#+title: CyberSec Projects #+date: [2026-05-08 Fri 17:23] #+filetags: :cybersecurity:hacking:it:project: #+identifier: 20260508T172301 #+STARTUP: overview #+TODO: TODO IN-PROGRESS DONE #+TAGS: network(n) web(w) malware(m) crypto(c) defense(d) scripting(s) osint(o) re(r) ad(a) cloud(l) * CHAINS KEY Projects grouped in 8 chains. Chain projects stack — weekend → week → month. Finish weekend before week. Finish week before month. Cross-chain combos noted. | Chain | Theme | Color Tag | |-------|-------------------------|------------| | NET | Network Recon & Attack | :network: | | WEB | Web App Security | :web: | | MAL | Malware & RE | :malware: | | CRYPT | Cryptography | :crypto: | | DEF | Defense & Blue Team | :defense: | | SCRPT | Scripting & Tooling | :scripting:| | OSINT | OSINT & Recon | :osint: | | AD | Active Directory | :ad: | ** ══════════════════════════════════════════ * TIER 1 — WEEKEND PROJECTS (1–2 days each) ** ══════════════════════════════════════════ ** TODO [NET-W1] Set Up Kali Linux VM :network: :PROPERTIES: :EFFORT: 4h :CHAIN: NET :BUILDS_ON: nothing — START HERE :UNLOCKS: All other projects :END: - Install VirtualBox or VMware - Download Kali ISO, install, snapshot clean state - Learn basic terminal nav, update system - Install guest additions *** Combo: Base for every other project. Do first. ** TODO [NET-W2] Home Network Recon with Nmap :network: :PROPERTIES: :EFFORT: 3h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-W3, SCRPT-W1 :END: - Scan local subnet: =nmap -sn 192.168.x.0/24= - Service scan: =nmap -sV -sC -A = - Output to XML, read it - Understand open ports on your own devices *** Combo: Feeds into Python scanner (SCRPT-W1) and SIEM setup (DEF-WK1) ** TODO [NET-W3] Wireshark Traffic Analysis :network: :PROPERTIES: :EFFORT: 4h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-WK4, DEF-WK3 :END: - Capture live traffic on home net - Filter HTTP, DNS, ARP - Find plaintext credentials in pcap (test pcap from online) - Export objects from HTTP stream *** Combo: Pairs with MitM week project (NET-WK4) ** TODO [NET-W4] Crack a WPA2 Handshake (Own Router) :network: :PROPERTIES: :EFFORT: 5h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-WK5 :END: - Use monitor mode + airodump-ng to capture 4-way handshake - Deauth a client to force reconnect - Crack with hashcat + rockyou.txt - Change your WiFi password after. Learn why WPA3 matters. *** NOTE: Own network only. Legal line clear. ** TODO [NET-W5] Netcat Fundamentals — Shells & Transfers :network: :PROPERTIES: :EFFORT: 3h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-WK2, MAL-WK2 :END: - Open listeners, connect clients - Send files with nc - Reverse shell: =nc -e /bin/bash= - Bind shell vs reverse shell — understand difference *** Combo: Foundation for all post-exploitation work ** TODO [WEB-W1] SQLi & XSS on DVWA :web: :PROPERTIES: :EFFORT: 6h :CHAIN: WEB :BUILDS_ON: NET-W1 :UNLOCKS: WEB-W2, WEB-WK1 :END: - Install DVWA (Docker or XAMPP) - Complete SQLi: manual + sqlmap - Complete XSS: reflected, stored, DOM - Toggle security levels low→medium→high *** Combo: Directly builds into full OWASP week (WEB-WK1) ** TODO [WEB-W2] Burp Suite Interception Basics :web: :PROPERTIES: :EFFORT: 4h :CHAIN: WEB :BUILDS_ON: WEB-W1 :UNLOCKS: WEB-WK1, WEB-WK2 :END: - Set up browser proxy through Burp - Intercept, modify, replay requests - Use Repeater on DVWA login - Use Intruder for basic brute force *** Combo: Essential tool for all web projects ** TODO [WEB-W3] Command Injection & File Inclusion on DVWA :web: :PROPERTIES: :EFFORT: 3h :CHAIN: WEB :BUILDS_ON: WEB-W1 :UNLOCKS: WEB-WK1 :END: - Command injection: OS commands through web input - LFI: read =/etc/passwd= via vulnerable param - RFI: include remote malicious