Bd-Mutant7 — Meru University Of Science And Technology Cybersecurity student and penetration testing practitioner based in Kenya 🇰🇪 , focused on offensive security and ethical hacking.
🎯 Specializing in Web Application Pentesting , Network Exploitation , and Vulnerability Research
🏴 Active CTF competitor on TryHackMe, HackTheBox, and CTFtime
🛠️ Building security tools and automation scripts with Python & Bash
📋 Currently pursuing eJPT and CompTIA Security+ certifications
🌱 2026 Goal: First bug bounty report + OSCP roadmap entry
🤝 Open to collaborations on security research , CTF teams , and tool development
╔═══════════════════════╗
║ SECURITY PROFILE ║
╠═══════════════════════╣
║ Role : Red Teamer ║
║ Base : Kenya 🇰🇪 ║
║ Focus : O/Defensive ║
║ Status : Learning ║
║ Mode : Full Send ║
╚═══════════════════════╝
Domain
Topics
🌐 Web App Security
SQLi · XSS · SSRF · IDOR · LFI/RFI · CSRF · JWT Attacks
🔌 Network Pentesting
Port Scanning · MITM · Sniffing · SMB · FTP · SSH Exploitation
🔐 Password Attacks
Brute Force · Hash Cracking · Credential Stuffing · Rainbow Tables
📁 Privilege Escalation
LinPEAS · WinPEAS · SUID · Cron Jobs · GTFOBins · Kernel Exploits
🕵️ OSINT & Recon
Google Dorks · Shodan · TheHarvester · Maltego · DNS Enumeration
🐛 Vulnerability Research
CVE Analysis · ExploitDB · Nuclei · Manual Code Review
🔗 Browse all repositories →
📝 CTF Writeups & Research
Documenting every machine, challenge, and vulnerability I learn from.
#
Title
Category
Platform
Difficulty
Link
01
Visit Repo Web Exploitation
TryHackMe
🟢 Easy
—
02
Visit Repo Privilege Escalation
HackTheBox
🟠 Medium
—
03
Visit Repo Network Pentesting
CTF Competition
🔴 Hard
—
📌 Full writeup collection →
Status
Certification
Issuer
Target Date
🟡 In Progress
eJPT — Junior Penetration TesterINE / eLearnSecurity
Q2 2026
🟡 Studying
CompTIA Security+ CompTIA
Q2 2026
⬜ Planned
CompTIA PenTest+ CompTIA
Q3 2026
⬜ Planned
CEH — Certified Ethical HackerEC-Council
Q4 2026
⬜ Planned
PNPT — Practical Network PentesterTCM Security
2027
⬜ Planned
OSCP — Offensive Security Certified ProOffSec
2027
Platform
Focus
Sessions
Status
TryHackMe Web, Networks, Privilege Escalation
Weekly
🟢 Active
HackTheBox Machines & Pro Labs
Weekly
🟢 Active
PortSwigger Web App Vulnerability Labs
Daily
🟡 Ongoing
CTFtime All Categories
Monthly
🟢 Competing
🛡️ Blue Team — Defense & Detection
"You can't defend what you don't understand. Red team to learn. Blue team to protect."
Domain
Skills & Concepts
📊 SIEM & Log Analysis
Splunk SPL · Elastic Stack (ELK) · Log Correlation · Alert Tuning
🚨 Incident Response
IR Playbooks · Evidence Collection · Containment · Eradication
🔬 Digital Forensics
Volatility · FTK Imager · Autopsy · Memory Analysis · Disk Imaging
🌐 Network Defense
Snort/Suricata IDS · Firewall Rules · Traffic Analysis · Anomaly Detection
🦠 Threat Intelligence
MITRE ATT&CK · IOC Analysis · YARA Rules · VirusTotal · OSINT
🔒 Endpoint Security
Wazuh EDR · File Integrity Monitoring · AV Evasion Detection
🕵️ Threat Hunting
Hypothesis-Driven Hunting · Sigma Rules · Timeline Analysis
┌─── DETECT ────────────────────────────────────────────────────┐
│ SIEM Alerts → IDS/IPS Triggers → Anomaly Baseline Deviation │
└──────────────────────────┬────────────────────────────────────┘
▼
┌─── TRIAGE ────────────────────────────────────────────────────┐
│ Alert Validation → False Positive Filtering → Priority Score │
└──────────────────────────┬────────────────────────────────────┘
▼
┌─── INVESTIGATE ───────────────────────────────────────────────┐
│ Log Correlation → IOC Lookup → TTPs Mapping (MITRE ATT&CK) │
└──────────────────────────┬────────────────────────────────────┘
▼
┌─── RESPOND ───────────────────────────────────────────────────┐
│ Containment → Eradication → Recovery → Lessons Learned │
└───────────────────────────────────────────────────────────────┘
🔧 Tools (Quick Reference)
Category
Tools
🔴 Scanners
Nmap · Masscan · Rustscan · Nikto · Nuclei
🔴 Web Testing
Burp Suite · OWASP ZAP · SQLMap · ffuf · Gobuster
🔴 Exploitation
Metasploit · ExploitDB · SearchSploit · msfvenom
🔴 Password
Hashcat · John the Ripper · Hydra · Medusa · CeWL
🔴 Post-Exploit
LinPEAS · WinPEAS · BloodHound · Mimikatz · Impacket
🔴 OSINT
TheHarvester · Maltego · Shodan · Recon-ng · Sublist3r
🔵 SIEM
Splunk · Elastic/Kibana · Wazuh · Graylog
🔵 IDS / IPS
Snort · Suricata · Zeek · OSSEC
🔵 Forensics
Volatility · Autopsy · FTK Imager · Binwalk · Strings
🔵 Threat Intel
MISP · OpenCTI · VirusTotal · AbuseIPDB · Sigma Rules
🔵 Traffic
Wireshark · tcpdump · NetworkMiner · Ettercap
⚙️ Environment
Kali Linux · Parrot OS · Docker · VirtualBox · tmux
Platform
Handle
Link
📧
Email G-Mail
💼
LinkedIn Soon
🐦
Twitter / X @BdMutant
🔐
TryHackMe 👉
💻
HackTheBox @BdMutant7
💬
WhatsApp Text Only
🌐
Portfolio Live Site
"Security is not a product, but a process." — Bruce Schneier
Visitors