<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Posts on SOPHY'S CYBERLAB</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/</link><description>Recent content in Posts on SOPHY'S CYBERLAB</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Mon, 20 Apr 2026 00:00:00 +0100</lastBuildDate><atom:link href="https://xblankzgap.github.io/cyber-portfolio/posts/index.xml" rel="self" type="application/rss+xml"/><item><title>Regulatory Compliance &amp; Secure System Architecture (NIST/ISO 27001)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/regulatory-compliance-nist-iso/</link><pubDate>Mon, 20 Apr 2026 00:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/regulatory-compliance-nist-iso/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To architect a secure, compliant SaaS environment aligned with ISO 27001 and the NIST Cybersecurity Framework.&lt;/p></description></item><item><title>Web-to-System Pivot via Command Injection</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/web-to-system-pivot-reverse-shell/</link><pubDate>Tue, 30 Sep 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/web-to-system-pivot-reverse-shell/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To exploit a Command Injection vulnerability in a web application to bypass input filters and establish a persistent Remote Shell.&lt;/p></description></item><item><title>Post-Exploitation &amp; Sensitive Data Exfiltration</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/post-exploitation-data-exfiltration/</link><pubDate>Sat, 20 Sep 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/post-exploitation-data-exfiltration/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To leverage administrative access to extract the system&amp;rsquo;s &amp;ldquo;Shadow&amp;rdquo; file, demonstrating the ability to harvest encrypted credentials for offline analysis.&lt;/p></description></item><item><title>Fowsniff — Credential Harvesting &amp; Password Cracking</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/fowsniff-credential-harvesting/</link><pubDate>Fri, 17 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/fowsniff-credential-harvesting/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To exfiltrate and crack leaked credentials from unencrypted data sources to perform authenticated service attacks.&lt;/p></description></item><item><title>Mr. Robot — Web Exploitation &amp; System Compromise</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/mrrobot-web-system-compromise/</link><pubDate>Thu, 26 Mar 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/mrrobot-web-system-compromise/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To demonstrate a full-stack compromise, from website reconnaissance and credential harvesting to gaining root-level access on a Linux server.&lt;/p></description></item><item><title>Kenobi — Exploiting NFS Misconfigurations &amp; Privilege Escalation</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/kenobi-nfs-misconfig-priv-esc/</link><pubDate>Wed, 25 Mar 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/kenobi-nfs-misconfig-priv-esc/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To demonstrate the use of insecure service configurations and SUID binaries to perform cross-protocol exploitation and gain root access.&lt;/p></description></item><item><title>Blue: EternalBlue Exploitation &amp; Privilege Escalation</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/eternalblue-windows-exploitation/</link><pubDate>Fri, 20 Mar 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/eternalblue-windows-exploitation/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To identify and exploit the MS17-010 (EternalBlue) vulnerability on a legacy Windows target to achieve SYSTEM-level access and credential exfiltration.&lt;/p></description></item><item><title>Exploiting Infrastructure Vulnerabilities (Backdoor Access)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/infrastructure-exploitation-metasploit/</link><pubDate>Fri, 12 Sep 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/infrastructure-exploitation-metasploit/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To execute a remote command execution (RCE) exploit against a backdoored FTP service to gain unauthorized administrative access to the target host.&lt;/p></description></item><item><title>Service Enumeration &amp; Vulnerability Research</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/service-enumeration-lab/</link><pubDate>Tue, 05 Aug 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/service-enumeration-lab/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To perform deep-packet inspection and service fingerprinting on a target host to identify exploitable entry points within the infrastructure.&lt;/p></description></item><item><title>Network Traffic Analysis &amp; Incident Response (Wazuh &amp; PCAP)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/log-analysis-incident-response/</link><pubDate>Mon, 20 Apr 2026 00:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/log-analysis-incident-response/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To perform a technical post-mortem analysis of a network intrusion attempt using centralized log management and deep packet inspection.&lt;/p></description></item><item><title>Hybrid SIEM Architecture for SEO &amp; Security Intelligence</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/hybrid-siem-architecture/</link><pubDate>Wed, 15 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/hybrid-siem-architecture/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To design and implement a unified SIEM workflow that integrates Splunk and Microsoft Sentinel to detect SEO-specific threats and automated bot attacks.