file - CSRF: forge requests, steal sessions ** TODO [WEB-W4] Subdomain Enumeration & Recon :web:osint: :PROPERTIES: :EFFORT: 3h :CHAIN: WEB :BUILDS_ON: NET-W2 :UNLOCKS: WEB-WK3, OSINT-WK1 :END: - Use subfinder, amass on a target (HackerOne public programs) - Certificate transparency: crt.sh - Directory bruteforce with ffuf: =ffuf -w wordlist -u https://target/FUZZ= - Document findings in structured notes ** TODO [OSINT-W1] Google Dorking & Shodan Recon :osint: :PROPERTIES: :EFFORT: 4h :CHAIN: OSINT :BUILDS_ON: nothing :UNLOCKS: OSINT-W2, OSINT-WK1 :END: - Learn 10 key Google dork operators - Find exposed login panels, open dirs, config files - Shodan: search for services by banner, CVE - Build a personal dork cheatsheet ** TODO [OSINT-W2] Email & Username OSINT :osint: :PROPERTIES: :EFFORT: 3h :CHAIN: OSINT :BUILDS_ON: OSINT-W1 :UNLOCKS: OSINT-WK1 :END: - theHarvester: email harvest from domain - holehe or Sherlock: username across platforms - Have I Been Pwned API lookup - Build a target profile (use yourself as test subject) ** TODO [OSINT-W3] DNS Enumeration :osint:network: :PROPERTIES: :EFFORT: 3h :CHAIN: OSINT :BUILDS_ON: NET-W2 :UNLOCKS: OSINT-WK1, NET-WK1 :END: - dnsrecon, dnsenum on practice domains - Zone transfer attempt - MX, TXT, NS record analysis - Reverse DNS lookup sweep ** TODO [SCRPT-W1] Python or Go Port Scanner :scripting: :PROPERTIES: :EFFORT: 5h :CHAIN: SCRPT :BUILDS_ON: NET-W2 :UNLOCKS: SCRPT-W2, SCRPT-WK1 :END: - Socket-based TCP port scanner - Add threading for speed - Service banner grabbing - Output to JSON/CSV *** Combo: Base for full recon tool (SCRPT-WK1) ** TODO [SCRPT-W2] Caesar Cipher → Basic Crypto in Python/go :scripting:crypto: :PROPERTIES: :EFFORT: 3h :CHAIN: SCRPT :BUILDS_ON: SCRPT-W1 :UNLOCKS: CRYPT-WK1 :END: - Implement Caesar, Vigenere, XOR cipher - Brute-force Caesar without key - Frequency analysis for Vigenere - Understand why these fail ** TODO [CRYPT-W1] Hash Cracking with Hashcat :crypto: :PROPERTIES: :EFFORT: 4h :CHAIN: CRYPT :BUILDS_ON: NET-W1 :UNLOCKS: CRYPT-W2, CRYPT-WK1 :END: - Identify hash types (hash-identifier, hashid) - Crack MD5, SHA1, bcrypt with rockyou.txt - Rules-based attack with hashcat rules - Dictionary vs brute vs combo attack modes ** TODO [CRYPT-W2] Steganography — Hide & Find :crypto: :PROPERTIES: :EFFORT: 3h :CHAIN: CRYPT :BUILDS_ON: nothing :UNLOCKS: CRYPT-WK1 :END: - Hide text in image: steghide, LSB - Extract: steghide extract, stegsolve - Audio steganography: MP3Stego - Solve 3 stego CTF challenges ** TODO [DEF-W1] SSH Hardening + Key Auth :defense: :PROPERTIES: :EFFORT: 3h :CHAIN: DEF :BUILDS_ON: NET-W1 :UNLOCKS: DEF-W2, DEF-WK1 :END: - Disable password auth, enable key-only - Change default port, restrict users - Set up fail2ban for SSH brute protection - Test hardening with nmap from Kali ** TODO [DEF-W2] Firewall Rules with UFW/iptables :defense: :PROPERTIES: :EFFORT: 4h :CHAIN: DEF :BUILDS_ON: DEF-W1 :UNLOCKS: DEF-WK1 :END: - Default deny inbound policy - Allow only necessary ports - Log dropped packets - Test rules from external VM ** TODO [MAL-W1] Static Malware Analysis :malware: :PROPERTIES: :EFFORT: 5h :CHAIN: MAL :BUILDS_ON: NET-W1 :UNLOCKS: MAL-W2, MAL-WK1 :END: - strings, file, xxd on a safe malware sample (MalwareBazaar) - Extract IPs/domains/registry keys from strings - PE header analysis with PEview or pestudio - Identify packing/obfuscation signs ** TODO [MAL-W2] Analyze a Malicious PCAP :malware:network: :PROPERTIES: :EFFORT: 4h :CHAIN: MAL :BUILDS_ON: MAL-W1, NET-W3 :UNLOCKS: MAL-WK1 :END: - Download malware traffic pcap (malware-traffic-analysis.net) - Identify C2 beaconing patterns - Extract indicators of compromise (IOCs) - Write a short analysis report ** TODO [RE-W1] Linux Privilege