Welcome to my red team ramp-up β part study guide, part simulation, part personal lab notebook.
I'm a Navy veteran pivoting into offensive security with zero formal tech background, just grit, caffeine, and curiosity. This repo tracks my hands-on learning across core red teaming concepts using free tools, public labs, and real-world exploit writeups.
Each day focuses on a specific vulnerability, tool, or adversarial technique. For each one, I break down:
- π Technical notes and concepts
- π§ͺ Labs and walk-throughs
- π£ Payloads and testing strategies
- π‘οΈ Mitigations and defense notes
- π Real-world examples and CVEs
- π Reflections on what tripped me up or clicked
- SSRF
- XSS
- LFI/RFI
- SQLi
- IDOR
- Authentication bypasses
- Enumeration tooling (FFUF, Nmap, Gobuster, etc.)
RedTeamFromScratch/
βββ Day01_SSRF/
β βββ room_notes.md # Concepts, tools, and example payloads
β βββ real_world_scenario.md # Breach summaries or public CVEs
β βββ mitigations.md # How defenders detect and block it
β βββ reflection.md # What I learned, struggled with, or want to revisit
βββ Resources # Tools, cheatsheets, and general references- Kali Linux (VM)
- Burp Suite Community
- Obsidian for daily logs + longform notes
- GitHub for version control + portfolio building
I got tired of waiting for the βrightβ way to break into cyber. So I started building my own.
This is part bootcamp, part accountability, part message in a bottle to other late bloomers, career switchers, and curious weirdos learning in public.
Disclaimer: This repo contains only legally accessible research, public lab work, and self-hosted testing environments. No unauthorized access or live target exploitation is performed.