Nashra β€” offensive-minded dev & bug hunter_

β€’ Hacker β€’ Pentester

About Me

Identity: Nashra Fayyaz _

Objective: Highly motivated Cybersecurity professional with a strong foundation in Information Security.

A fast learner with strong analytical, communication, and problem-solving skills, poised to contribute to and advance in cybersecurity. _

Status: Evolving _

Contact

Email

bugnashbug@gmail.com

LinkedIn

Contact Me

GitHub

Check my passion

Medium

Check my writeups

Skills

    Languages

    Tools

    Operating Systems

    Frameworks

    Soft Skills

Projects

πŸ₯Ά WinArmor

β€’ Automation tool consolidating Windows Defender scans, firewall status, local user audits, disk usage, and threat detection. _

β€’ Reduced ~70% of manual effort required to run multiple PowerShell commands for endpoint security checks._

β€’ Automated timestamped HTML report generation to improve consistency, visibility, and repeatability of security assessments in lab environments._

😈 1337-Active Directory

β€’ Built a complete Active Directory lab with a domain controller, multiple user machines, and Kali Linux as the attack platform. _

β€’ Executed 10+ real-world attacks including LLMNR/NBT-NS poisoning, SMB relay, IPv6 DNS takeover, pass-the-hash, pass-the-password, and Kerberoasting._

β€’ Implemented Active Directory hardening policies and security controls, mitigating approximately 80% of tested attack vectors._

πŸ•·οΈ Web Application Penetration Test – OWASP Juice Shop

β€’ Conducted a full-scope web application penetration test following standard methodology: Enumeration β†’ Discovery β†’ Exploitation β†’ Remediation. _

β€’ Guided learners through top 4+ web attacks like SQL injection, authentication bypass, broken access control (IDOR/HPP), and business logic vulnerabilities with step-by-step demonstrations. _

β€’ Delivered a professional penetration testing report with clear POCs, impact analysis, severity ratings, and security-focused remediation guidance, aligned with OWASP Top 10 risks. _

πŸ‘Ύ SubVoid

β€’ Developed a Bash-based automation tool integrating Subfinder, Assetfinder, and Httpx, reducing manual reconnaissance effort by ~95%. _

β€’ Implemented domain validation, dependency checks, safe exits, structured timestamped workspaces, and multi-port scanning for large-scale discovery._

β€’ Added CLI arguments, result sorting and deduplication, and optional Discord webhook alerts to improve usability and workflow efficiency. _

πŸ§Ÿβ€β™‚οΈ Monster_logger

β€’ Implemented keystroke logging with special key handling and clipboard monitoring (text and images) using state-based duplicate prevention (~90%). _

β€’ Extracted Windows WLAN credential information with controlled execution and an emergency F12 kill switch._

β€’ Performed structured data exfiltration via Discord webhooks, handling both JSON data and binary image uploads. _

Banger revealing soon

Blogs

TryHackMe

link icon 1. Intranet >> November 2025 reverse shellLFIRCELinux Privilege Escalation

link icon 2. Scripting >> October 2025 Python

link icon 3. Royal Router >> October 2025 IOT

link icon 4. Pyrat >> October 2025 nmapnetcatpythonLinux Privilege Escalation

link icon 5. Carnage >> September 2025 Wiresharkvirustotal

link icon 6. Warzone 1 >> September 2025 WiresharkBrimVirustotal

link icon 7. Warzone 2 >> September 2025 WiresharkBrimVirustotal

link icon 8. ToolsRUs >> September 2025 DirbusterHydraNmapNiktoMetasploit

Experience

Education

                    kali@kali
                    ---------
                OS: Kali GNU/Linux Rolling x86_64

                Education:

                MSc β€” Computer Science & Cybersecurity
                      University of the West of England
                      OCT 2023 – OCT 2024

                BSc β€” Cybersecurity & Digital Forensics
                      University of Sunderland
                      MAR 2019 – MAR 2022
[Overgraph] 0:vpn- 1: scanning* 10.10.14.26 10.10.11.157