Escalation Basics :re: :PROPERTIES: :EFFORT: 5h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-WK2, AD-WK1 :END: - GTFOBins: SUID binary abuse - Writable /etc/passwd, cron abuse - sudo -l misconfigs - linPEAS on a VulnHub machine ** TODO [DEF-W3] GPG Encryption — Files & Email :defense:crypto: :PROPERTIES: :EFFORT: 3h :CHAIN: CRYPT :BUILDS_ON: nothing :UNLOCKS: CRYPT-WK2 :END: - Generate GPG keypair - Encrypt/decrypt files - Sign and verify - Export/import public keys ** TODO [NET-W6] Set Up WireGuard VPN :network:defense: :PROPERTIES: :EFFORT: 4h :CHAIN: DEF :BUILDS_ON: DEF-W1 :UNLOCKS: DEF-WK1 :END: - Install WireGuard on a VPS or local VM - Generate peer keys, configure tunnels - Route traffic through tunnel - Verify with Wireshark — confirm encryption ** TODO [OSINT-W4] Digital Forensics — File Recovery :osint: :PROPERTIES: :EFFORT: 4h :CHAIN: DEF :BUILDS_ON: NET-W1 :UNLOCKS: DEF-MO1 :END: - Create a disk image with dd - Recover deleted files with autopsy + foremost - Analyze file metadata (exiftool) - Build a basic forensics checklist ** TODO [WEB-W5] JWT Attack Lab :web: :PROPERTIES: :EFFORT: 4h :CHAIN: WEB :BUILDS_ON: WEB-W2 :UNLOCKS: WEB-WK2 :END: - Decode JWT (jwt.io) - none algorithm attack - Brute force weak HS256 secret (hashcat) - Key confusion attack (RS256→HS256) ** TODO [CTF-W1] Complete 5 picoCTF Beginner Challenges :web:crypto:re: :PROPERTIES: :EFFORT: 6h :CHAIN: MULTI :BUILDS_ON: Any weekend :UNLOCKS: CTF-WK1 :END: - Pick challenges across: crypto, forensics, web, general skills - Document solve methodology for each - Learn to use CyberChef - Join a CTF Discord for hints ** TODO [SCRPT-W3] Log Parser in Python :scripting:defense: :PROPERTIES: :EFFORT: 4h :CHAIN: SCRPT :BUILDS_ON: SCRPT-W1 :UNLOCKS: DEF-WK1, SCRPT-WK1 :END: - Parse /var/log/auth.log for failed logins - Count IPs, flag threshold breaches - Output alert summary - Extend to syslog, apache access logs ** TODO [NET-W7] Proxy Chains + Tor Setup :network: :PROPERTIES: :EFFORT: 3h :CHAIN: NET :BUILDS_ON: NET-W1 :UNLOCKS: NET-WK1 :END: - Install tor + proxychains - Route nmap through proxychains - Understand Tor limitations for pentesting - Test anonymity with whatismyip ** TODO [WEB-W6] HTTP Security Headers Audit Tool :web:scripting: :PROPERTIES: :EFFORT: 3h :CHAIN: WEB :BUILDS_ON: SCRPT-W1 :UNLOCKS: SCRPT-WK1 :END: - Python script: fetch headers from any URL - Check: CSP, HSTS, X-Frame-Options, CORS - Score and report missing headers - Run against 10 real sites (ethically) ** TODO [DEF-W4] Set Up Basic Honeypot (Cowrie) :defense: :PROPERTIES: :EFFORT: 5h :CHAIN: DEF :BUILDS_ON: DEF-W1 :UNLOCKS: DEF-WK2 :END: - Install Cowrie SSH honeypot - Expose on a VPS or local VM - Watch logs for hit attempts - Extract attacker IPs and commands ** TODO [RE-W2] Reverse a Simple Crackme Binary :re: :PROPERTIES: :EFFORT: 5h :CHAIN: MAL :BUILDS_ON: NET-W1 :UNLOCKS: MAL-WK2 :END: - Download crackme from crackmes.one (easy level) - Use ltrace/strace first - Open in Ghidra — find password check logic - Patch binary to bypass check ** TODO [AD-W1] Active Directory Concepts + Lab Setup :ad: :PROPERTIES: :EFFORT: 6h :CHAIN: AD :BUILDS_ON: NET-W1 :UNLOCKS: AD-WK1 :END: - Install Windows Server eval VM - Promote to domain controller - Create OUs, users, groups - Join a Windows 10 VM to the domain ** TODO [CLOUD-W1] AWS Free Tier — IAM Misconfig Hunt :cloud: :PROPERTIES: :EFFORT: 4h :CHAIN: CLOUD :BUILDS_ON: nothing :UNLOCKS: CLOUD-WK1 :END: - Create AWS free tier account - Create intentionally misconfigured IAM (for lab) - Use ScoutSuite or Prowler to audit - Enumerate with AWS CLI using overprivileged user ** TODO [SCRPT-W4] Build HTTP Header Fuzzer :scripting:web: :PROPERTIES: :EFFORT: 4h :CHAIN: SCRPT :BUILDS_ON: