Ashik Ahmed

- Performed web application vulnerability assessments on test environments (e.g., testphp.vulnweb.com) including port scanning,directory brute-forcing, SQL injection, and XSS testing.
- Captured and analyzed login traffic using Wireshark to identify insecure credential transmission.
- Participated in Red Team simulation tasks (initial access, privilege escalation, lateral movement) using tools like Metasploit, Empire, BloodHound, Mimikatz, and PowerShell.
- Developed Python security tools:
- Port Scanner to detect open ports on IP/port ranges.
- Password Strength Checker to evaluate password complexity.
- File Encryption Tool using the cryptography library for secure file handling.

- Imaging: Created an image file of a USB drive using FTK Imager tool.
- Recovery: Recovered deleted files from a USB drive using Recuva tool.
- Autopsy: Analyzed deleted files using the Autopsy digital forensics tool.
- Network Analysis: Studied and used the Wireshark packet analyzer to analyze network traffic and capture packets.
- Registry Analysis: Conducted Windows Registry analysis using RegRipper tool to uncover system data.
- Last Activity View: Analyzed user activity on a system using the LastActivityView tool to examine logs and traces.

- Basic Network Sniffer
o Objective: To sniff network traffic, capturing sensitive data like IDs and passwords.
o Tools/Techniques: Used basic network sniffing techniques to monitor data packets and extract information such as login credentials.
- Network Intrusion Detection System (NIDS)
o Objective: To implement an intrusion detection system using Snort.
o Focus: Configured Snort to detect and alert on ICMP ping-based attacks, helping to monitor and secure networks against potential intrusions.

- Clickjacking: Learned techniques to prevent and identify clickjacking attacks by embedding malicious content to trick users into clicking unintended buttons or links.
- HTML Injection: Gained hands-on experience in detecting and mitigating HTML injection vulnerabilities that allow attackers to inject malicious HTML code.
- CSRF (Cross-Site Request Forgery): Studied methods to protect applications from CSRF attacks, which exploit the trust a site has in a user's browser.
- SSRF (Server-Side Request Forgery): Analyzed SSRF vulnerabilities where an attacker manipulates server-side requests to interact with internal resources.
- Cryptography: Explored encryption methods and cryptographic protocols to secure data and communications.
- Reverse Engineering: Learned how to reverse-engineer binaries to understand their functionality and detect vulnerabilities.
- OSINT (Open-Source Intelligence): Conducted open-source intelligence gathering to extract valuable information for cyber investigations.
- Network Forensics: Investigated network traffic to analyze security incidents and identify malicious activities.
- CTF (Capture the Flag): Participated in CTF challenges to enhance practical problem solving skills and cybersecurity knowledge.

- Web Application Security Testing: Performed comprehensive security testing of web applications, identifying and exploiting vulnerabilities such as SQL Injection, XSS, CSRF, and authentication bypass using tools like Burp Suite, OWASP ZAP, and manual testing techniques.
- Social Engineering & Phishing Simulation: Designed and executed phishing simulations using tools like Gophish and the Social Engineering Toolkit (SET) to assess employee awareness, track user interactions, and generate actionable reports for improving security training.
- Malware Analysis & Reverse Engineering: Analyzed suspicious files to identify malware behavior, unpacked and reverse engineered executables using tools like Ghidra, x64dbg, and VirusTotal to extract indicators of compromise (IOCs) and strengthen defensive strategies.
- Secure Wi-Fi Network: Secured wireless networks by implementing WPA3 encryption, MAC address filtering, hidden SSIDs, and regular audits to detect unauthorized access and mitigate risks such as deauthentication attacks and rogue access points.

Dedicated Capture The Flag (CTF) player actively engaged on TryHackMe, a leading hands-on cybersecurity training platform. My journey includes solving challenges across a wide range of domains such as web exploitation, privilege escalation, network analysis, cryptography, and penetration testing. I leverage these labs to strengthen my practical skills, understand real-world attack vectors, and stay sharp with current cybersecurity techniques. TryHackMe serves as a daily training ground where I continuously test and improve my offensive and defensive capabilities in a simulated environment.