Notes · Labs · Projects · Research
Built across TryHackMe, Hack The Box, TCM Security, zSecurity, and independent lab work. Covers the full spectrum from blue team operations to red team exploitation to GRC consulting.
| # | Domain | Repos |
|---|---|---|
| 1 | Foundations | 3 repos — networking, OS, web basics |
| 2 | SOC & Blue Team | 4 repos — notes + 3 live SOC projects |
| 3 | OSINT & Password Cracking | 1 repo — recon tools, hash cracking |
| 4 | Penetration Testing | 8 repos — notes + 2 live pentest projects |
| 5 | Web Hacking & Bug Bounty | 8 repos — web vulns + 2 live web pentest projects |
| 6 | GRC — Governance, Risk & Compliance | 8 repos — study notes + 6 live GRC projects |
The starting point — networking, operating systems, Linux, Windows, and web infrastructure. Everything else in this repo builds on these.
| Repository | What's covered |
|---|---|
| thm-Pre-Security | OSI model, TCP/IP, subnetting, DNS, DHCP, Linux terminal, Windows internals, HTTP/HTTPS |
| thm-Cyber-Security101 | Offensive + defensive security, Active Directory, PowerShell, Wireshark, Nmap, Metasploit intro, cryptography, SIEM basics |
| thm-WebFundamentals | HTTP lifecycle, DNS resolution, cookies, sessions, web servers, Burp Suite intro |
Four repos — one study path and three hands-on lab projects that are intentionally interconnected: packet-capture-analyser and log-monitor-dashboard both feed data upstream into splunk-siem, simulating a real SOC pipeline end-to-end on Kali Linux.
| Repository | What's covered |
|---|---|
| thm-SOCL1 | Alert triage, DFIR, SIEM correlation rules, threat intelligence, MITRE ATT&CK mapping |
| log-monitor-dashboard | Real-time auth.log parser (Bash + Python), brute-force detection, privilege escalation tracking, live browser SOC dashboard, Splunk ingestion config |
| packet-capture-analyser | Live capture with tcpdump, protocol dissection with tshark + Wireshark, SYN flood and port scan detection, FTP cleartext credential exposure, CSV export to Splunk |
| splunk-siem | Splunk Free on Kali — SPL detection queries, cross-project threat correlation, saved alert rules, full SOC dashboard with timelines and event graphs |
| Repository | What's covered |
|---|---|
| OSINT-and-Password-Cracking | Maltego, Shodan, theHarvester, Recon-ng, WHOIS, sock puppet persona lab, Hashcat (wordlist / rule / mask / hybrid attacks), John the Ripper, rockyou.txt, legal practice platforms |
Study notes covering the full offensive security methodology — from networking basics through Active Directory compromise — followed by two black-box penetration testing projects conducted in isolated lab environments with formal reports.
| Repository | What's covered |
|---|---|
| thm-jrPenTester | Pentest methodology, Nmap, Metasploit, web vulns, Linux + Windows privilege escalation, post-exploitation |
| htb-pentest-in-a-nutshell | Full engagement lifecycle — pre-engagement, scoping, legal auth, info gathering, assessment, professional reporting |
| tcm-PEH-practical-ethical-hacking | Networking, Linux, Bash scripting, Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket), exploit development, capstone machine walkthroughs |
| thm-wifi-hacking101 | WPA/WPA2 internals, 4-way handshake capture, aircrack-ng suite, Hashcat modes 2500 and 22000 |
| thm-android-hacking101 | APK structure, DEX/Smali, jadx, apktool, dex2jar, static analysis — hardcoded secrets, weak crypto, exported components, Firebase misconfigs |
| zSecurity-ethical-hacking-from-scratch | Recon, scanning, network sniffing, MITM attacks, exploitation, post-exploitation, covering tracks |
| zSecurity-cloud-based-hacking | Cloud attack infrastructure, phishing campaigns, 2FA bypass, C2 framework setup, browser exploitation, trojan delivery and evasion |
Full black-box engagements in isolated lab environments. Each follows a real pentest structure and includes a formal PDF report.