SCRPT-W1, WEB-W2 :UNLOCKS: SCRPT-WK1 :END: - Python requests — iterate custom headers - Fuzz Host, X-Forwarded-For, Content-Type - Look for 500 errors or behavioral changes - Test on DVWA or local lab app ** TODO [NET-W8] TryHackMe — Complete 2 Beginner Rooms :network: :PROPERTIES: :EFFORT: 5h :CHAIN: MULTI :BUILDS_ON: Any weekend :UNLOCKS: CTF-WK1 :END: - Recommended: "Basic Pentesting", "Startup" - Document methodology: recon → exploit → flags - Note tools used and commands - Subscribe to free tier ** ══════════════════════════════════════════ * TIER 2 — WEEK PROJECTS (3–7 days each) ** ══════════════════════════════════════════ *** TODO [SCRPT-WK1] Full Go or Python Recon Framework :scripting:network:osint: :PROPERTIES: :EFFORT: 3d :CHAIN: SCRPT :BUILDS_ON: SCRPT-W1, SCRPT-W3, OSINT-W3, WEB-W4 :UNLOCKS: SCRPT-MO1 :END: - Combine: port scanner + subdomain enum + DNS recon + header check - Single CLI tool with argparse - Output to JSON report + markdown summary - Add screenshot capability (selenium headless) *** Combo: Ports directly into full pentest suite (SCRPT-MO1) *** TODO [NET-WK1] Full Pentest: VulnHub Beginner Machine :network:web:re: :PROPERTIES: :EFFORT: 3d :CHAIN: NET :BUILDS_ON: NET-W2, WEB-W1, RE-W1 :UNLOCKS: NET-WK2, NET-MO1 :END: - Download: Mr-Robot, Kioptrix, or Basic Pentesting 1 - Recon → foothold → privesc → root - Document every step in markdown - Write a mini pentest report *** Combo: Chain 3+ machines → OSCP prep (NET-MO1) *** TODO [WEB-WK1] Complete OWASP Top 10 on WebGoat :web: :PROPERTIES: :EFFORT: 5d :CHAIN: WEB :BUILDS_ON: WEB-W1, WEB-W2, WEB-W3, WEB-W5 :UNLOCKS: WEB-WK2, WEB-MO1 :END: - Install WebGoat (Java or Docker) - Complete all OWASP Top 10 lessons - A01 Broken Access Control through A10 SSRF - Write one-pager summary per vuln *** Combo: Unlocks web pentest automation month project *** TODO [NET-WK2] Man-in-the-Middle Attack Lab :network: :PROPERTIES: :EFFORT: 2d :CHAIN: NET :BUILDS_ON: NET-W3, NET-W5, NET-W1 :UNLOCKS: NET-WK3 :END: - ARP spoofing: arpspoof + Wireshark in isolated VM lab - SSL stripping with bettercap - Capture credentials from HTTP traffic - Defend: static ARP + HTTPS enforcement *** TODO [DEF-WK1] Set Up ELK Stack SIEM :defense: :PROPERTIES: :EFFORT: 4d :CHAIN: DEF :BUILDS_ON: DEF-W1, DEF-W2, SCRPT-W3 :UNLOCKS: DEF-WK2, DEF-MO1 :END: - Install Elasticsearch + Logstash + Kibana (Docker) - Ship syslog, auth.log, firewall logs via Filebeat - Build 3 dashboards: failed logins, port scans, outbound traffic - Write 2 detection rules *** Combo: Core of home SOC (DEF-MO1) *** TODO [DEF-WK2] Honeypot + Log Pipeline :defense: :PROPERTIES: :EFFORT: 3d :CHAIN: DEF :BUILDS_ON: DEF-W4, DEF-WK1 :UNLOCKS: DEF-MO1 :END: - Ship Cowrie logs into ELK - Dashboard: attacker IPs, commands run, passwords tried - Cross-reference IPs with threat intel feeds (AbuseIPDB API) - Alert on new attacker commands *** TODO [MAL-WK1] Dynamic Malware Analysis in Sandbox :malware: :PROPERTIES: :EFFORT: 3d :CHAIN: MAL :BUILDS_ON: MAL-W1, MAL-W2 :UNLOCKS: MAL-WK2, MAL-MO1 :END: - Set up FlareVM or REMnux - Run safe malware sample in isolated VM - Monitor: procmon, Wireshark, regshot - Document: file drops, registry changes, network IOCs *** TODO [MAL-WK2] Reverse Engineering with Ghidra :malware:re: :PROPERTIES: :EFFORT: 5d :CHAIN: MAL :BUILDS_ON: MAL-WK1, RE-W2 :UNLOCKS: MAL-MO1 :END: - Install Ghidra - Decompile a simple CTF binary — find hardcoded key - Decompile crackme — patch jump condition - Analyze a real open-source malware (TinyShell) - Annotate functions in Ghidra *** TODO [NET-WK3] Network Pivoting Lab :network: :PROPERTIES: :EFFORT: 3d :CHAIN: NET :BUILDS_ON: NET-WK1, NET-WK2 :UNLOCKS: NET-MO1, AD-WK1 :END: - 3-VM lab: attacker | pivot | inner target - Compromise pivot, use it to reach inner - SSH tunneling: local/remote/dynamic port forward - Metasploit route + socks proxy *** Combo: Essential for AD month project *** TODO [CRYPT-WK1] Implement Crypto Attacks in Python :crypto:scripting: :PROPERTIES: :EFFORT: 4d :CHAIN: CRYPT :BUILDS_ON: CRYPT-W1, CRYPT-W2, SCRPT-W2 :UNLOCKS: CRYPT-MO1 :END: - Padding oracle attack (against vulnerable Flask app you write) - Length extension attack on SHA1 - ECB mode block detection (CBC vs ECB oracle) - RSA small e attack (cube root) *** TODO [WEB-WK2] SQLi Scanner + SSRF + XXE Lab :web:scripting: :PROPERTIES: :EFFORT: 3d :CHAIN: WEB :BUILDS_ON: WEB-WK1, WEB-W2, SCRPT-W1 :UNLOCKS: WEB-MO1 :END: - Write Python SQLi error-based scanner - SSRF: reach internal metadata endpoint (cloud lab) - XXE: read /etc/passwd via XML input - Test all three on deliberately vulnerable apps *** TODO [AD-WK1] Active Directory Attack Lab :ad: :PROPERTIES: :EFFORT: 5d :CHAIN: AD :BUILDS_ON: AD-W1, NET-WK3 :UNLOCKS: AD-MO1 :END: - AS-REP Roasting (GetNPUsers.py) - Kerberoasting (GetUserSPNs.py) - Pass-the-Hash with Mimikatz (isolated lab) - BloodHound: visualize attack paths *** Combo: Full AD pentest chains into month project *** TODO [SCRPT-WK2] Build a C2 Beaconing Script (Lab Only) :scripting:malware: :PROPERTIES: :EFFORT: 4d :CHAIN: SCRPT :BUILDS_ON: SCRPT-WK1, NET-W5 :UNLOCKS: MAL-MO1, SCRPT-MO1 :END: - Python agent: beacon home every N seconds - Server: receive beacon, send back commands - Encode traffic in base64 - Add jitter to beaconing interval *** NOTE: Lab/VM only. Learn detection via DEF-WK1. *** TODO [DEF-WK3] Set Up Suricata + Zeek IDS :defense:network: :PROPERTIES: :EFFORT: 3d :CHAIN: DEF :BUILDS_ON: NET-W3, DEF-WK1 :UNLOCKS: DEF-MO1 :END: - Install Suricata, load ET Open rules - Generate test alerts (nmap scan, exploit traffic) - Install Zeek, read conn.log and dns.log - Feed both into ELK (from DEF-WK1) *** TODO [WEB-WK3] Full Subdomain + Dir Recon Automation :web:osint:scripting: :PROPERTIES: :EFFORT: 2d :CHAIN: OSINT :BUILDS_ON: WEB-W4, OSINT-W1, OSINT-W2, OSINT-W3 :UNLOCKS: OSINT-MO1, WEB-MO1 :END: - Chain: subfinder → httpx → ffuf → nuclei - Bash/Python pipeline: one command does all - Output: live subdomains, interesting endpoints, known CVE hits - Run against HackerOne bug bounty target *** TODO [CTF-WK1] Complete HackTheBox Starting Point (3 Machines) :network:web: :PROPERTIES: :EFFORT: 4d :CHAIN: MULTI :BUILDS_ON: NET-WK1, WEB-WK1 :UNLOCKS: CTF-MO1 :END: - Tier 0–1 Starting Point machines - No walkthroughs until truly stuck (30 min rule) - Write report-style writeup for each - Focus: methodology, not just flags *** TODO [OSINT-WK1] OSINT Framework in Python :osint:scripting: :PROPERTIES: :EFFORT: 4d :CHAIN: OSINT :BUILDS_ON: OSINT-W1, OSINT-W2, OSINT-W3, SCRPT-W1 :UNLOCKS: OSINT-MO1 :END: - Inputs: email, username, domain, IP - Lookups: WHOIS, DNS, breach check, social, Shodan - Output: markdown profile report - Add screenshot of profiles (selenium) *** TODO [NET-WK4] Metasploit Deep Dive :network: :PROPERTIES: :EFFORT: 3d :CHAIN: NET :BUILDS_ON: NET-WK1 :UNLOCKS: NET-MO1 :END: - Exploit VulnHub machine fully through Metasploit - Post-exploitation: hashdump, meterpreter, persistence - Pivoting with Metasploit route - Write custom resource script to automate *** TODO [CLOUD-WK1] AWS Misconfig & Container Security Lab :cloud: :PROPERTIES: :EFFORT: 4d :CHAIN: CLOUD :BUILDS_ON: CLOUD-W1 :UNLOCKS: CLOUD-MO1 :END: - Deploy intentionally vulnerable app (Damn Vulnerable Cloud App) - Find: public S3, overprivileged IAM, exposed metadata - Docker escape: privileged container lab - Kubernetes: exposed dashboard, RBAC bypass *** TODO [CRYPT-WK2] Build a PKI from Scratch :crypto:defense: :PROPERTIES: :EFFORT: 