Subrat Samantaray

Completed the OWASP Juice Shop room on TryHackMe with 100% completion. Learned and practiced web vulnerabilities, SQLi, authentication flaws, and OWASP Top 10 concepts hands-on. tryhackme.com/room/owaspjuic… #tryhackme via @tryhackme #OWASP #CyberSecurity #WebSecurity #EthicalHacking

Pentest pricing: The more you know, the more expensive you become 😂

I just completed OWASP API Security Top 10 - 1 room on TryHackMe! Learn the basic concepts for secure API development (Part 1). Took a reset, now back to the grind🔥🔥🔥 tryhackme.com/room/owaspapis… #tryhackme via @tryhackme

@BugBountyDEFCON @MontyBehra @pandey_sas87454 @ALISHA_SAHOO12

IT'S GIVEAWAY SEASON! We will pick 6 winners to win one of the following: 1x Annual VIP Hack The Box Licence 5x Pentesterlab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Tag 3 hacker friends in the comments 4️⃣ Retweet this post 🔁 Giveaway open until Thursday May 14th! GOOD LUCK!

This is just the beginning. @arcenpayhq

Completed DeFi Protocols Learned: • ERC20 tokenization • Stablecoin mechanisms • Collateral, Minting, Health Factor, Liquidation • Oracle heartbeat & stale price risks • Stateless vs Stateful testing • Stateful fuzz testing (Handler) #Web3 #DeFi #Solidity #Foundry

@MontyBehra Smart move—turning defense into deception 👏 ESP32 honeypot with Telegram alerts is a clean and effective idea. Curious if you're logging attack patterns for analysis?

Developed an IoT Honeypot on an ESP32 Using Telegram🪤: Instead of blocking attackers, lure them into a trap. I deployed a fake login page on the ESP32, which generates alerts on two source phones, sends notifications via Telegram, and displays messages on an LCD screen.

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣| every successful hacker had to start somewhere |＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

Just rooted HackTheBox Season 10 – Facts 💻🔓 Chained web vuln (CVE) → AWS key leak → S3 enum → SSH access → sudo misconfig → root via facter. A perfect example of how small misconfigurations can lead to full compromise. #HackTheBox #CyberSecurity #CTF #Pentesting

+1 today 🎂 thankful for everything so far.

Learned about Redis today 🔐 Fast, powerful… but misconfigured instances = serious security risk ⚠️ Small mistake → full system compromise. #Redis #CyberSecurity #CTF #HackTheBox

Free tier. Real skills. 💥 Cleared multiple HTB Starting Point machines (Meow, Fawn, Dancing, Redeemer) Building from the ground up—one box at a time. #HTB #EthicalHacking #CyberSec

@vinay_19d Great let's connect

@0xSubrat 12th one is meee

DEFCON Pune CTF in progress ⚔️ Top 9 (for now) — let’s see where it ends 🚀 #CTF #InfoSec

First CTF experience and it was 🔥 Participated in DEFCON Pune’s CTF7 on March 28, secured 10th place and captured 17/31 flags 🏁 Learned a lot, broke a lot, and definitely got hooked 😄 This is just the beginning. #CTF #CyberSecurity #DEFCON #LearningByDoing

🧠 Final Takeaways: > Enumeration is the most critical phase > Version detection reveals real vulnerabilities > Weak configs + known exploits = full compromise > Data exfiltration is the real objective Think like an attacker ⚡ #EthicalHacking #RedTeam

Step 10: Data Exfiltration cd /home/msfadmin/test ls → found test.txt download test.txt File successfully extracted 📥 Goal of attacker: Access + extract sensitive data.

Doing FTP Enumeration & Exploitation Target: 192.168.29.157 (Metasploitable) Objective: → Identify services → Find misconfigurations → Exploit vulnerabilities → Extract data Full attack chain breakdown 👇 #CyberSecurity #Pentesting