My Projects
A collection of my work in cybersecurity, from scripts to full-fledged pentests.
WAF Fingerprinting & Behaviour Analysis
Lab-based WAF fingerprinting using WAFW00F, observing response differences across request types to understand how WAFs classify traffic.
Web Server Enumeration & HTTP Analysis
Analyzing HTTP headers, status codes, and content types through request manipulation, directory discovery, and mapping server behaviour.
XODA File Upload Exploitation (Lab)
A controlled lab exercise on file upload exploitation, tracking request structures and detection patterns to identify indicators for signature logic.
Attacks Against ML Models
Techniques for fooling or bypassing machine-learning models. Covers adversarial attacks, model vulnerabilities, and implementation examples.
Password Cracking Basics
Hands-on practice with password hashes, cracking tools, and brute-force/wordlist attacks. Demonstrates methodology used in real assessment workflows.
Wireshark Packet Analysis
Packet-level inspection, protocol dissection, and network flow understanding using Wireshark. Shows investigative workflow for security analysts.
CTF – Windows Recon: SMB + Nmap Scripts
Identifying SMB services, supported dialects, and vulnerabilities using advanced Nmap scripting. Focuses on Windows enumeration.
CTF – Windows Recon using Zenmap
Graphical recon and host scanning workflow using Zenmap. Shows visual topology, open ports, and OS detection insights.
Exploiting SMB using PsExec
Abusing SMB authentication to execute remote commands via PsExec. Demonstrates a complete attack chain from recon to foothold.
T1046 – Network Service Scanning
MITRE ATT&CK technique explanation with hands-on scanning examples. Focus on discovering exposed services and attack surfaces.
Firewall Detection & IDS Evasion
Methods for identifying firewalls/IDS and adjusting scans to avoid detection. Includes timing, packet crafting, and stealth techniques.
Host Discovery Lab
Techniques for identifying live hosts across networks using ARP, ping sweeps, and Nmap discovery probes.
Subdomain Enumeration using Sublist3r
Passive reconnaissance to identify company subdomains. Demonstrates attack surface expansion for web assessments.
Email Harvesting with theHarvester
Passive OSINT collection of emails, hosts, and metadata. Useful for initial recon before active scanning.
Information Gathering – CTF Walkthrough 1
End-to-end recon challenge covering host discovery, port scanning, OS detection, and service fingerprinting.
Port Scanning – Server Scan Lab II
Deep-dive port scanning with custom probes, banners, and timing controls. Explains scan interpretation and follow-ups.
Pen Testing with Metasploit (MSF)
Comprehensive workflow for Metasploit usage: modules, scanners, payloads, sessions, and exploitation flow.
Exploiting WebDAV using Metasploit
WebDAV misconfiguration exploitation to gain remote access. Explains scanning, module selection, and session handling.
FTP Enumeration
FTP service fingerprinting, anonymous login testing, and enumeration of directory structure, banners, and misconfigs.
Exploiting Microsoft IIS WebDAV
Targeting IIS WebDAV vulnerability for file upload exploitation and command execution.