3d :CHAIN: CRYPT :BUILDS_ON: DEF-W3, CRYPT-WK1 :UNLOCKS: CRYPT-MO1 :END: - Create root CA with openssl - Issue intermediate CA, end-entity certs - Configure Apache/Nginx with custom cert - Implement CRL (certificate revocation list) *** TODO [MAL-WK3] YARA Rules — Write & Test :malware:defense: :PROPERTIES: :EFFORT: 3d :CHAIN: MAL :BUILDS_ON: MAL-W1, MAL-WK1 :UNLOCKS: MAL-MO1 :END: - Learn YARA syntax - Write rules for 5 malware families from IOCs - Test against malware samples (MalwareBazaar) - Integrate YARA scan into Python script *** TODO [WEB-WK4] Android App Security Testing :web:re: :PROPERTIES: :EFFORT: 5d :CHAIN: WEB :BUILDS_ON: WEB-WK1, RE-W2 :UNLOCKS: WEB-MO1 :END: - Decompile APK: jadx, apktool - Static: hardcoded keys, exported activities - Dynamic: MobSF, Frida hook - Intercept traffic with Burp on Android emulator *** TODO [DEF-WK4] Incident Response Lab :defense: :PROPERTIES: :EFFORT: 3d :CHAIN: DEF :BUILDS_ON: DEF-WK1, DEF-WK3 :UNLOCKS: DEF-MO1 :END: - Simulate: attacker compromises web server VM - IR process: detection → containment → eradication - Collect artifacts: memory dump (volatility), disk image - Write incident report *** TODO [NET-WK5] WPA2 PMKID Attack + Evil Twin AP :network: :PROPERTIES: :EFFORT: 2d :CHAIN: NET :BUILDS_ON: NET-W4 :UNLOCKS: NET-MO1 :END: - PMKID attack with hcxdumptool (no client needed) - Set up evil twin with hostapd-wpe - Capture MSCHAPv2 credentials - Crack with hashcat mode 5500 *** NOTE: Own network lab only. *** TODO [SCRPT-WK3] Vulnerability Scanner in Python :scripting:network:web: :PROPERTIES: :EFFORT: 5d :CHAIN: SCRPT :BUILDS_ON: SCRPT-WK1, WEB-WK2, NET-W2 :UNLOCKS: SCRPT-MO1 :END: - Port scan → service detect → CVE lookup (NVD API) - Web: check SQLi, XSS, open redirect, headers - Output: severity-ranked HTML report - Diff reports: detect new vulns between scans *** TODO [OSINT-WK2] Threat Intel Aggregator :osint:defense:scripting: :PROPERTIES: :EFFORT: 4d :CHAIN: OSINT :BUILDS_ON: OSINT-WK1, DEF-WK1 :UNLOCKS: OSINT-MO1 :END: - Pull from: AlienVault OTX, AbuseIPDB, VirusTotal API - IOC lookup: IP, domain, hash - Feed matches into ELK SIEM alerts - Daily digest email report (smtplib) *** TODO [RE-WK1] Buffer Overflow 101 :re: :PROPERTIES: :EFFORT: 4d :CHAIN: MAL :BUILDS_ON: RE-W2, NET-W5 :UNLOCKS: MAL-MO1 :END: - Compile vulnerable C program (strcpy, no canary) - Find offset with pattern_create (Metasploit) - Control EIP, redirect to shellcode - Bypass NX with ret2libc *** TODO [WEB-WK5] Build a Vulnerable Web App (for CTF) :web:scripting: :PROPERTIES: :EFFORT: 5d :CHAIN: WEB :BUILDS_ON: WEB-WK1, SCRPT-W1 :UNLOCKS: CTF-MO1, WEB-MO1 :END: - Flask app with intentional vulns: SQLi, XSS, IDOR, path traversal - Write challenge descriptions + flags - Host for friends or local CTF *** Combo: CTF hosting = teaches both attack & defense mindset *** TODO [DEF-WK5] Zero Trust Network Lab :defense:network: :PROPERTIES: :EFFORT: 4d :CHAIN: DEF :BUILDS_ON: NET-W6, DEF-WK1 :UNLOCKS: DEF-MO1 :END: - Segment home lab into trust zones - WireGuard + firewall rules enforce zone boundaries - Service identity via mTLS (mutual TLS) - Verify: no lateral movement possible between zones *** TODO [NET-WK6] Analyze a Real-World CVE + Write PoC :network:scripting: :PROPERTIES: :EFFORT: 3d :CHAIN: NET :BUILDS_ON: NET-WK1, SCRPT-WK1 :UNLOCKS: NET-MO1 :END: - Pick recent CVE (Log4Shell, ProxyLogon class) - Read: NVD, GitHub advisory, patch diff - Set up vulnerable version in Docker - Write Python PoC or adapt existing one - Document: vuln class, impact, patch *** TODO [CLOUD-WK2] Serverless + API Security Testing :cloud:web: :PROPERTIES: :EFFORT: 3d :CHAIN: CLOUD :BUILDS_ON: WEB-WK1, CLOUD-WK1 :UNLOCKS: CLOUD-MO1 :END: - Deploy Lambda function with IDOR