&lt;/p></description></item><item><title>Network Traffic Baselining and Anomaly Detection</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/network-baselining-anomaly/</link><pubDate>Sat, 15 Nov 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/network-baselining-anomaly/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To establish a behavioral baseline for legitimate network traffic and use protocol analysis to isolate potential security threats.&lt;/p></description></item><item><title>Centralized Network Security via Router-Level Filtering</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/router-level-filtering/</link><pubDate>Mon, 10 Nov 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/router-level-filtering/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To implement non-device-specific security controls by enforcing domain blocking at the network gateway.&lt;/p></description></item><item><title>Automated Domain Blocking via Batch Scripting</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/automated-domain-blocking/</link><pubDate>Wed, 05 Nov 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/automated-domain-blocking/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To develop a reusable and scalable automation tool for neutralizing network threats at the system level.&lt;/p></description></item><item><title>Network Traffic Analysis &amp; Automated Threat Mitigation</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/network-traffic-analysis-mitigation/</link><pubDate>Tue, 15 Jul 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/network-traffic-analysis-mitigation/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To identify suspicious network traffic using protocol analysis and implement multi-layered blocking mechanisms to secure a local environment.&lt;/p></description></item><item><title>Defensive Lab Environment &amp; Network Configuration</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/defensive-lab-environment/</link><pubDate>Thu, 10 Jul 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/defensive-lab-environment/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To design and deploy a secure, isolated virtualization environment for controlled penetration testing and vulnerability analysis.&lt;/p></description></item><item><title>Network Security Fundamentals and Threat Assessment</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/network-fundamentals-assessment/</link><pubDate>Tue, 01 Jul 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/network-fundamentals-assessment/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To conduct a comprehensive study of network threat vectors and security controls to establish a foundational defense strategy for organizational environments.&lt;/p></description></item><item><title>Database Encryption &amp; Sensitive Data Protection (MongoDB)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/database-encryption-mongodb/</link><pubDate>Sun, 19 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/database-encryption-mongodb/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To implement Client-Side Field-Level Encryption (CSFLE) in a NoSQL environment to ensure that sensitive user data remains encrypted even if the database is compromised.&lt;/p></description></item><item><title>NoSQL Injection &amp; Database Poisoning (Vouched Application)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/nosql-injection-vouched/</link><pubDate>Sat, 18 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/nosql-injection-vouched/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To identify and exploit NoSQL injection vulnerabilities within the &amp;ldquo;Vouched&amp;rdquo; application to bypass authentication and extract sensitive user data.&lt;/p></description></item><item><title>Secure Session Architecture &amp; Defensive Flag Implementation</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/secure-session-architecture/</link><pubDate>Fri, 10 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/secure-session-architecture/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To implement a &amp;ldquo;Secure-by-Design&amp;rdquo; framework for web applications to neutralize cookie-based attack vectors.&lt;/p></description></item><item><title>Session Hijacking via Automated Cookie Exfiltration</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/session-hijacking-cookie-exfiltration/</link><pubDate>Sun, 05 Apr 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/session-hijacking-cookie-exfiltration/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To demonstrate the ease of unauthorized cookie acquisition and subsequent account compromise using browser-based exfiltration tools.&lt;/p></description></item><item><title>Insecure Direct Object Reference (IDOR) &amp; Path Traversal Discovery</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/idor-path-traversal-discovery/</link><pubDate>Mon, 15 Dec 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/idor-path-traversal-discovery/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To identify and verify directory traversal vulnerabilities that allow unauthorized access to sensitive system files.