Breaking web applications, one assumption at a time.
- π Cybersecurity enthusiast focused on Web & Network Security
- π§ͺ Strong hands-on experience with labs, attack simulations & system hardening
- β‘ Interested in SSRF, IDOR, RCE, Privilege Escalation
- 𧩠Approach: Understand systems deeply β break them β secure them
- π Web Application Security Testing (VAPT)
- π Reconnaissance & Attack Surface Mapping
- π§ͺ Exploit Development & PoC Creation
- π‘οΈ Linux System Hardening & Secure Configurations
- π‘ Network Analysis & Traffic Inspection
- Built a lightweight JS scanner in Go to optimize local recon and faster triage.
- Identifies hardcoded secrets, risky client-side sinks, prototype pollution patterns, and GraphQL clues.
- Maps basic source-to-sink flows and features both a CLI and local Web UI.
- Developed utilizing only the standard library for maximum speed and zero-dependency execution.
- π Check out Peelr
- Built a multi-node lab using Hyper-V
- Simulated real-world attack scenarios (Kali vs Metasploitable2)
- Configured network isolation to prevent traffic leakage
- Implemented system hardening (SSH keys, UFW, non-root access)
- Designed intentionally vulnerable environment for hands-on exploitation
- Practiced web attacks using Burp Suite (interception & manipulation)
- Integrated credential extraction challenges (Hashcat, Steganography)
- Simulated privilege escalation paths and misconfigurations
- Applied Linux system hardening techniques
- Secured environments using firewall rules (UFW)
- Configured secure authentication mechanisms (SSH key-based access)
- π Advanced Bug Bounty Hunting
- β‘ Exploit chaining (multi-step vulnerabilities)
- π§ Deep dive into API Security & Logic Flaws
- π‘οΈ Blue Team basics (SOC workflows & detection)
- π‘οΈ Certified SOC Analyst (CSA)
- π Certified in Cybersecurity (ISC2)
- π§ͺ TryHackMe β Jr Penetration Tester Path
"Security is not about tools. It's about understanding systems well enough to break assumptions."