vuln - Test: broken auth, over-privileged role, unvalidated input - API Gateway: enumerate endpoints, find undocumented - Use Postman + manual testing ** ══════════════════════════════════════════ * TIER 3 — MONTH PROJECTS (3–4 weeks each) ** ══════════════════════════════════════════ *** TODO [DEF-MO1] Build a Full Home SOC :defense:network: :PROPERTIES: :EFFORT: 4w :CHAIN: DEF :BUILDS_ON: DEF-WK1, DEF-WK2, DEF-WK3, DEF-WK4 :VALUE: Portfolio + daily useful :END: - ELK Stack SIEM with real dashboards - Suricata + Zeek feeding into ELK - Cowrie honeypot logging live attacks - Wazuh or OSSEC host-based IDS on all VMs - PagerDuty/email alerts on critical events - Weekly threat digest auto-report *** Showcase: This alone is a real portfolio piece *** TODO [NET-MO1] OSCP-Style Multi-Machine Lab + Report :network:web:re: :PROPERTIES: :EFFORT: 4w :CHAIN: NET :BUILDS_ON: NET-WK1, NET-WK3, NET-WK4, AD-WK1 :VALUE: Certification prep + portfolio :END: - Set up 5+ VulnHub/HackTheBox machines in lab - Full pentest each: recon → exploit → privesc → persist - Write a professional pentest report (executive summary + technical) - Include: scope, findings, risk ratings, remediation - Simulate: time-boxed (72h per machine) *** Showcase: Submit to eJPT or use as OSCP prep *** TODO [WEB-MO1] Full Web App Pentest Automation Suite :web:scripting: :PROPERTIES: :EFFORT: 3w :CHAIN: WEB :BUILDS_ON: WEB-WK1, WEB-WK2, WEB-WK3, SCRPT-WK3 :VALUE: Bug bounty tool + portfolio :END: - Chain: subfinder → httpx → nuclei → custom SQLi/XSS scanner - Auto-screenshot interesting pages - Deduplicate + triage findings by severity - HTML report with evidence screenshots - Submit findings to HackerOne bug bounty *** Showcase: Use on real bug bounty targets (HackerOne/Bugcrowd) *** TODO [MAL-MO1] Full Malware Analysis Report on Real Sample :malware:re: :PROPERTIES: :EFFORT: 3w :CHAIN: MAL :BUILDS_ON: MAL-WK1, MAL-WK2, MAL-WK3, RE-WK1 :VALUE: Blue team / threat intel portfolio :END: - Pick a notable open malware sample (emotet, njRAT) - Full static: PE analysis, string extraction, Ghidra decompile - Full dynamic: FlareVM, behavioral analysis - Extract all IOCs: IPs, domains, hashes, registry keys, mutexes - Write professional malware analysis report (15+ pages) - Publish on GitHub + LinkedIn *** Showcase: Top 1% of junior candidates have this *** TODO [AD-MO1] Active Directory Full Attack + Defense Lab :ad:network:defense: :PROPERTIES: :EFFORT: 4w :CHAIN: AD :BUILDS_ON: AD-WK1, NET-WK3, DEF-WK1 :VALUE: Corporate red/blue team skills :END: - Red: full AD attack chain (recon → foothold → lateral → DA) - AS-REP, Kerberoasting, DCSync, Golden Ticket - Blue: deploy Microsoft Defender for Identity, Sentinel - Detection rules for each attack technique (SIEM alerts) - Harden: tiering model, LAPS, privileged access workstations *** Showcase: Directly maps to enterprise pentest + SOC roles *** TODO [OSINT-MO1] Automated OSINT Platform :osint:scripting: :PROPERTIES: :EFFORT: 3w :CHAIN: OSINT :BUILDS_ON: OSINT-WK1, OSINT-WK2, SCRPT-WK1 :VALUE: Tool portfolio + potential product :END: - Web UI (Flask/FastAPI + React) for OSINT investigations - Modules: person, domain, IP, company - Data sources: Shodan, HaveIBeenPwned, WHOIS, crt.sh, LinkedIn - Store results in SQLite, export PDF reports - Graph visualization of relationships (networkx + d3.js) *** Showcase: Open-source on GitHub — recruiter magnet *** TODO [CRYPT-MO1] Cryptography Attack Suite + PKI System :crypto:scripting: :PROPERTIES: :EFFORT: 3w :CHAIN: CRYPT :BUILDS_ON: CRYPT-WK1, CRYPT-WK2 :VALUE: Security engineering portfolio :END: - Full PKI: root CA → intermediate → end-entity certs - Attack demonstrations: padding oracle, length extension, timing attack - Implement Diffie-Hellman, RSA, ECDSA