// DGM-707 / ARSENAL

Arsenal

Red team capabilities, defensive coverage, engineering skills and the tooling I run engagements with.

MODULES: 3
TOOLS: 12
LAST SYNC: today

Offensive

// red team / vapt
Web Application Pentest 92%
AD / Red Team Ops 85%
Vulnerability Research 80%
API Pentesting 82%
Social Engineering / OSINT 78%

Defensive

// purple / soc
SOC L1–L3 Triage 88%
Threat Hunting 83%
IBM QRadar / Cerebro2 80%
Incident Response / DFIR 76%
MITRE ATT&CK Mapping 87%

Engineering

// dev / automation
Python 90%
Bash / PowerShell 85%
Go / C++ 72%
JS / PHP / C# 75%
Linux / Network Eng. 83%

Specializations

// focused areas of operation

Web Application Security

  • OWASP Top 10 + beyond (SSRF, SSTI, HPP, race conditions)
  • Auth & session attacks, JWT abuse, OAuth misconfigs
  • Business logic & IDOR hunting
  • API (REST/GraphQL) pentesting

Red Team / AD

  • Initial access, privilege escalation, lateral movement
  • Kerberos abuse (Kerberoast, AS-REP, Silver/Golden)
  • C2 infra, AV/EDR evasion research
  • Persistence & credential harvesting

Blue / Purple

  • SIEM detection engineering (QRadar rules)
  • Hypothesis-driven threat hunting
  • Log aggregation & anomaly analysis
  • Phishing & awareness testing

Tooling Matrix

// daily-driver stack
Nmap
Amass
Burp Suite
Invicti
Acunetix
ReadyAPI
Metasploit
Hydra
Wireshark
tcpdump
Ghidra
Apktool
IBM QRadar
Cerebro2
Kali / Parrot

Engagement Methodology

// how I run a job
// PHASE 01

Scope & Recon

Rules of engagement, target validation, passive & active recon, attack surface mapping.

// PHASE 02

Exploit & Pivot

Manual testing, exploitation, privilege escalation, lateral movement, persistence validation.

// PHASE 03

Report & Retest

Executive summary, technical findings with PoCs, remediation guidance, retest & sign-off.

OPERATOR: DGM-707 MODULE: ARSENAL COVERAGE: HIGH
v4.7