All project names, client organisations, and sources are intentionally anonymised. The material presented is a generalised representation of work I have performed, ensuring that no confidential information, internal documentation, or employer-specific assets are disclosed.

This portfolio reflects my personal skills, methodologies, and experience, while fully respecting NDAs, licensing agreements, and professional confidentiality requirements.

These training programs were developed to meet recognised international standards and equip learners with practical, real-world offensive security skills. The courses were aligned with respected global certification bodies to ensure credibility and rigorous methodology.

Advanced Penetration Testing Program: Designed and developed an end-to-end penetration testing curriculum, incorporating approved concepts and authorised learning materials where applicable.

Web Application Security Course: Developed a complete web application security course mapped to modern offensive and defensive practices.

Built and maintained a Proxmox-powered enterprise lab environment consisting of 30+ virtual machines distributed across segmented network zones. The platform supports snapshot-driven attack simulations, red-team exercises, malware analysis, and remote student access. Secure connectivity is provided through a custom OpenVPN gateway.

Designed and deployed multiple purpose-built vulnerable applications and systems for hands-on training and practical assessments. These labs include scenarios covering:

• Web exploitation (XSS, SQLi, SSTI, IDOR)
• Active Directory attack chains (Kerberoasting, ACL abuse, lateral movement)
• Windows & Linux privilege escalation
• SSRF and GraphQL exploitation

All environments were mapped to realistic adversary techniques and integrated into structured learning cycles and practical exercises.