&lt;/p></description></item><item><title>Vulnerability Analysis and Remediation Planning</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/vulnerability-remediation-planning/</link><pubDate>Wed, 10 Dec 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/vulnerability-remediation-planning/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To systematically document discovered web vulnerabilities and provide actionable, code-level remediation strategies for development teams.&lt;/p></description></item><item><title>Automated Web Application Vulnerability Discovery</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/automated-web-vulnerability-discovery/</link><pubDate>Fri, 05 Dec 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/automated-web-vulnerability-discovery/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To utilize automated scanning tools to perform comprehensive reconnaissance and identify high-risk web vulnerabilities within an authenticated session.&lt;/p></description></item><item><title>Database Breach &amp; Administrative Data Exfiltration</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/database-breach-vulnerability/</link><pubDate>Wed, 15 Oct 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/database-breach-vulnerability/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To leverage a compromised web shell to gain unauthorized access to the backend MySQL database and exfiltrate the full user credential table.&lt;/p></description></item><item><title>Cross-Site Request Forgery (CSRF) via Forged Reviews</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/csrf-forged-reviews/</link><pubDate>Wed, 20 Aug 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/csrf-forged-reviews/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To exploit missing request verification to perform unauthorized actions on behalf of a logged-in user.&lt;/p></description></item><item><title>DOM-Based Cross-Site Scripting (XSS) Analysis</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/dom-xss-analysis/</link><pubDate>Fri, 15 Aug 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/dom-xss-analysis/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To identify and exploit an unsafe JavaScript &amp;ldquo;sink&amp;rdquo; to execute arbitrary code in the victim&amp;rsquo;s browser context.&lt;/p></description></item><item><title>Exploiting &amp; Mitigating String-Based SQL Injection</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/sql-injection-exploitation/</link><pubDate>Sun, 10 Aug 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/sql-injection-exploitation/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To demonstrate how unsanitized user input allows attackers to bypass authentication and exfiltrate sensitive database records.&lt;/p></description></item><item><title>Blockchain Forensics: Private Key Retrieval &amp; Transaction Hijacking</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/cryptographic-wallet-bip39/</link><pubDate>Fri, 20 Mar 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/cryptographic-wallet-bip39/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To demonstrate the technical impact of private key exposure by automating the retrieval of all associated wallet addresses and triggering unauthorized balance checks and transactions.&lt;/p></description></item><item><title>Blockchain Forensics &amp; Incident Post-Mortem (Bitfinex Case Study)</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/blockchain-forensics-bitfinex/</link><pubDate>Sun, 15 Mar 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/blockchain-forensics-bitfinex/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To analyze high-scale cryptocurrency heists and identify the critical security failures in private key management that lead to multi-billion dollar losses.&lt;/p></description></item><item><title>Mandatory Access Control (MAC) using SELinux</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/selinux-mandatory-access-control/</link><pubDate>Thu, 15 Jan 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/selinux-mandatory-access-control/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To enforce strict security policies at the kernel level, preventing unauthorized resource access by compromised services.&lt;/p></description></item><item><title>Data Integrity Verification via Cryptographic Hashing</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/data-integrity-hashing/</link><pubDate>Sat, 10 Jan 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/data-integrity-hashing/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To utilize one-way hashing algorithms to verify data authenticity and secure credential storage.&lt;/p></description></item><item><title>Cryptographic Infrastructure &amp; Secure Communication</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/cryptographic-infrastructure-pki/</link><pubDate>Mon, 05 Jan 2026 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/cryptographic-infrastructure-pki/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To implement and manage cryptographic systems that ensure end-to-end data confidentiality and authenticated communication.&lt;/p></description></item><item><title>Offline Cryptanalysis &amp; Password Recovery</title><link>https://xblankzgap.github.io/cyber-portfolio/posts/cryptanalysis-hash-cracking/</link><pubDate>Thu, 25 Sep 2025 10:00:00 +0100</pubDate><guid>https://xblankzgap.github.io/cyber-portfolio/posts/cryptanalysis-hash-cracking/</guid><description>&lt;p>&lt;strong>Objective:&lt;/strong> To utilize high-performance cracking tools to perform a dictionary attack against stolen MD5 hashes, successfully recovering plaintext credentials.&lt;/p></description></item></channel></rss>