This repository is a curated collection of practical write-ups and code from hands-on penetration testing and ethical hacking exercises. More than a log of tasks, it documents a methodology—a critical approach to vulnerability assessment, exploitation, and the ethics of disclosure. Each project deconstructs a system not just to exploit its flaws, but to understand the architecture of its failures and the implications of its design.
ethical-hacking-ctf-writeups is a living portfolio that demonstrates applied skills in network reconnaissance, web application enumeration, steganography, and vulnerability exploitation. It serves as a tangible record of my practice in ethical hacking methodologies, moving beyond theoretical knowledge to engage with the material realities of digital security.
The work within, particularly the "Double Trouble" exercise, functioned as the practical assessment for the 30-Day Ethical Hacking & Bug Hunting Bootcamp (Nikistian Media Private Limited, May 2025). These documents represent the translation of certified knowledge into actionable skill.
A comprehensive penetration test against a target machine, dissecting its defenses through structured reconnaissance, enumeration, and exploitation. This exercise was not merely about finding a flag but about mapping a vulnerability lifecycle—from initial discovery to proof-of-concept execution.
Key Skills Demonstrated:
- Network Reconnaissance: Employing
netdiscoverandnmapfor host discovery, port scanning, and service fingerprinting. This is the cartography of a target digital landscape. - Web Application Enumeration: Methodically discovering hidden directories and critical files using
dirb, revealing the underlying structure often omitted from surface-level interaction. - Steganography & Password Cracking: Extracting hidden data and credentials from image files using
StegSeekand targeted wordlist attacks, challenging the assumption that visibility equates to security. - Vulnerability Research: Identifying and analyzing public exploits (e.g., qdPM 9.1 RCE) and leveraging resources like Exploit-DB. This situates a specific flaw within the broader context of known security failures.
- Exploitation: Synthesizing gathered intelligence to gain access, demonstrating the practical consequence of theoretical vulnerabilities.
View the Full Analytical Write-Up (PDF) | View Certification
I am a Security-Focused Full-Stack Developer and CTO with 9+ years of experience in architecting and securing high-performance web applications. My work is driven by a philosophy that technology must be built with intentionality—where security is not an additive feature but a foundational principle. I explore the intersection of code, security, and societal impact on my technical blog.
Connect & Explore:
