Dashboard

About Me

Hi, I’m Sandiso 👋 — a Penetration Tester / Ethical Hacker with a strong focus on offensive security, web application testing, network exploitation, and attack simulation. I have hands-on experience identifying, exploiting, and reporting security vulnerabilities, supported by solid fundamentals in networking, Linux, and Python scripting. My offensive security skills are backed by strong IT and networking foundations, validated through CompTIA (A+, Network+, Security+) and Cisco CCNA certifications, alongside intensive hands-on training from the HyperionDev Cybersecurity Bootcamp.

I have completed TryHackMe’s Pre-security, web fundamentals, Cyber Security 101 and Junior Penetration Tester learning paths, gaining practical experience in reconnaissance, enumeration, privilege escalation, web application exploitation, vulnerability assessment, and penetration testing methodologies across Linux-based environments.

My core focus is offensive security, leveraging tools such as Nmap, Burp Suite, Metasploit, Nessus, and custom Python scripts to simulate real-world attacks. I also maintain working knowledge of defensive operations — including SIEM monitoring (Splunk), SOC workflows, and incident response fundamentals — enabling me to better understand, evade, and challenge defensive controls during security assessments.

🧰 Tools & Technologies

Tool	Description
🐍 Python	Scripting, automation & data handling
🌐 HTML, CSS, JS	Responsive web design & interactivity
💻 VS Code	Primary development environment
🐧 Linux	Command-line mastery, system administration & security tooling
💣 Metasploit	Exploitation framework for penetration testing & vulnerability research
🔐 TryHackMe	Hands-on cybersecurity training
🧠 Git & GitHub	Version control & collaboration
📡 Wireshark	Network traffic analysis & packet inspection
📊 Splunk (SIEM)	Log analysis, monitoring & incident detection
☁️ Hosting	GitHub Pages, Netlify, or local servers

Hands-On Offensive Experience

Area	Experience
Web Application Security	Identified and exploited common web vulnerabilities (OWASP Top 10) through labs and simulated environments
Windows Active Directory Labs	Configured Windows Server 2019 environments for AD attacks and privilege escalation practice
Penetration Testing Labs	Conducted reconnaissance, exploitation, and reporting across TryHackMe offensive pathways
Incident Awareness	Developed understanding of SOC detection and IR processes to improve stealth and attack realism

🚀 Projects and Case studies

Bookstore Inventory

Python & SQLite inventory system.

View on GitHub

Metadata GUI

Digital forensics metadata editor.

View on GitHub

Task Manager

Task tracking and reporting system.

View on GitHub

TryHackMe Labs

Completed paths on tryhackme.

View on GitHub

EternalBlue Exploit

MS17-010 Windows exploit.

View more on GitHub

Metasploitable 1 – Penetration Test

Vulnerable Linux VM exploited in a controlled lab environment. Focused on service enumeration, exploitation, and privilege escalation.

🔍 Enumeration: Nmap, service/version detection
🧨 Exploitation: Telnet, FTP, vulnerable services
⬆️ Privilege Escalation: SUID binaries & misconfigurations
🛠 Tools: Metasploit, LinEnum, manual exploitation

View Write‑up

Metasploitable 2 – Remote Root Exploitation

Hands-on penetration testing lab focused on identifying vulnerable services and exploiting real-world misconfigurations in a controlled environment.

🔍 Enumeration: Nmap host & service version scanning
🧨 Exploitation: vsFTPd 2.3.4 backdoor (root shell)
📦 Post-Exploitation: System enumeration & credential access
🛡️ Defensive Insight: Risk analysis & mitigation recommendations

View Write-up

Basic Pentesting – ProFTPD Backdoor

Real-world style penetration testing case study completed during a cybersecurity bootcamp. Focused on service enumeration, vulnerability research, exploit validation, and professional reporting.

Penetration Testing
Metasploit
Nmap
Linux
Bootcamp Case Study

View Case Study

Mr. Robot CTF – Web App Penetration Test

End-to-end penetration testing of a vulnerable WordPress web application performed in a controlled lab environment.

