Network Penetration Testing: > Experience: - I've spent many hours on Hack The Box, focusing primarily on network penetration testing and database exploitation using programs like Silverbullet and other similar tools. - Recently, I discovered a CSRF (Cross-Site Request Forgery) vulnerability in a web application, which I promptly reported to the person running it. > Programming Skills: - Python: I'm comfortable using Python and have used it in many of my projects, including making crypters and obfuscating executable files. Additionally, I frequently use Python for tasks such as properly formatting and cleaning up databases. - C++: I initially began learning C++, but my focus shifted towards network penetration testing, which led me to prioritize networking skills over further C++ development. > Networking & Security: - Generalized Knowledge: Although I'm focused on network penetration testing, I want to continue to expand my knowledge and skills, especially with tools like Wireshark, Metasploit, Nmap, Aircrack, and Airodump. I prefer to maintain a generalized skillset but am considering specializing in certain areas, such as cloud security and network security. - Tools Used: Wireshark: I use it for network sniffing and analyzing traffic to identify potential vulnerabilities. Nmap: A tool I feel confident with, as I know various commands and have used it in a variety of network assessments. Aircrack & Hydra: I've utilized these tools for hash cracking and Wi-Fi security testing. - Experience with Security Tools: I'm proficient with several essential security tools: - Metasploit: I use it extensively for exploitation in penetration testing engagements. - Wireshark: For network sniffing and packet analysis. - SQLMap: I use it for automating SQL injection attacks and testing databases. - Pwnagotchi: I've used this tool to capture WPA/WPA2 handshakes to later be cracked with HashCat. > Operating Systems & Environments: - I primarily use Kali Linux for cybersecurity tasks due to its robust penetration testing tools and versatility. However, I'm also comfortable with Windows and ParrotOS, providing me with flexibility to work across various systems and environments. > Social Engineering: - I've experimented with social engineering tactics, such as convincing individuals to run a trojan disguised as free game exploits. Instead of the trojan acting as malware, it would open notepad.exe and paste a couple paragraphs I wrote about computer security and uploaded to pastebin before deleting itself. - I rely heavily on public data records and custom OSINT tools to gather valuable information. One of my favorite tools was created by a friend, which scrapes social media platforms like Instagram and TikTok for username matches or similar names. This has been a valuable asset when investigating potential targets or gathering intelligence for assessments.
Type cd .. to return to Home.
root
@
185.199.111.1
:/
skills$