Penetration Tester

Hello there, I'm Burhan.

Some people collect stamps. I collect vulnerabilities.

I'm a penetration tester who breaks into systems (legally) and tells you how I did it before someone else does it maliciously. Think of me as the person who finds the unlocked window before the burglar does.

Fresh out of college with a PNPT certification and 15+ real vulnerabilities found.

View Projects Contact

Currently seeking

Junior Penetration Tester or Red Team roles.

Background

How I Got Here (Or: How I Learned to Stop Worrying and Love the Shell)

Picture this: 2021, first year of college. I'm sitting in my cybersecurity class learning about the CIA triad—Confidentiality, Integrity, Availability. And I'm thinking, "Okay cool, so that's cybersecurity. Just... CIA."

2022, same thing. More CIA triad. I'm starting to wonder, "Wait, is that EVERYTHING in cybersecurity?"

Then I came across TryHackMe and HackTheBox. My brain practically exploded. "WOAHHH, there's an ENTIRE UNIVERSE beyond the CIA triad?!"

2023 hits, and I properly dive in. My first room: OSINT. No clue what I'm doing. The room loads, and I get... one picture. Just one. I stare at it. Refresh the page thinking it didn't load properly. Same picture.

Then I find a Medium article explaining the solution. What happens next? MIND. BLOWN. This person extracted a user's password. From. A. Picture.

That was it. I was hooked. Didn't stop from that day.

Top 6%

TryHackMe Global Ranking

50+

Offensive Security Labs

15+

Critical Vulns Found

My Philosophy

"I learn systems end-to-end, then build tools that remove friction for everyone else, while I move on to the next challenge."

Findings

Projects

ReconForge

Active Development

The All-in-One Pentester's Swiss Army Knife

GitHub Demo

Problem

Switching between 15 different terminal windows running Nmap, Gobuster, Hydra, and copying outputs into reports like a digital scrapbooker.

Approach

Built a unified GUI wrapping every major command-line pentesting tool with automatic report generation.

Impact

Documentation is half the job in penetration testing. This tool handles the boring stuff so you can focus on finding vulnerabilities.

Python Flask HTML CSS JavaScript

DefenseSphere

Completed

Blockchain Meets Identity Management

GitHub Demo

Problem

Traditional IAM systems have single points of failure.

Approach

Built a complete blockchain-powered authentication system with RBAC, VPN tunneling, file integrity monitoring, and token-based auth.

Impact

Reduced identity spoofing by 68% and unauthorized access incidents by 80% in simulated environments. Also pentested my own system and fixed the vulnerabilities.

Python Flask Solidity Web3.py Burp Suite

Ghost Keylogger

Research Project

Educational Security Research

GitHub

Problem

Understanding how malware authors make keyloggers that evade detection.

Approach

Built an educational keylogger to study AV evasion techniques, behavioral analysis, and endpoint security.

Impact

Deepened understanding of attack techniques to better defend against them. Tested exclusively in isolated VMs.

Python pynput Windows API

Other projects:

  • Active Directory Attack Labs — Practice environment for Kerberoasting, Pass-the-Hash, Golden Ticket attacks
  • CTF Writeups & Research — 50+ TryHackMe labs completed (Top 9% globally)

Capabilities

Skills

Active Directory Attacks

If your organization runs Windows, there's a 90% chance I can find a way to escalate privileges. Kerberoasting, AS-REP Roasting, Pass-the-Hash, Golden Tickets — that's breakfast.

Learning at Lightning Speed

Web development? 3 days. n8n automation? 2 days. New exploitation technique? Give me a weekend. I get functional fast enough to build real projects.

Breaking AND Building

Most pentesters break things. I break things, understand WHY they broke, then build solutions. DefenseSphere is proof.

Making Boring Stuff Interesting

I write technical writeups that even non-technical people find engaging. What's the point of finding cool vulnerabilities if you can't explain them?

Tools & Technologies

Penetration Testing

Nmap Metasploit Burp Suite Hydra John The Ripper Nikto Nessus Gobuster SQLmap Dirbuster

Exploitation

Linux/Windows Privesc Kerberoasting Pass-the-Hash AS-REP Roasting Golden Tickets Web App Exploitation Lateral Movement

Programming

Python Bash PowerShell GoLang JavaScript

Frameworks

OWASP Top 10 OWASP LLM Top 10 NIST CSF MITRE ATT&CK

Networking

TCP/UDP SMB/CIFS DNS SSH RDP Wireshark

Operating Systems

Kali Linux ParrotOS Windows Server Active Directory

Certifications

PNPT

TCM Security

CompTIA PenTest+

Exam Jan 2026

Jr Penetration Tester

TryHackMe

Generative AI Professional

Oracle

Experience

Work History

AI Agent Assistant

Mindrift Toloka

Aug 2025 - Oct 2025

  • Spearheaded optimization of large language model (LLM) prompts, resulting in a 25% increase in response relevance based on internal evaluation metrics.
  • Collaborated with cross-functional teams to implement AI-driven workflow improvements, leading to measurable time and cost savings.
  • Implemented AI-driven data analysis methods, influencing product decisions and saving 10+ hours per month in manual review.
  • Managed hands-on machine learning experimentation and AI model training, enhancing understanding of model behavior and optimization for future deployments.

Penetration Testing Intern

Groot

Jun 2023 - Aug 2023

  • Found and documented 15+ critical vulnerabilities (CVSS 6+) across sandbox environments
  • Wrote comprehensive pentest reports with clear exploit PoCs, CVSS scoring, and remediation strategies
  • Executed privilege escalation attacks on hardened Linux VMs using kernel exploits, SUID binaries, and misconfigured services
  • Simulated post-exploitation scenarios with Metasploit (payload delivery, persistence, lateral movement)

Current Activity

TryHackMe Top 6%, building ReconForge, writing technical articles, preparing for CompTIA PenTest+.

Writing & Research

I Write Too

I document my journey through detailed writeups on Medium. Think of them as technical blog posts where I explain:

Why read my articles?

Because I explain things like I'm talking to a friend over coffee, not like I'm reading from a textbook. Technical doesn't have to mean boring.

Check out my Medium profile

Education

B.Tech in Computer Science Engineering

Specialization: Cybersecurity

Graduated 2025

Sandip University, Nashik

7.9

CGPA / 10

The degree gave me the foundation. The late-night lab sessions and CTF competitions gave me the skills.

Engagement

Let's Talk

Whether you've got a job opportunity, want to collaborate on a project, or just want to chat about security.

burhanr15@outlook.com Connect with me Check out my code See my progress Read my writeups
Get in Touch