ghost-in-the-network — Network Penetration Test
Target: Metasploitable2. Zero prior knowledge → full root compromise via host discovery, Nmap enumeration, SMB analysis, CVE research, and exploitation. Formal report in /report/.
broken-trust — Active Directory Penetration Test
Target: Windows Server 2019 domain corp.local. No CVEs used — entire chain via AD misconfigurations and Kerberos weaknesses only: enumeration → Kerberoasting → AS-REP Roasting → credential dumping → Pass-the-Hash → Domain Admin. Formal report in /report/.
Study notes covering the full web application attack surface — from HTTP fundamentals through HTTP request smuggling — followed by two web application penetration testing projects with formal reports.
| Repository | What's covered |
|---|---|
| thm-webapp-pentesting | Auth attacks, SQLi, XSS, IDOR, SSRF, XXE, LFI/RFI, path traversal, HTTP request smuggling — full TryHackMe web path |
| zSecurity-web-hacking | File upload bypass, LFI/RFI, SQLi, XSS, CSRF, brute force with Hydra + Burp Intruder, Nikto, OWASP ZAP |
| ranakhalil-webhacking | 30-day structured roadmap — Rana Khalil playlists, PortSwigger Web Security Academy labs mapped to each vuln class, HTB challenges |
| zSecurity-social-engineering | OSINT profiling, Windows/macOS/Linux malware creation, phishing, USB drops, delivery methods, post-exploitation, defences |
| zSecurity-dark-web-anonymity-privacy | TOR internals, TAILS OS, dark net navigation, PGP encryption, Signal/ProtonMail, file encryption, Qubes OS, cryptocurrency anonymization |
| zSecurity-bug-bounty-hunting | IDOR, CSRF, path traversal, OAuth 2.0 flaws, OS command injection, XSS (all variants + CSP bypass), SQLi, SSRF, XXE, live hunting methodology, professional report writing |
| htb-bug-bounty-hunting | Web app architecture, HTTP/HTTPS internals, REST APIs, CRUD, OWASP vuln categories, responsible disclosure, bug bounty program rules |
Full black-box web application engagements in isolated lab environments. Each includes a formal PDF report.
insider-threat — Web Application Penetration Test
Target: DVWA modelling a corporate HR app with internal attacker access. Five vulnerabilities exploited — SQLi (full DB dump + all credentials), command injection (OS-level RCE), LFI, brute force, stored/reflected XSS. Full admin access achieved. Formal report in /report/.
invisible-shadow — XSS, Session Hijacking & Credential Interception
Complete multi-stage attack chain: XSS discovery → cookie security analysis (HttpOnly/Secure/SameSite) → session token theft → session hijack → full account takeover. No password cracking at any stage. Formal report in /report/.
Study notes and a growing portfolio of live GRC projects spanning professional advisory work, compliance tooling, IAM auditing, Islamic fintech governance, and AI governance — covering Indian, Saudi Arabian, and Gulf regulatory frameworks.
| Repository | What's covered |
|---|---|
| grc-notes | GRC Analyst fundamentals — governance structures, risk registers, compliance mapping, ISO 27001, NIST CSF, NIST SP 800-53, ISO 31000, COBIT, GDPR, HIPAA, PCI-DSS, SOX, security policy development |
| thm-governance-and-regulation | GDPR (data subject rights, breach notification), PCI-DSS (12 requirements, SAQ types), HIPAA (PHI, safeguard categories), ISO 27001 (ISMS, Annex A), NIST CSF (identify/protect/detect/respond/recover) |
resolute-compliance-advisory — GRC Advisory Portfolio Four client engagements across two years at a boutique GRC advisory firm, demonstrating full role progression from GRC Analyst to GRC Auditor. Frameworks: ISO 27001:2022, SOC 2, GDPR, India DPDP Act 2023, NCA ECC-1:2018, NCA ECC-2:2024, SAMA CSF, Saudi PDPL.
