT, PMKID, Evil Twin, KARMA

Engineering_Philosophy

How I Build.

Systems should own their own complexity — if you need a diagram to explain the control flow, the code is wrong

Real expertise is knowing which layer a problem belongs to: network, protocol, application, or data

Anti-patterns in the wild are a roadmap — once you can break a system, you understand how to build its replacement

The ungettable data is the most valuable — solve the access problem first, the storage problem is solved

Technical_Projects

Building Systems.

APEX — Crawl Infrastructure Platform

Production crawl platform built on adversarial primitives — TLS fingerprinting, behavioral emulation, proxy orchestration, session management. Operating crawler campaigns across food delivery, automotive, and custom data clients across 5+ EU markets. The anti-detection layer is the actual product.

Node.jsTypeScriptPostgreSQLProxy RotationTLS Fingerprinting

The same anti-detection infrastructure that powers APEX informs the offensive research — and vice versa. Understanding how detection systems work makes the crawler harder to catch.

Red Team Suite — Private Security Research

Private offensive security research across the full attack chain: PHOBOS, ARES, NYX, STYX, SIGINT, HERMES, PROTEUS. Built to understand how systems break from the engineering side. Long-term research path, not a current service offering.

TypeScriptGoPythonLinuxGNU Radio

Anti-bot evasion and offensive tooling share the same primitives. Building both sides of the problem produces better work on each side.

Al Bayrouni — Technical Content Platform

Long-form technical writing from first-hand implementation. Crawl architecture, anti-detection systems, security engineering — 50+ articles covering real work in progress. MENA region focus. Not tutorials. The actual technical record.

Next.jsNestJSPostgreSQLStripeDocker

Writing forces precision. Every article is a post-mortem or deep dive on something built, broken, and understood — not summarized from documentation.

Consulting — Crawl & Data Infrastructure

Selective client engagements: anti-bot architecture, data pipeline design, Node.js/TypeScript systems. Fixed scope, senior-level only. The work is the same technical depth as APEX — applied to a client's specific data problem.

Node.jsTypeScriptPostgreSQLAWSNestJS

Every engagement starts with the actual problem — not a generic service package. If the problem is getting reliable structured data from systems that resist it, that's the specific thing built here.