Interested in web, network, and infrastructure security, with a focus on improving my skills in identifying and analyzing vulnerabilities. I have a solid foundation in web application security and network penetration testing, including Active Directory, and I continuously develop my skills through CTF challenges and bug bounty programs.
What I Do
- Web Application Security — OWASP Top 10, API Security, Business Logic
- Network Security — Active Directory Attacks, Internal Pentesting
- Bug Bounty Hunting
- CTF Participation
Achievements
| Platform | Achievement |
|---|
| TryHackMe | Top 6% |
| PortSwigger | 60% of Web Security Academy Labs Completed |
| Category | Technologies / Skills |
|---|
| Web Security | Burp Suite, OWASP ZAP, SQLMap, API Testing, Business Logic |
| Network & AD | Nmap, Metasploit, Active Directory exploitation tools |
| Scripting | Python, Bash, PowerShell |
| Web Development | HTML, CSS, JavaScript, PHP, Laravel, REST APIs |
| Others | Wireshark, Nessus, Git |
Certifications
Self-Study Courses
- PEN-200 (OSCP) — Course Material · Self-Study
- SEC560 (SANS) — Course Material · Self-Study
- eWPT — Course Material · Self-Study
Completed Training
🟢 TryHackMe
| ▸ | Jr Penetration Tester Path |
| ▸ | Cyber Security 101 Path |
| ▸ | Pre Security (Updated) Path |
| ▸ | Pre Security (Legacy) Path |
🟠 PortSwigger
Completed most core vulnerability labs including:
| ▸ | Web LLM attacks |
| ▸ | SQL Injection & NoSQL Injection |
| ▸ | Cross-Site Scripting (XSS) |
| ▸ | Authentication & Access Control |
| ▸ | Server-Side Vulnerabilities (SSRF, XXE, SSTI) |
| ▸ | API Security & GraphQL |
| ▸ | File Upload & Insecure Deserialization |
| ▸ | Business Logic Vulnerabilities |
| ▸ | HTTP Request Smuggling |
