Share
## https://sploitus.com/exploit?id=71369929-AECA-5E49-B368-D1455814790D
---

# **Cybersecurity Labs Portfolio**

This repository contains a comprehensive collection of hands-on cybersecurity labs completed during postgraduate studies. Each lab focuses on a specific security domain, including offensive security, wireless network attacks, cryptography, binary exploitation, network interception, firewalls, VPNs, and secure system configuration.

All work is fully documented through detailed PDF reports, supported by source code where applicable.

---

## **Table of Contents**

1. Overview
2. Repository Structure
3. Lab Summaries
4. Tools and Technologies
5. Contact

---

## **Overview**

This portfolio demonstrates practical, verifiable experience across multiple areas of cybersecurity. The labs cover:

* Vulnerability exploitation
* Wireless security (WEP, WPA/WPA2, WPA3, WPS, PMKID attacks, deauthentication, Hole196)
* Binary and memory-level attacks
* Cryptographic weaknesses
* Network interception and manipulation
* Firewall configuration and VPN deployment
* Secure infrastructure design
* Packet injection, packet capture, and low-level network analysis
* GSM and GPRS mobile network security
* Windows Active Directory exploitation
* Malware development, obfuscation, and AV evasion
* Memory forensics and event log investigation
* Cryptographic attack and hybrid encryption code implementations (Python & Java)

The goal of this repository is to showcase real technical capability through complete, hands-on, reproducible work.

---

## **Repository Structure**

All labs are stored as standalone PDF reports, accompanied by source code used in relevant exercises.

```
Heartbleed Vulnerability (CVE-2014-0160).pdf
Custom Packet Sniffer + Wireshark Analysis.pdf
ARP Spoofing MITM Attack.pdf
TCP Session Hijacking with Scapy & IP Spoofing.pdf
Deploying an Authoritative DNS Server (Bind9).pdf
DNS Poisoning Attack with Ettercap.pdf
Firewall Rules Using iptables.pdf
OPNsense Firewall Rules.pdf
Reverse Engineering and Exploitation (pwntools).pdf
AES-CTR Keystream Reuse Vulnerability.pdf
RSA Common Modulus Attack.pdf
GPG Encryption, Signing & Verification.pdf
VPN Deployment with pfSense (OpenVPN).pdf
SSLstrip Attack (MITM + Bettercap).pdf

WiFi Frame Capture and 802.11 Analysis.pdf
WiFi Deauthentication Attack with Aireplay-ng.pdf
WEP Key Cracking via ARP Injection.pdf
Advanced 802.11 Management Frame Analysis.pdf
WPS and WPA Attacks (Reaver, WPA Dictionary, Pixie Dust).pdf
Advanced WPA_WPA2 Attacks (Hole196, PMKID, KRACK).pdf
WPA3 Security Analysis and Dragonblood Roadmap.pdf
GSM Security Vulnerabilities.pdf
GPRS Security Analysis.pdf

Active Directory Attack Chain (AS-REP Roasting, ACL Abuse, DCSync, Golden Ticket).pdf
Buffer Overflow Exploitation on 32-bit Linux.pdf
Initial Access via Malicious LNK Dropper (Meterpreter, LexiCrypt, AV Evasion).pdf
CrushFTP CVE-2024-4040 Attack Chain (Nmap → File Read → PrivEsc).pdf
CSRF Token Bypass via PHP Type Confusion.pdf

common_modulus_attack.py
packet_sniffer.c
session_hijack.py
solve_pwntools_binary_exploitation_script.py

stream_cipher_known_plaintext_attack_cli.py
stream_cipher_integer_attack_cli.py
StreamCipherKnownPlaintextExercise1.java
StreamCipherIntegerAttackExercise2.java
kem_dem_x25519_aesgcm.py
kem_dem_secp256k1_aesgcm.py
```

---

## **Lab Summaries**

Below is a concise overview of all labs included in this portfolio.

---

### **Heartbleed Vulnerability (CVE-2014-0160)**

Exploitation of the Heartbleed OpenSSL memory disclosure vulnerability using Nmap and Metasploit to extract sensitive server memory.

### **Custom Packet Sniffer and Wireshark Analysis**

Implementation of a packet sniffer in C using libpcap, generating PCAP files for protocol inspection in Wireshark.

### **ARP Spoofing Man-in-the-Middle Attack**

Interception of HTTP traffic and credentials through ARP poisoning on a local network.

### **TCP Session Hijacking with Scapy and IP Spoofing**

Hijacking of an active Telnet session by forging TCP packets after ARP-based MITM positioning.

### **Deploying an Authoritative DNS Server (BIND9)**

Full deployment of a DNS server with custom zones, SOA records, name servers, and validation via dig/nslookup.

### **DNS Poisoning Attack with Ettercap**

Redirection of victim traffic by spoofing DNS replies through ARP poisoning and a malicious Apache server.

### **Firewall Rules Using iptables**

Host-based firewall hardening using iptables, validating access controls with Nmap and service testing.

### **OPNsense Firewall Rules**

Creation and verification of access-control rules on an OPNsense firewall applying network segmentation principles.

### **Reverse Engineering and Exploitation (pwntools)**

Automated exploitation of a binary challenge by constructing a valid payload with Python and pwntools.

### **AES-CTR Keystream Reuse Vulnerability**

Recovery of CTR keystream and forging of an administrative token due to improper counter usage.

### **RSA Common Modulus Attack**

Use of the Extended Euclidean Algorithm to recover plaintext from ciphertexts encrypted with different exponents.

