Offensive Security Practitioner | CTF Player | Security Tool Developer
Junior penetration tester focused on web application security, Linux privilege escalation, and Python automation. Top 1% on TryHackMe. I don't just run tools, I build them.
I'm a self-taught security practitioner currently pursuing a BCA while mastering offensive security through structured labs, CTF competitions, and hands-on tool development. My focus areas include web application exploitation, Linux privilege escalation, and Python-based security automation.
I completed mentored VAPT training at NixSecura, where I practiced reconnaissance, vulnerability identification, exploitation, and post-exploitation in controlled lab environments. I actively participate in CTF competitions and have executed 200+ attack simulation labs on platforms like TryHackMe and VulnHub.
My technical practice is built on systematic methodology, continuous learning, and hands-on exploitation in controlled environments.
Identifying and exploiting OWASP Top 10 vulnerabilities through manual testing and automated scanning. Practiced extensive attack chaining combining multiple vulnerabilities for maximum impact.
Systematic enumeration and exploitation of Linux misconfigurations, SUID binaries, weak file permissions, and sudo misconfigurations to achieve root access.
Building custom security tools to automate reconnaissance, vulnerability scanning, payload generation, and reporting. Focus on reducing manual effort in penetration testing workflows.
Security tools and systems built to solve real penetration testing challenges and deepen my understanding of offensive security concepts.
Python-based vulnerability assessment and penetration testing automation framework
Developed a comprehensive Python tool that automates the reconnaissance and vulnerability assessment phases of web application penetration testing. The tool integrates multiple modules for port scanning (Nmap integration), directory fuzzing (custom wordlist support), and payload-based vulnerability testing for common issues like XSS and SQL injection. Implemented automated PDF report generation with structured findings, CVSS scoring, and remediation recommendations, significantly reducing manual reporting effort during assessments.
Custom NIDS with firewall evasion testing in controlled lab environment
Built a Python-based Network Intrusion Detection System to monitor network traffic and identify anomalous patterns in a controlled lab environment. Configured Snort IDS rules and Linux iptables to simulate a hardened network perimeter. Conducted comprehensive firewall and IDS evasion testing using advanced Nmap scanning techniques (fragmentation, timing manipulation, decoy hosts) and custom packet crafting with Scapy. Analyzed detection logs to iteratively improve IDS rule sets and understand attacker methodologies.
Stealthy cross-platform keystroke logger for Linux and Windows. Built to understand input capture mechanisms and evasion techniques.
View on GitHub →Fast port scanner with banner grabbing capabilities. Implements concurrent scanning techniques for efficient network reconnaissance.
View on GitHub →Collection of low-level C programs including buffer overflow playground and memory manipulation utilities for understanding binary exploitation.
View on GitHub →Recognition through competitive performance and community contribution in the cybersecurity field.
Ranked in the top 1% among 2.1M+ hackers globally. Completed comprehensive learning paths in Offensive Pentesting, Red Teaming, and Junior Penetration Testing. Successfully executed complex attack chains: Initial Access → Lateral Movement → Privilege Escalation across Linux, Windows, and Active Directory environments.
Competed in a comprehensive CTF event covering Web Exploitation, Cryptography, Forensics, OSINT, Networking, Reverse Engineering, and Steganography. Demonstrated ability to rapidly adapt to diverse challenge categories under time pressure.
Co-organized a local offensive security meetup. Performed live red teaming demonstration by compromising a target machine in a controlled environment, explaining the complete attack flow and exploitation logic to attendees.
Documenting my learning journey through technical blogs, CTF writeups, and cybersecurity guides.
Python automation techniques for security practitioners
pythondepth.blogspot.comComprehensive cybersecurity guides and methodologies
infosecpath.blogspot.comDetailed solutions for TryHackMe, HTB, and PicoCTF challenges
ctfplaybook.blogspot.comWeb development tutorials and best practices
codeanddevelop.blogspot.comIn-depth technical articles on security and development
shieldeddev.medium.comOpen to opportunities in penetration testing, security research, and tool development. Feel free to reach out for collaboration, questions, or just to discuss security topics.
vaibhavmulak33@gmail.com