In the SANS SEC504 course, I targeted the “Falsimentis Customer Support” portal to identify and exploit common web vulnerabilities found in the OWASP Top 10. Here is the step-by-step methodology I...

In the SANS SEC504 course, I explored the techniques used to capture and crack credentials. Credentials are the keys to the kingdom; acquiring them allows an attacker to bypass sophisticated exploi...

In the SANS SEC504 course, I performed comprehensive network reconnaissance against a simulated corporate network (“Falsimentis”). The goal was to map the attack surface, identify running services,...

In the SANS SEC504 course, I conducted a full-scope investigation into a simulated ransomware attack by the “Midnite Meerkats” threat group. This series of labs required pivoting from live system a...

In the SANS SEC504 course, I focused on the unique misconfigurations found in cloud environments, specifically AWS S3 buckets and Cloud metadata services. The goal was to understand how simple conf...

In the SANS SEC504 course, I utilized Metasploit, the industry-standard penetration testing framework, to execute complex attacks. Gaining initial access is just the beginning; the “Post-Exploitati...

Challenge Overview Bounty Hacker is a beginner-friendly TryHackMe room focused on basic enumeration, credential reuse, and simple privilege escalation through misconfiguration. Enumeration I sta...

National Cyber League (NCL) Spring 2025 — Individual & Team Games Overview The National Cyber League (NCL) Spring 2025 competition brought together over 8,500 individual competitors and almos...

Challenge Overview The BigZip challenge involves extracting the flag hidden within a zip file. The zip file contains numerous files and directories, and the goal is to find the flag, which is in t...

Project Overview In this project, I developed a Python algorithm to automate the management of IP address access control for restricted content. The algorithm processes an allow list of IP address...