OFFENSIVE CYBERSECURITY

THINK
LIKE AN ATTACKER

Penetration testing · Web exploitation · Network attacks · Red team operations — built to break systems before the bad guys do.

EXPLORE STACK HIRE ME
3+
PROJECTS
CTF
COMPETITOR
BB
BUG BOUNTY
8
SKILL DOMAINS
prakash@kali ~ pentest
// SKILL TREE

OFFENSIVE
SECURITY STACK

01 ──
RECON & ENUM
OSINT · Subdomain · DNS · ASM
02 ──
WEB EXPLOIT
OWASP · Auth · IDOR · XSS · SQLi
03 ──
API SECURITY
BOLA · Rate Limit · Mass Assign
04 ──
NETWORK ATTACKS
Scan · SMB · LDAP · MITM
05 ──
EXPLOITATION
Metasploit · PrivEsc · Shells
06 ──
POST-EXPLOIT
Persist · Lateral · Exfil
07 ──
AUTOMATION
Python · Bash · Fuzzing · Tools
08 ──
REPORTING
Bug Reports · CVSS · PoC · Fixes

// TOOLS
// SUBCATEGORIES

    // SELECTED WORK

    PROJECTS &
    RESEARCH

    MALWARE ANALYSISREVERSE ENG

    WANNACRY
    ANALYSIS

    Static and dynamic analysis of WannaCry ransomware. Documented EternalBlue propagation, SMBv1 exploitation chain, AES-RSA encryption routine, and C2 communication in a sandboxed lab.

    VIEW REPORT →
    NETWORK SECWIRESHARKSNORT

    NETWORK
    MONITORING LAB

    Home lab capturing live network traffic. Custom Snort IDS rules to detect port scans, brute-force, and anomalous payloads. Full traffic analysis and alert correlation pipeline.

    VIEW WRITEUP →
    LINUX HARDENINGLYNISCIS

    LYNIS
    SECURITY AUDIT

    CIS-benchmark Linux server audit via Lynis. Remediated SSH misconfigs, filesystem permissions, kernel parameters, and service exposure. Full before/after compliance scoring.

    VIEW AUDIT →
    // ACTIVE PRACTICE

    LABS &
    PLATFORMS

    [THM]
    TRYHACKME
    Update with your rank

    Guided learning paths — web exploitation, Active Directory, privilege escalation, and network security.

    PROFILE →
    [HTB]
    HACK THE BOX
    Update with your rank

    Real-world lab machines and Prolabs simulating enterprise environments and AD attack chains.

    PROFILE →
    [BB]
    BUG BOUNTY
    HackerOne / Bugcrowd

    Responsible disclosure on live programmes. Legal, real-target practice with verifiable impact.

    PROFILE →
    [CTF]
    CTF COMPETITIONS
    CTFtime.org

    Timed competitions across forensics, crypto, web, pwn, and reverse engineering challenges.

    CTFTIME →
    // DEFENDER MINDSET

    BLUE TEAM
    AWARENESS

    01 ──
    LOG ANALYSIS & SIEM

    Reading what defenders see — Windows Event Logs, Syslog, and SIEM alerts (Splunk, Elastic) to improve stealth and surface detection gaps in reports.

    02 ──
    EDR EVASION AWARENESS

    How endpoint detection tools flag behaviour — studied to craft realistic payloads and provide actionable EDR tuning recommendations post-engagement.

    03 ──
    CVE RESEARCH

    Tracking NVD, vendor advisories, and PoC releases to identify newly disclosed CVEs before patches are widely applied. N-day exploitation assessment.

    04 ──
    MITRE ATT&CK

    Mapping attack techniques to ATT&CK framework TTPs — enabling detection rule recommendations and red-to-blue knowledge transfer in final reports.

    // ABOUT
    PRAKASHMIJAR

    An offensive cybersecurity professional with hands-on experience across the full attack lifecycle — recon through reporting. I break things ethically so they can't be broken maliciously.

    Passionate about web exploitation, network attacks, and building automation tooling. Continuously practising on real environments through CTFs, bug bounty, and home labs.

    Kali LinuxBurp Suite MetasploitNmap WiresharkBloodHound Impacketffuf sqlmapPython OWASP Top 10MITRE ATT&CK
    GITHUB LINKEDIN
    PROFILE STATUS // ONLINE
    3+
    PROJECTS
    CTF
    COMPETITOR
    BB
    BUG BOUNTY
    24/7
    LEARNING
    // CONTACT

    READY TO TEST
    YOUR DEFENCES?

    Available for penetration testing engagements, bug bounty collaboration, and security consulting.

    contact@erprakashmijar.com