🕶️ CyberSecurity Journey

Overview

Platform

Independent Cybersecurity Practice

Duration

02 July 2025 – 02 September 2025

Environment

Kali Linux & Windows 11

Domains

Penetration Testing | System Hardening | Compliance

Offensive Security — HackTheBox

Machine: TombWatcher

OS: Windows

Difficulty: Medium

Status: 💀 PWNED

Pwn Date: 17 July 2025

Kali Linux

→

Nmap Recon

→

Web Enumeration

→

/login.aspx Discovery

→

LFI Exploit (custom Python script)

→

Reverse Shell

→

Privilege Escalation

→

user.txt & root.txt captured

✓ LFI highlighted as key vulnerability ✓ Compromise confirmed

TombWatcher.png

TombWatcher_Pwned.png

Tools & Commands Matrix

Searchable and filterable matrix of tools, commands, purpose, and status.
Tool Name	Command Used	Purpose	Status

Success Failed

Defensive Security — CIS-CAT

System

Windows 11

Tool

CIS-CAT Assessor Lite v4

Initial Compliance: 20.54% Final Compliance: 70%+

20.54%

Fixes Applied

Guest account disabled
SMBv1 disabled
Firewall enabled
Password & lockout policies hardened

CIS_CAT_Success_Report.png

Success & Validation

💀 HackTheBox machine successfully compromised

🛡️ System hardened using CIS benchmarks

📈 Compliance improved by more than 40%

Learnings & Impact

Real-world red-team methodology
Importance of failed attempts and pivoting
Vulnerability chaining
Compliance auditing & remediation
Professional security documentation

Evidence

Screenshots load only on request to keep things fast and clean.