mindhackdiva|hackherway|d0midigi 👨‍💻 Penetration Tester Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.

🛠️ Expertise Web Application Security: Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches Exploit Development: Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios Security Research: Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs 💻 Tech Stack & Skills Python Bash PowerShell x86 Assembly C++ C# Metasploit Burp Suite Wireshark Nmap OWASP ZAP IDA Pro Kali Linux Windows Linux Active Directory AWS 🔬 Latest Research & Blog Articles Living Off the Land: Windows Post-Exploitation Without Tools Nov 28, 2025 Finding and Exploiting CVE-2025-50674 in OpenMediaVault Aug 24, 2025 Mythic C2 with EarlyBird Injection and Defender Evasion Jun 26, 2025 Breaking ADCS: ESC1 to ESC16 Attack Techniques Jun 4, 2025 From Zero Creds to Enterprise Admin May 20, 2025 XSS to Account Takeover & Data Exfiltration Apr 24, 2025 VirtualProtect DEP Bypass: Step-By-Step Exploit - Apr 8, 2025 Social Engineering in Red Team Operations: Technical Setup and Tools - Apr 1, 2025 C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations - Mar 25, 2025 Mastering x86 Shellcode: A Deep Dive into Calculator-Launching Payload Development - Mar 18, 2025 🛠️ Open Source Security Tools AspXVenom: Generates encoded shellcode and embeds it into ASPX webshells for .NET environments testing AutoMSF: Python script for generating and deploying multiple types of Meterpreter reverse_https payloads MacroPhantom: Creates XOR+Caesar encrypted shellcode and embeds it into VBA macros for Office documents GoPhish-Deploy: Automates deployment of the GoPhish phishing framework with SSL and secure defaults InterceptReady: Toolkit for configuring Android emulators with Frida and Burp Suite for mobile security testing 🔐 CVEs Discovered CVE-2025-50674: Privilege escalation vulnerability in OpenMediaVault CVE-2024-32136: SQL injection vulnerability in database systems CVE-2023-0830: Vulnerability in EasyNAS backup allowing arbitrary command execution with root privileges CVE-2024-0365: System components security flaw allowing privilege escalation CVE-2024-0399: Critical vulnerability affecting data integrity and confidentiality CVE-2024-0405: Input validation vulnerability leading to remote code execution CVE-2024-0566: SQL injection vulnerability allowing data exfiltration CVE-2024-30240: Critical SQL injection vulnerability allowing authentication bypass CVE-2024-31370: Injection vulnerability allowing arbitrary code execution CVE-2024-33911: Vulnerability affecting system configurations and security controls 🔗 Connect with me GitHub Twitter LinkedIn HackTheBox Medium Website Email