HOME

Central hub for my penetration testing and red team notes.

WHOAMI

I’m Imran — a security student and offensive-security enthusiast focusing on:

  • Network & infrastructure penetration testing
  • Web application testing
  • Red teaming and adversary simulation

This site is my personal knowledge base: a place to document commands, techniques, and workflows I actually use in labs and assessments.

⚠️ Everything here is for authorised testing and education only.
Do not use these techniques on systems you don’t own or have explicit written permission to test.

What Is Penetration Testing?

Penetration testing (pen testing) is a controlled attack against a system, application, or network to identify and validate security weaknesses before real attackers do.

A typical pen test aims to:

  • Discover vulnerabilities (misconfigurations, weak auth, outdated software, logic issues)
  • Demonstrate impact with safe proof-of-concept exploitation
  • Provide clear recommendations so defenders can fix issues and improve their security posture

Unlike real attackers, pen testers work under a defined scope, rules of engagement, and a contract or written authorisation.

Methodologies Used

To keep tests structured, repeatable, and professional, I reference established methodologies, including:

  • PTES (Penetration Testing Execution Standard)
    • Pre-engagement & scoping
    • Intelligence gathering
    • Threat modelling
    • Vulnerability analysis
    • Exploitation
    • Post-exploitation
    • Reporting
  • OSSTMM / OWASP (where relevant)
    • For more detailed control checks and web application-specific testing

This wiki mirrors those stages: each sidebar page focuses on a specific area (recon, service-specific cheatsheets, exploitation helpers, post-exploitation notes, etc.).

What Is Red Teaming?

Red teaming goes beyond a traditional pen test.

  • A pen test usually focuses on finding vulnerabilities in a target and proving impact.
  • A red team engagement focuses on emulating a real adversary’s objectives — usually to test people, processes, and technology together.

Red teaming often includes:

  • Multi-stage attack paths (phishing → initial access → internal movement → objectives)
  • Avoiding detection by SOC / blue teams
  • Operating under realistic constraints and TTPs (MITRE ATT&CK style)
  • Clear rules of engagement and success criteria agreed with the organisation

This site mainly supports the offensive side of that mindset: recon, exploitation, post-exploitation and privilege escalation notes that can be used to build realistic attack chains in lab environments.

How to Use This Wiki

  • Use the sidebar to jump to specific topics (Nmap, Gobuster, FTP, Metasploit, priv-esc helpers, etc.).
  • Treat commands as building blocks – adapt them to the target, don’t just copy-paste blindly.
  • Always stay within legal and authorised scopes.

Happy hacking — responsibly. 🐉