Master's in Cybersecurity and Information Assurance

Class of 2021

Obtained Skills Through the Degree

  • Information security and assurance
  • Cybersecurity architecture and engineering
  • Secure network design
  • Cybersecurity management
  • Secure software design
  • Ethical hacking
  • Forensics and network intrusion

My OSCP Journey

Practicing with CTF-type platforms  

Like everyone else, I started watching walkthrough videos and reading blog posts in the beginning to familiarize myself with methodologies while taking detailed notes and following along with them with my Kali Linux machine. 

PEN-200 Labs 
  • 78 machines completed (All of the 2022 lab machines)
  • Besides working on lab machines, I've learned some core penetration testing methodologies. Below is not the complete list but the summary of the learning progress.
  • Port scanning with Nmap
  • Directory busting with gobuster/dirsearch 
  • HTTP enumeration with Nikto and CMS scanning tools such as WPscan 
  • SMB enumeration
  • Active Directory enumeration and attacks using popular tools like mimikatz and powerview, obtaining domain controller's kerberos tickets and cracking them offline to access it.
  • Cracking passwords with patator/john 
  • Creating malicious executables with msfvenom
  • PHP command injection 
  • Exploitation with Powersploit 
  • SQL injection (Union attacks, login bypass)
  • LFI/RFI
  • Using Burpsuite to observe network traffics and brute force logins
  • Privilege Escalation techniques such as spawning a tty shell/utilizing GTFO bins to get root shells/cross compiling exploits/modifying and exploiting cron jobs) 
  • Various Antivirus evasion techniques
  • Finding public exploits for vulnerable services, modifying them if needed to exploit machines
  • Buffer Overflow exploitation
  • Transferring files between Kali and the Target using different techniques 

Check out my tutorial videos here 

My extensive Pentesting notes can be found here 

Web App Penetration Testing and Secure Coding

After passing the OSCP, I wanted to learn more about how the web based attacks work and how we can protect applications from these attacks. So, I decided to learn more by doing the followings.

PortSwigger's Academy 

Secure Coding

  • I'm currently learning OWASP ASVS secure coding practice in Java and Python through the Secure Flag platform.
  • I'm also learning to build applications in java and python, introducing vulnerabilities in them, and mitigate them by applying the secure code/ practices.

Trying out for bug bounty

  • I've tried out for some bug bounty programs to test my skills and I was successfully able to submit some valid reports.
  • By working through some programs, I learned valuable enumeration techniques, established testing methodologies, and became competent in writing comprehensive POC for bug bounty program engineers.

BLOG

I post CTF Walkthroughs and OSCP Preparation Content.

Read More

Cyber Security Projects 

I believe in learning by doing.

 

  • Created a PiVPN with a Raspberry Pi
  • Integrated Snyk into my private repos for scanning and fixing vulnerabilities
  • Created a phishing payload with javascript and C#, injecting the payload inside an HTA and creating an lnk file for a reverse shell.
  • Wrote a Password Generator Program with Python

I want to stay in touch with you! Follow me on social media!