Cybersecurity Portfolio of Belizaire Bassette II

Overview: Compromised a Linux-based target using a structured penetration testing methodology. Identified and exploited a Local File Inclusion (LFI) vulnerability, escalated it to Remote Code Execution (RCE) via log poisoning, established a reverse shell, and chained multiple misconfigurations to achieve full root compromise.

Attack Chain: Reconnaissance → Directory Enumeration → LFI Discovery → LFI-to-RCE → Reverse Shell → Cron Abuse → SUID Binary Analysis → PATH Hijacking.

Key Takeaways: Demonstrates real-world exploit chaining, manual testing discipline, and the ability to translate technical flaws into concrete security impact.

Overview: Reviewed pfSense WAN/LAN rules, identified weaknesses, and executed both guided (white-box) and unguided (black-box) penetration tests. Used Nessus, Nmap, Traceroute, and OpenVAS to map hosts, enumerate services, and analyze CVEs. Hardened firewall policies, reduced attack surface, and rescanned to confirm that changes removed vulnerabilities without breaking legitimate access. Completed a DMZ assessment to evaluate best practices and common mistakes.

Key Takeaways: Practiced the full five-step penetration testing methodology (recon → scanning → vulnerability analysis → exploitation planning → remediation). Strengthened firewall hardening skills, vulnerability triage, and DMZ design analysis while balancing security, usability, and business needs.

Overview: Performed comprehensive scans from a Kali Linux environment, enumerating open ports, services, and misconfigurations. Documented critical, high, and medium-risk findings and mapped them to concrete remediation steps such as patching, disabling legacy protocols, and tightening firewall rules.

Key Takeaways: Improved my ability to translate scan output into actionable fixes and communicate risk clearly to technical and non-technical stakeholders through a structured report.

Overview: Intercepted HTTP login requests with Burp Suite, extracted POST parameters, and used Hydra to automate credential guessing. Evaluated the impact of weak passwords and lack of rate limiting on authentication endpoints, then documented defenses such as MFA, account lockout policies, and stronger password requirements.

Key Takeaways: Gained practical experience with web attack tooling, authentication weaknesses, and the security controls that can stop brute-force attacks before they escalate.

Overview: Simulated the full ransomware lifecycle: built a dropper, delivered it via phishing, executed the payload to encrypt victim files, and then performed recovery using a private key. Explored exploits like EternalBlue and observed host behavior during and after infection.

Key Takeaways: Reinforced the importance of offline backups, timely patch management, email security controls, and a rehearsed incident response plan when dealing with ransomware.

Overview: Implemented symmetric and asymmetric encryption using Kleopatra, OpenSSL, WinSCP, and Linux tools (echo, touch, ls, gpg) to encrypt, sign, transfer, and verify data between systems. Demonstrated how encryption and digital signatures secure communication channels.

Key Takeaways: Strengthened understanding of cryptographic principles, public/private key pairs, digital signatures, and hybrid encryption systems that uphold confidentiality, integrity, and authentication.

Overview: Tested API endpoints for broken object level authorization (BOLA/IDOR), excessive data exposure, and weak access control. Captured request/response evidence, wrote reproduction steps, and documented secure design guidance.

Overview: Built repeatable testing checklists and report templates that translate findings into clear remediation steps. This section will include sanitized writeups and vulnerability narratives as they are finalized.