Skip to content
View Bd-Mutant7's full-sized avatar

Block or report Bd-Mutant7

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Bd-Mutant7/README.md

Typing SVG


Support

Discord

GitHub TryHackMe HackTheBox LinkedIn Portfolio Twitter


Profile Views  Followers  Stars   


🧠 Professional Summary

Bd-Mutant7 — Meru University Of Science And Technology Cybersecurity student and penetration testing practitioner based in Kenya 🇰🇪, focused on offensive security and ethical hacking.

  • 🎯 Specializing in Web Application Pentesting, Network Exploitation, and Vulnerability Research
  • 🏴 Active CTF competitor on TryHackMe, HackTheBox, and CTFtime
  • 🛠️ Building security tools and automation scripts with Python & Bash
  • 📋 Currently pursuing eJPT and CompTIA Security+ certifications
  • 🌱 2026 Goal: First bug bounty report + OSCP roadmap entry
  • 🤝 Open to collaborations on security research, CTF teams, and tool development
╔═══════════════════════╗
║   SECURITY PROFILE    ║
╠═══════════════════════╣
║  Role   : Red Teamer  ║
║  Base   : Kenya 🇰🇪    ║
║  Focus  : O/Defensive ║
║  Status : Learning    ║
║  Mode   : Full Send   ║
╚═══════════════════════╝

🛡️ Core Skills

Security & Pentesting

Metasploit Burp Suite Nmap Wireshark Hydra SQLMap Gobuster Hashcat John the Ripper Nikto

Languages & Scripting

Python Bash PowerShell C JavaScript

Platforms & Infrastructure

Kali Linux Linux Docker AWS VirtualBox Git

Security Domains

Domain Topics
🌐 Web App Security SQLi · XSS · SSRF · IDOR · LFI/RFI · CSRF · JWT Attacks
🔌 Network Pentesting Port Scanning · MITM · Sniffing · SMB · FTP · SSH Exploitation
🔐 Password Attacks Brute Force · Hash Cracking · Credential Stuffing · Rainbow Tables
📁 Privilege Escalation LinPEAS · WinPEAS · SUID · Cron Jobs · GTFOBins · Kernel Exploits
🕵️ OSINT & Recon Google Dorks · Shodan · TheHarvester · Maltego · DNS Enumeration
🐛 Vulnerability Research CVE Analysis · ExploitDB · Nuclei · Manual Code Review

🚀 Featured Projects

🔗 Browse all repositories →


📝 CTF Writeups & Research

Documenting every machine, challenge, and vulnerability I learn from.

# Title Category Platform Difficulty Link
01 Visit Repo Web Exploitation TryHackMe 🟢 Easy
02 Visit Repo Privilege Escalation HackTheBox 🟠 Medium
03 Visit Repo Network Pentesting CTF Competition 🔴 Hard

📌 Full writeup collection →


🎓 Certifications

Status Certification Issuer Target Date
🟡 In Progress eJPT — Junior Penetration Tester INE / eLearnSecurity Q2 2026
🟡 Studying CompTIA Security+ CompTIA Q2 2026
⬜ Planned CompTIA PenTest+ CompTIA Q3 2026
⬜ Planned CEH — Certified Ethical Hacker EC-Council Q4 2026
⬜ Planned PNPT — Practical Network Pentester TCM Security 2027
⬜ Planned OSCP — Offensive Security Certified Pro OffSec 2027

🏆 Achievements & Stats

Activity Graph

Platform Progress

Platform Focus Sessions Status
TryHackMe Web, Networks, Privilege Escalation Weekly 🟢 Active
HackTheBox Machines & Pro Labs Weekly 🟢 Active
PortSwigger Web App Vulnerability Labs Daily 🟡 Ongoing
CTFtime All Categories Monthly 🟢 Competing

🛡️ Blue Team — Defense & Detection

"You can't defend what you don't understand. Red team to learn. Blue team to protect."