🔍 Network & web enumeration
👤 WordPress user enumeration
🔐 Credential attacks (Hydra)
💥 Metasploit exploitation
⬆️ Linux privilege escalation (SUID)

View Write-up

Wireshark Network Traffic Analysis

Hands-on network traffic analysis using Wireshark to identify normal and anomalous behavior within a local network environment. Focused on protocol inspection, ARP behavior, and traffic interpretation.

📡 Captured and analyzed live network traffic
🧭 Investigated ARP broadcast requests and address resolution
🔍 Identified protocols: ARP, TCP, UDP, TLS, QUIC
🛡️ Applied traffic analysis techniques used in SOC environments
🧼 Sanitized captures to follow OPSEC and data-handling best practices

View Analysis

OWASP Juice Shop – SQL Injection

Web application penetration testing case study focused on identifying and exploiting an authentication bypass vulnerability caused by insecure SQL query handling.

🔐 Vulnerability: SQL Injection (Authentication Bypass)
🧪 Target: OWASP Juice Shop (intentionally vulnerable app)
📡 Tested login API using Burp Suite
📊 Impact analysis aligned with OWASP Top 10
🛡️ Documented remediation and secure coding practices

View Case Study

Web App Security Testing Lab – SQLi & XSS

Custom-built vulnerable Flask web application used to simulate a real-world web application penetration test. Focused on manual SQL Injection and XSS testing using Burp Suite.

🧪 Manual SQL Injection testing (authentication bypass)
🔍 Reflected XSS testing with false-positive analysis
📡 HTTP interception & manipulation using Burp Suite
🛠 Flask, SQLite, Jinja2 templating
🛡️ Secure coding & mitigation recommendations

View Project

Skills & Tools

Cybersecurity

Pen testing & defense

Networking

Routing, switching, TCP/IP

System Admin

Windows Server & Linux

Web Dev

HTML, CSS, JS, Python

Version Control

Git & GitHub

Hosting

GitHub Pages, Netlify

Detailed Skills Overview

Skill	Tools / Technologies	Experience Level	Rating
Cybersecurity	Nmap, Burp Suite, Metasploit, LinPEAS, Wireshark	Junior or entry-level	n/a
Networking	Cisco Routers, Switches, TCP/IP, Wireshark	Junior or entry-level	n/a
System Admin	Windows Server, Linux, Active Directory	Junior or entry-level	n/a
Web Development	HTML, CSS, JavaScript, Python, Firebase	Junior or entry-level	n/a
Version Control	Git, GitHub, GitHub Pages	Junior or entry-level	n/a
Hosting	Netlify, GitHub Pages	Junior or entry-level	n/a

About Me

🧰 Tools & Technologies

Hands-On Offensive Experience

🚀 Projects and Case studies

Bookstore Inventory

Metadata GUI

Task Manager

TryHackMe Labs

EternalBlue Exploit

Metasploitable 1 – Penetration Test

Metasploitable 2 – Remote Root Exploitation

Basic Pentesting – ProFTPD Backdoor

Mr. Robot CTF – Web App Penetration Test

Wireshark Network Traffic Analysis

OWASP Juice Shop – SQL Injection

Web App Security Testing Lab – SQLi & XSS

Events & Updates

Cybersecurity Engineering Bootcamp

Penetration Testing Lab Project

Cybersecurity Challenges & CTF Labs

Personal Cybersecurity Project

Skills & Tools

Cybersecurity

Networking

System Admin

Web Dev

Version Control

Hosting

Detailed Skills Overview

📄 CV & Cover Letter

Curriculum Vitae

Cover Letter

Get in Touch

🔐 Cyber Security Lab

🔐 Authorized Web Security Scan

Cyber Security Knowledge Assessment

Select Difficulty Level

Question will appear here...

Assessment Complete

🔐 Crypto Playground

🔒 HTTPS & TLS Validation

🔍 Input Field Analysis