// DGM-707 / ARSENAL
Arsenal
Red team capabilities, defensive coverage, engineering skills and the tooling I run engagements with.
MODULES: 3
TOOLS: 12
LAST SYNC: today
TOOLS: 12
LAST SYNC: today
Offensive
// red team / vapt
Defensive
// purple / soc
Engineering
// dev / automation
Specializations
// focused areas of operationWeb Application Security
- OWASP Top 10 + beyond (SSRF, SSTI, HPP, race conditions)
- Auth & session attacks, JWT abuse, OAuth misconfigs
- Business logic & IDOR hunting
- API (REST/GraphQL) pentesting
Red Team / AD
- Initial access, privilege escalation, lateral movement
- Kerberos abuse (Kerberoast, AS-REP, Silver/Golden)
- C2 infra, AV/EDR evasion research
- Persistence & credential harvesting
Blue / Purple
- SIEM detection engineering (QRadar rules)
- Hypothesis-driven threat hunting
- Log aggregation & anomaly analysis
- Phishing & awareness testing
Tooling Matrix
// daily-driver stackNmap
Amass
Burp Suite
Invicti
Acunetix
ReadyAPI
Metasploit
Hydra
Wireshark
tcpdump
Ghidra
Apktool
IBM QRadar
Cerebro2
Kali / Parrot
Engagement Methodology
// how I run a job// PHASE 01
Scope & Recon
Rules of engagement, target validation, passive & active recon, attack surface mapping.
// PHASE 02
Exploit & Pivot
Manual testing, exploitation, privilege escalation, lateral movement, persistence validation.
// PHASE 03
Report & Retest
Executive summary, technical findings with PoCs, remediation guidance, retest & sign-off.