🔵 Defensive Toolset

Splunk Elastic SIEM Wazuh Snort Wireshark YARA Suricata TheHive Volatility OpenVAS

🔵 Blue Team Domains

Domain Skills & Concepts
📊 SIEM & Log Analysis Splunk SPL · Elastic Stack (ELK) · Log Correlation · Alert Tuning
🚨 Incident Response IR Playbooks · Evidence Collection · Containment · Eradication
🔬 Digital Forensics Volatility · FTK Imager · Autopsy · Memory Analysis · Disk Imaging
🌐 Network Defense Snort/Suricata IDS · Firewall Rules · Traffic Analysis · Anomaly Detection
🦠 Threat Intelligence MITRE ATT&CK · IOC Analysis · YARA Rules · VirusTotal · OSINT
🔒 Endpoint Security Wazuh EDR · File Integrity Monitoring · AV Evasion Detection
🕵️ Threat Hunting Hypothesis-Driven Hunting · Sigma Rules · Timeline Analysis

🔵 SOC Analyst Workflow

┌─── DETECT ───────────────────────────────────────���────────────┐
│  SIEM Alerts → IDS/IPS Triggers → Anomaly Baseline Deviation  │
└──────────────────────────┬────────────────────────────────────┘
                           ▼
┌─── TRIAGE ────────────────────────────────────────────────────┐
│  Alert Validation → False Positive Filtering → Priority Score  │
└──────────────────────────┬────────────────────────────────────┘
                           ▼
┌─── INVESTIGATE ───────────────────────────────────────────────┐
│  Log Correlation → IOC Lookup → TTPs Mapping (MITRE ATT&CK)   │
└──────────────────────────┬────────────────────────────────────┘
                           ▼
┌─── RESPOND ───────────────────────────────────────────────────┐
│  Containment → Eradication → Recovery → Lessons Learned        │
└───────────────────────────────────────────────────────────────┘

🔵 MITRE ATT&CK Coverage

Reconnaissance Initial Access Execution Persistence Privilege Esc Defense Evasion Lateral Movement Exfiltration


🔧 Tools (Quick Reference)

Category Tools
🔴 Scanners Nmap · Masscan · Rustscan · Nikto · Nuclei
🔴 Web Testing Burp Suite · OWASP ZAP · SQLMap · ffuf · Gobuster
🔴 Exploitation Metasploit · ExploitDB · SearchSploit · msfvenom
🔴 Password Hashcat · John the Ripper · Hydra · Medusa · CeWL
🔴 Post-Exploit LinPEAS · WinPEAS · BloodHound · Mimikatz · Impacket
🔴 OSINT TheHarvester · Maltego · Shodan · Recon-ng · Sublist3r
🔵 SIEM Splunk · Elastic/Kibana · Wazuh · Graylog
🔵 IDS / IPS Snort · Suricata · Zeek · OSSEC
🔵 Forensics Volatility · Autopsy · FTK Imager · Binwalk · Strings
🔵 Threat Intel MISP · OpenCTI · VirusTotal · AbuseIPDB · Sigma Rules
🔵 Traffic Wireshark · tcpdump · NetworkMiner · Ettercap
⚙️ Environment Kali Linux · Parrot OS · Docker · VirtualBox · tmux

📬 Contact

Platform Handle Link
📧 Email G-Mail
💼 LinkedIn Soon
🐦 Twitter / X @BdMutant
🔐 TryHackMe 👉
💻 HackTheBox @BdMutant7
💬 WhatsApp Text Only
🌐 Portfolio Live Site

"Security is not a product, but a process." — Bruce Schneier


Visitors


Pinned Loading

  1. Password-Analyzer Password-Analyzer Public

    HTML 18 1

  2. Modern-App-Color-Combos Modern-App-Color-Combos Public

    Research-backed color combinations for modern app development. Includes primary palettes, dark mode variants, luxury styles, and real-world case studies for 15+ app categories. WCAG compliant and …

    14

  3. Cybersecurity-Threats-Guide Cybersecurity-Threats-Guide Public

    Cybersecurity Threats & Vulnerabilities Guide is a comprehensive educational resource that provides detailed documentation, detection scripts, and prevention strategies for various cybersecurity th…

    Python 17 2

  4. awesome-privacy awesome-privacy Public

    Forked from lissy93/awesome-privacy

    🦄 A curated list of privacy & security-focused software and services

    Astro 12

  5. PayloadsAllTheThings PayloadsAllTheThings Public

    Forked from swisskyrepo/PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Python 11 1

  6. recipe-book-app recipe-book-app Public

    This app allows users to effortlessly manage their culinary creations

    TypeScript 11