Full-Chain Attack Capability
Eight years of live operations built a toolkit that runs from initial reconnaissance through domain compromise. Every technique below has been executed in enterprise environments, not simulated on paper.
Skills Mapped to the Kill Chain
Reconnaissance
Initial Access
Lateral Movement & Privilege Escalation
Persistence & Exfiltration
Pass-the-Hash, Pass-the-Ticket, Kerberoasting, DCSync, token impersonation, LSASS dumping, and domain privilege escalation across hardened Windows environments.
OSINT collection, network enumeration, BloodHound AD mapping, LDAP querying, DNS recon, and service fingerprinting across internal and external attack surfaces.
C2 framework deployment, scheduled task backdoors, registry persistence, data staging, covert exfiltration over DNS/HTTP, and post-compromise cleanup to simulate APT tradecraft.
Phishing campaigns, web application exploitation, CVE-based RCE, credential stuffing, SMB relay attacks, and payload delivery via custom-crafted droppers.
Cobalt Strike, Metasploit Framework, Sliver, Havoc C2, msfvenom, custom shellcode loaders
Tools Deployed in Production
BloodHound, SharpHound, Mimikatz, Impacket suite, PowerView, Rubeus, CrackMapExec, Responder
Every tool listed has been used in live red team engagements or documented lab operations — not listed for resume padding. Custom Python automation extends where commercial frameworks stop.
Burp Suite Pro, Nmap, Nessus, Nuclei, ffuf, SQLMap, Wireshark, Netcat, proxychains
Python 3, PowerShell scripting, Bash, custom C2 listeners, automated recon pipelines
Verify the Work Behind the Toolkit
CVE write-ups, HTB Pro Lab completions, and red team case studies document exactly where and how these tools were used against hardened targets.