HOME/LABS
Practice Environments

LABS &
PLATFORMS

Active practice across dedicated platforms, CTF competitions, bug bounty programmes, and a personal home lab. Continuous real-world skill development.

Practice Platforms

ACTIVE
PLATFORMS

[THM]
TRYHACKME
Update with your actual rank / points

Structured learning paths from beginner to advanced, covering web exploitation, Active Directory attacks, privilege escalation, network security, and SOC operations.

// COMPLETED PATHS
  • Jr Penetration Tester
  • SOC Level 1
  • Pre-Security
  • Add your completed paths here
VIEW PROFILE →
[HTB]
HACK THE BOX
Update with your actual rank / points

Real-world lab machines simulating enterprise environments. Machines ranging from Easy to Insane, requiring full enumeration, exploitation, and privilege escalation chains.

// NOTABLE MACHINES
  • Add machines you've rooted here
  • e.g. Lame (Easy) — legacy Samba exploit
  • e.g. Blue (Easy) — EternalBlue / MS17-010
  • e.g. Jerry (Easy) — Tomcat manager RCE
VIEW PROFILE →
[BB]
BUG BOUNTY
HackerOne / Bugcrowd

Responsible disclosure on live programmes. Legal, real-target practice on public bug bounty programmes with actual business impact and verifiable findings.

// FOCUS AREAS
  • Web application vulnerabilities (OWASP Top 10)
  • API security testing (BOLA, mass assignment)
  • Authentication bypass and logic flaws
  • Add any reported/disclosed bugs here
VIEW PROFILE →
[CTF]
CTF COMPETITIONS
CTFtime.org — add your team/solo profile

Timed competitions requiring speed and creativity across forensics, cryptography, web exploitation, binary exploitation (pwn), and reverse engineering.

// CATEGORIES PRACTICED
  • Web — XSS, SQLi, SSRF, JWT attacks
  • Forensics — PCAP analysis, memory forensics
  • Crypto — RSA, base encodings, hash cracking
  • Pwn / Rev — buffer overflow, binary analysis
CTFTIME →
Personal Infrastructure

HOME
LAB SETUP

Isolated virtualised environment for malware analysis, network security testing, and Active Directory attack simulation. No live internet exposure.

ATTACKER
Kali Linux VM — primary attack platform. Full toolset: Metasploit, Burp Suite, Nmap, Impacket.
ANALYSIS
REMnux + FlareVM — malware analysis workstations with sandboxed execution environment.
TARGETS
Metasploitable 2/3, DVWA, VulnHub machines, Windows Server VM for AD lab practice.
NETWORK
Isolated VMware host-only network. Wireshark on dedicated monitoring VM for full packet capture.
IDS/IPS
Snort IDS running custom rules for alert generation and detection engineering practice.
LOGGING
Syslog collection and basic ELK stack for log analysis and SIEM practice.
Defender Mindset

BLUE TEAM
AWARENESS

01 ──
LOG ANALYSIS & SIEM

Windows Event Logs, Syslog, and SIEM alerts (Splunk, Elastic) — understanding what defenders see to improve attack stealth and surface detection gaps.

02 ──
EDR EVASION AWARENESS

How CrowdStrike, Defender ATP, and Carbon Black flag behaviour — studied to craft realistic PoC payloads and provide EDR tuning advice post-engagement.

03 ──
CVE RESEARCH

Tracking NVD, vendor advisories, and PoC releases. N-day exploitability assessment before patches are widely applied.

04 ──
MITRE ATT&CK

Mapping attack techniques to ATT&CK TTPs — enabling detection rule recommendations and red-to-blue knowledge transfer in pentest reports.