S
a
l
a
m
(
)
;
I
'
m
H
a
n
z
a
l
a
G
h
a
y
a
s
A
b
b
a
s
i
I
d
e
t
e
c
t
w
e
a
k
n
e
s
s
&
s
e
c
u
r
e
n
e
t
w
o
r
k
.
Cybersecurity enthusiast with hands-on experience in IT infrastructure, CTF organization, and web application security. PNPT-certified, with strong skills in penetration testing, vulnerability research, and secure software development. Passionate about digital rights and continuous learning.
I'm Hanzala Ghayas Abbasi, passionate about digital rights and cybersecurity. I have experience in IT infrastructure management, organizing Capture The Flag (CTF) events, web application security, and technical writing. I actively develop skills in penetration testing, vulnerability research, and secure software development.
I contribute regularly to the infosec community through writing and CTF participation, and I am seeking opportunities to apply and further enhance my cybersecurity expertise.
NMAP
METASPLOIT
KALI LINUX
BURP SUITE
WIRESHARK
PYTHON
OWASP ZAP
SQLMAP
MALTEGO
JOHN THE RIPPER
HASHCAT
NESSUS
Tackled advanced CTF challenges on platforms like TryHackMe, HackTheBox, CTFtime, and PortSwigger.
Developed vulnerable web apps to simulate real-world flaws and improve bug hunting skills. Guided participants through complex security challenges and debugging, ensuring strong engagement.
Completed all labs on PortSwigger, gaining in-depth practical knowledge in web application security testing. Developed comprehensive PoC for vulnerabilities identified during the lab exercises, demonstrating proficiency in detecting and addressing web application security flaws.
Built and configured a full Active Directory lab on VMware with DNS, DHCP, domain controllers, users, and GPOs. Simulated attacks like password spraying, Kerberoasting, and lateral movement using BloodHound and Mimikatz.
Implemented a strong password policy with length and complexity requirements. Enabled real-time login monitoring, mitigated SQL injection with parameterized queries, and secured passwords using bcrypt hashing.
Created a database-free phishing simulation to showcase common tactics and prevention methods, offering an interactive learning experience on phishing risks.
Developed a secure password generator to enhance user security with complex passwords while ensuring a user-friendly experience.
Passed the PNPT exam on the first attempt. This post shares my experience, tips, and what to expect during the assessment.
Read More
A walkthrough of my web challenge solutions for BlackHat MEA 2024 Qualifiers with key techniques and learning takeaways.
Read More
Breakdown of the web challenges I authored for Blitzstorm CTF 2024, including vulnerabilities and intended exploitation paths.
Read More
Step-by-step exploitation of an LFI and nginx misconfig to gain access and escalate privileges in the Ignite 2023 CTF machine.
Read More
Explains how improper parsing in `urlparse` can lead to security bypasses, with a focus on CVE-2023-24329 and its impact.
Read More
Complete guide to solving all Web Cache Deception labs on PortSwigger, with concepts and techniques used in real-world attacks.
Read More
Covers service enumeration, brute-forcing, and Linux privilege escalation techniques in the TryHackMe Basic Pentesting room.
Read More
Beginner-friendly write-up for HTB’s Devel machine using public exploits to demonstrate misconfigured services and privilege gain.
Read More