### **GPG Encryption, Signing and Verification**

End-to-end use of GPG for encryption, decryption, signing, and signature verification.

### **VPN Deployment with pfSense (OpenVPN)**

Deployment of a secure remote-access OpenVPN server configured on pfSense.

### **SSLstrip Attack (MITM + Bettercap)**

Execution of an HTTPS downgrade MITM attack using Bettercap to intercept HTTP credentials.

### **WiFi Frame Capture and 802.11 Analysis**

Wireless capture of 802.11 frames in monitor mode and analysis of data, control, and management frames in Wireshark.

### **WiFi Deauthentication Attack with Aireplay-ng**

Packet injection to forcefully disconnect clients from an access point using aireplay-ng deauthentication frames.

### **WEP Key Cracking via ARP Injection**

Full WEP key recovery through ARP replay, IV harvesting, and aircrack-ng cracking.

### **Advanced 802.11 Management Frame Analysis**

Examination of beacon, probe request, probe response, and RSN information elements to assess security configuration.

### **WPS and WPA Attacks (Reaver, WPA Dictionary, Pixie Dust)**

Evaluation of WPS weaknesses through online brute force, offline Pixie Dust analysis, and WPA handshake dictionary cracking.

### **Advanced WPA/WPA2 Attacks (Hole196, PMKID, KRACK)**

Investigation of WPA2 vulnerabilities including GTK abuse via Hole196, PMKID offline cracking, and KRACK reinstallation concepts.

### **WPA3 Security Analysis and Dragonblood Roadmap**

Assessment of WPA3 transition mode weaknesses, SAE downgrade concerns, and Dragonblood attack surfaces.

### **GSM Security Vulnerabilities**

Analysis of GSM authentication, encryption (COMP128, A5 ciphers), SIM-related attacks, and rogue BTS interception models.

### **GPRS Security Analysis**

Evaluation of GPRS encryption downgrade risks, backbone exposure, and rogue SGSN attack feasibility.

### **Active Directory Attack Chain: AS-REP Roasting, ACL Abuse, DCSync, and Golden Ticket**

Full Windows domain compromise starting with AS-REP roasting, followed by ACL privilege escalation, DCSync credential extraction, and forging a Golden Ticket for persistent Domain Admin access.

### **Buffer Overflow Exploitation on 32-bit Linux**

Stack-based buffer overflow on a 32-bit Linux binary using GDB to identify buffer offsets, overwrite EIP, and redirect execution to the hidden win() function.

### **Initial Access via Malicious LNK Dropper (Meterpreter + LexiCrypt + AV Evasion)**

Creation of an obfuscated Windows Meterpreter payload using LexiCrypt, compilation of a C++ loader, VirusTotal evasion testing, and delivery via a malicious LNK dropper to obtain a remote shell.

### **CrushFTP CVE-2024-4040 Attack Chain**

Full kill-chain attack beginning with Nmap enumeration, exploitation of CrushFTP CVE-2024-4040 to read sensitive files, SSH key extraction, shell access, and privilege escalation to root via PwnKit.

### **CSRF Token Bypass via PHP Type Confusion**

Exploitation of a CSRF validation flaw caused by PHP array/string type confusion, enabling unauthorized account changes through a crafted malicious HTML form.

---

## **Cryptography Code Implementations (Python & Java)**

### **Stream Cipher Known-Plaintext Attack (Python & Java)**

Python (`stream_cipher_known_plaintext_attack_cli.py`) and Java (`StreamCipherKnownPlaintextExercise1.java`) implementations of a known-plaintext attack recovering the keystream from C1 ⊕ P1 and decrypting C2.

### **Stream Cipher Integer Attack (Python & Java)**

Python (`stream_cipher_integer_attack_cli.py`) and Java (`StreamCipherIntegerAttackExercise2.java`) attacks recovering integer plaintext pairs by enumerating all ASCII digit combinations consistent with C1 ⊕ C2.

### **Hybrid Encryption (KEM–DEM) Implementations**

Two Python examples:

* `kem_dem_x25519_aesgcm.py` (X25519 + HKDF + AES-GCM)
* `kem_dem_secp256k1_aesgcm.py` (SECP256K1 + HKDF + AES-GCM)

Demonstrating hybrid cryptography combining public-key key exchange with symmetric AEAD.

---

## **Tools and Technologies**

### Offensive Security

* Metasploit
* Bettercap
* Ettercap
* pwntools
* Scapy

### Wireless Security

* airmon-ng
* airodump-ng
* aireplay-ng
* aircrack-ng
* hcxdumptool
* hcxpcapngtool
* Reaver
* hostapd (conceptual)

### Network Analysis

* Wireshark
* tcpdump
* Nmap
* libpcap

### Cryptography

* GnuPG (GPG)
* RSA (EEA, modular arithmetic)
* AES-CTR analysis
* Hybrid encryption (KEM–DEM: X25519, SECP256K1, HKDF, AES-GCM)
* XOR-based cryptanalysis (stream ciphers)
* Python and Java cryptographic attack tools

### Infrastructure and Firewalls

* pfSense
* OPNsense
* BIND9
* iptables

### Mobile Network Security

* GSM / GPRS
* COMP128
* A5/1–A5/3
* IMSI/TMSI
* Rogue BTS concepts

### Programming Languages

* Python
* Java
* C
* Bash

---
## Contact

- Name: Tychomira Gkroueva
- GitHub: github.com/tychomiraG
- LinkedIn: https://www.linkedin.com/in/tychomira-gkroueva/

---