back to education   /   courses

Penetration Testing

As the final project for a hands-on Penetration Testing course, I participated in a structured CTF-style assessment designed to simulate real-world offensive security scenarios. The challenge required enumeration, exploitation, and post-exploitation across multiple domains including Active Directory, web applications, and internal network services.

university

University of Maryland • graduate course

focus areas

Active Directory web pentesting network exploitation security evasion OSINT report writing

🔍 key activities

  • Active Directory enumeration & exploitation: mapped domains, enumerated users/groups, exploited weak configs (Kerberoasting, password reuse), achieved lateral movement.
  • web application pentesting: exploited OWASP Top 10 issues like injections, broken authentication, and IDOR.
  • network & service exploitation: ran scans, banner grabbing, enumerated services, exploited outdated/misconfigured ones.
  • security evasion: bypassed detections via obfuscation and endpoint bypass techniques.
  • reporting & communication: produced professional penetration testing reports with findings, risks, and remediation guidance.

🧰 tools & skills applied

  • Nmap, Burp Suite, Hydra, Nikto, BloodHound, CrackMapExec
  • Linux & Windows post-exploitation techniques
  • vulnerability scanning & OSINT
  • CTF-style flag retrieval
  • executive & technical report writing
CTF-style penetration testing lab environment
CTF-Style Penetration Testing Lab

outcomes

This project provided a complete end-to-end penetration testing experience—from reconnaissance to reporting—and sharpened my ability to think offensively while maintaining professionalism in documentation and communication.

references & practice

Back to Education