First engagement snapshot — Brightpath (IT Services, Bengaluru): ISO 27001 gap assessment returned 37.6% conformance (35/93 controls); SOC 2 Security Partially Ready; live critical risk flagged — former employee credentials still active. Deliverables: engagement letter, gap reports, Statement of Applicability (93 controls), risk register (27 risks, 9 domains), remediation roadmap (34 actions, Gantt, dashboard), executive summary. All client names anonymised.
pdpl-pii-scanner — Saudi PDPL Compliance Tool Python tool that scans CSV and Excel files for Saudi PII, classifies every finding into PDPL's actual legal tiers, risk-scores each one, checks for governance gaps, and produces redacted file copies. Output: bilingual EN/AR interactive HTML dashboard + CSV/console reports.
Detects 8 PII types. Classifies into three PDPL tiers: Personal Data, Credit Data (PDPL Article 24), and Sensitive Data (PDPL Article 1(11)) — each carrying different consent and DPIA obligations. Confidence scoring is layered (High/Medium/Low), not a flat yes/no. Flags missing consent tracking and cross-border transfer signals. Built on PDPL Article 1 defined terms and SDAIA public guidance. Live demo
iam-risk-assurance — IAM Audit Engagement SQL-based IAM audit for Najm Financial Services Co. (~400 staff, Riyadh) — a SAMA-regulated firm subject to NCA ECC mandatory controls. July–November 2025. Seven checks across the full IAM lifecycle, 203 findings, all mapped to ISO 27001 Annex A.9 / SAMA CSF / NCA ECC. Audit database and all detection queries built from scratch. Bilingual EN/AR interactive dashboard with RTL toggle. Formal report delivered in both languages. Live dashboard
al-mizan — Shariah & Regulatory GRC Framework for Islamic Fintech Most fintech and Islamic finance organisations run two disconnected compliance reviews — one for government regulation, one for Shariah board approval. Al-Mizan runs both in a single unified workflow. Built for the Saudi market under Vision 2030.
Three modules: (1) Governance maturity self-assessment scored against both regulatory and Shariah dimensions; (2) Gharar Risk Matrix — product-by-product uncertainty scoring per AAOIFI Standard No. 31 with a product category selector and mitigation guidance; (3) Dual-aspect audit checklist covering SAMA/CMA and Shariah board requirements simultaneously. Frameworks: SAMA CSF, CMA, Saudi PDPL, AAOIFI Shariah Standards. Fully interactive bilingual EN/AR dashboard with RTL switching. Runs entirely in the browser.
aigrc-imf — AI Governance Compliance Checker Research and tooling addressing a documented governance gap: organisations across regulated Gulf industries are deploying AI in GRC functions — fraud detection, compliance monitoring, risk scoring — faster than the governance architectures meant to control them.
Contains two things: (1) an academic paper proposing the AI-GRC Integrated Management Framework (AI-GRC IMF) — a five-phase lifecycle governance model grounded in ISO/IEC 27001:2022 and ISO/IEC 42001:2023, cross-referenced against Saudi PDPL, SDAIA AI Ethics Principles, NCA ECC-1:2018, SAMA CSF, and the EU AI Act; (2) an interactive compliance checker that lets organisations self-assess against the AI-GRC IMF and receive an AI-generated remediation report mapped to Saudi regulatory obligations. Open index.html — no installation, no server.
aigrc-audit-suite — AI GRC Audit Suite Work in progress. Details will be added on completion.
| Prefix | Platform |
|---|---|
thm- |
TryHackMe |
htb- |
Hack The Box Academy |
tcm- |
TCM Security |
zSecurity- |
zSecurity |
Actively maintained — connect on GitHub