02 · Cybersecurity Journey
Real labs. Real reports. Real progress.
Controlled Kali Linux labs, Nessus vulnerability assessments, Nmap scans, and OSINT practice — all documented as structured, evidence-based reports. Targeting eJPT → OSCP.
Free tool: Website Security Health CheckPassive scan for HTTPS, headers, cookies, and SPF/DMARCLab reports
Kali Linux & Metasploitable2 Lab
A controlled virtual lab for learning safe enumeration, Linux workflow, vulnerable services, and report writing.
View report
Nmap Network Scanning
A service detection scan of the Metasploitable2 target at 192.168.128.2 using Nmap 7.98.
View report
Nessus Vulnerability Assessment
A vulnerability assessment workflow using Nessus and Nmap to identify, prioritize, and document weaknesses in a Metasploitable2 lab target.
View report
Netflix OSINT Reconnaissance
An OSINT report practice exercise focused on public information gathering, scope discipline, and responsible documentation.
View report
DNS Enumeration Lab
A DNS-focused lab for understanding records, name resolution, and public infrastructure signals.
View report
WHOIS Investigation Lab
A public registry investigation lab for understanding domain ownership signals, registration metadata, and privacy limits.
View report
Metasploit Exploitation Lab
Exploited Metasploitable2 using Metasploit Framework — attempted VSFTPD 2.3.4 backdoor (unsuccessful) and successfully achieved root access via the Samba Usermap Script vulnerability.
View report
Password Cracking with Hashcat
Cracked an MD5 password hash in under one second using Hashcat and the rockyou.txt wordlist, demonstrating how weak passwords and unsalted hashes are trivially compromised.
View report
Learning notes
What is a CVE?
A simple explanation of how public vulnerability identifiers help teams track and communicate known security issues.
Read note
What is a Firewall?
A firewall filters network traffic based on rules, trust zones, ports, protocols, and security policy.
Read note
What is a Zero-Day Vulnerability?
A zero-day is a vulnerability that is unknown to the vendor or unpatched when it can potentially be exploited.
Read note
What is the Cyber Kill Chain?
A model for understanding attacker activity from reconnaissance through actions on objectives.
Read note
What is Non-Repudiation?
Non-repudiation gives confidence that an action or transaction cannot later be credibly denied.
Read note
What is Vulnerability Assessment?
A process for identifying, validating, prioritizing, and documenting security weaknesses.
Read note
Tools & stack
Status: actively studying · targeting eJPT → OSCP