Cybersecurity Training | Red Team & Forensics | July 2025
This repository documents the hands-on tasks I performed during my Cybersecurity Internship (July 2025), focused on:
- Web application exploitation
- Network attack simulation
- Real-world tool usage and reporting
- Red Team & Forensics skill-building
All testing was done in secure labs (custom-hosted vulnerable apps) under ethical conditions.
| Category | Tools & Frameworks |
|---|---|
| Web Pentesting | Burp Suite, FFUF, Gobuster |
| Network Exploits | Nmap, Wireshark, Metasploit, Medusa, Hydra |
| Forensics | Autopsy, Volatility, ExifTool |
| OS & Platforms | Kali Linux, Metasploitable2 |
| Automation | Bash Scripting, Python |
These were identified and exploited in real-world style environments:
- ๐ด SQL Injection (SQLi)
- ๐ Cross-Site Scripting (XSS) โ Stored, Reflected, DOM
- ๐ด Local File Inclusion (LFI)
- ๐ก Server-Side Template Injection (SSTI)
- ๐ Insecure Direct Object Reference (IDOR)
- ๐ด Unrestricted File Upload
- ๐ข Privilege Escalation (Windows & Linux)
- ๐ Network Attacks (FTP anonymous login, SSH brute-force, SMB enumeration)
Each write-up includes: Setup โ Exploit Steps โ Screenshot Proof โ Mitigation
Click to explore:
| Vulnerability / Topic | Walkthrough Link |
|---|---|
| SQL Injection (SQLi) | walkthroughs/SQLi.md |
| Cross-Site Scripting (XSS) | walkthroughs/XSS.md |
| Local File Inclusion (LFI) | walkthroughs/LFI.md |
| SMB Enumeration | walkthroughs/SMB-Enum.md |
| SSH Brute Force (Medusa) | walkthroughs/SSH.md |
| Directory Listing | walkthroughs/DL.md |
| IDOR Access Exploit | walkthroughs/IDOR.md |
git clone https://github.com/shravya235/Penetration-Testing-Portfolio.git