from scratch in Python - Blog post explaining each attack with diagrams *** Showcase: Shows you understand crypto deeply, not just tools *** TODO [CLOUD-MO1] Cloud Security Audit + Hardening :cloud:defense: :PROPERTIES: :EFFORT: 3w :CHAIN: CLOUD :BUILDS_ON: CLOUD-WK1, CLOUD-WK2, DEF-MO1 :VALUE: Cloud security engineer skills :END: - Full AWS audit: IAM, S3, EC2, Lambda, RDS - Find and document all misconfigurations (ScoutSuite report) - Remediate each finding + document steps - Implement: CloudTrail, GuardDuty, Config Rules, SCPs - Terraform IaC for hardened baseline deployment *** Showcase: AWS/GCP security skills are very hireable *** TODO [SCRPT-MO1] Full Pentest Automation Suite (CLI Tool) :scripting:network:web: :PROPERTIES: :EFFORT: 4w :CHAIN: SCRPT :BUILDS_ON: SCRPT-WK1, SCRPT-WK2, SCRPT-WK3, WEB-MO1 :VALUE: Open source tool + portfolio centerpiece :END: - Modules: recon, web scan, vuln check, exploit assist, report gen - Plugin architecture — easy to extend - Config file support, rate limiting, scope enforcement - Full documentation, README, example output - Publish on GitHub, write a blog/Medium post *** Showcase: If this gets GitHub stars, it opens doors *** TODO [CTF-MO1] Host a Public CTF Competition :web:network:crypto:re: :PROPERTIES: :EFFORT: 4w :CHAIN: MULTI :BUILDS_ON: WEB-WK5, CTF-WK1 :VALUE: Community rep + teaches attack+defense both :END: - Design 15–20 challenges across categories - Categories: web, crypto, forensics, RE, pwn, OSINT - Deploy CTFd platform (free) - Announce on Reddit/Discord, run for 48h - Write post-mortems + solution writeups after *** Showcase: Organizing = leadership. Recruiting loves this. ** ══════════════════════════════════════════ * CHAIN COMBO MAPS — SUGGESTED PATHS ** ══════════════════════════════════════════ *** PATH A: Network Pentester (Offensive) Weekend → Week → Month NET-W1 → NET-W2 → NET-W5 → RE-W1 → NET-WK1 → NET-WK3 → NET-WK4 → AD-WK1 → NET-MO1 (OSCP-style lab) *** PATH B: Web/Bug Bounty Hunter Weekend → Week → Month WEB-W1 → WEB-W2 → WEB-W3 → WEB-W4 → WEB-W5 → WEB-WK1 → WEB-WK2 → WEB-WK3 → WEB-MO1 (pentest suite + bounty submission) *** PATH C: Blue Team / SOC Analyst Weekend → Week → Month DEF-W1 → DEF-W2 → DEF-W4 → MAL-W1 → DEF-WK1 → DEF-WK2 → DEF-WK3 → DEF-WK4 → DEF-MO1 (home SOC) → AD-MO1 (AD defense) *** PATH D: Malware Analyst / Threat Intel Weekend → Week → Month MAL-W1 → MAL-W2 → RE-W2 → MAL-WK1 → MAL-WK2 → MAL-WK3 → RE-WK1 → MAL-MO1 (full malware analysis report) *** PATH E: Security Engineer / Tool Builder Weekend → Week → Month SCRPT-W1 → SCRPT-W2 → SCRPT-W3 → SCRPT-WK1 → SCRPT-WK2 → SCRPT-WK3 → SCRPT-MO1 (pentest suite) ** ══════════════════════════════ * RESOURCES ** ══════════════════════════════ *** Platforms And Websites - TryHackMe: https://tryhackme.com (beginner friendly) - HackTheBox: https://hackthebox.com (intermediate) - VulnHub: https://vulnhub.com (free VMs) - picoCTF: https://picoctf.org (CTF practice) - HackerOne: https://hackerone.com (bug bounty) - MalwareBazaar: https://bazaar.abuse.ch - crackmes.one: https://crackmes.one *** Essential Tools - Kali Linux / ParrotOS - Burp Suite Community - Wireshark + tshark - Metasploit Framework - Ghidra (NSA, free) - BloodHound + SharpHound - Nuclei + ProjectDiscovery tools - Python 3 or Go (your best weapons) *** Free Certifications to Stack - Google Cybersecurity Certificate (Coursera) - TryHackMe Jr Penetration Tester path - eJPT (INE, $200 — worth it after month projects) - CompTIA Security+ (entry-level industry standard) *** Time Budget Suggestion #+BEGIN_EXAMPLE Month 1-2: All Weekend projects (pick 2/weekend) Month 3-4: Week projects (1 per week) Month 5-8: Month projects (1 per month) Month 9+: Bug bounty, certs, job apps #+END_EXAMPLE