CEH • Red Teaming • OSINT • VAPT • CTF

Nehal Choudhury

nehal@portfolio:~

$ whoami

Offensive security learner focused on ethical hacking, vulnerability assessment, web security testing, CTFs, reconnaissance, enumeration, exploitation, and privilege escalation.

$ |

Download CV View Projects Contact Me
0 PicoCTF Writeups
0 Juice Shop Findings
0 Security Projects
Profile placeholder for Nehal

STATUS: OPEN_TO_SECURITY_ROLES

FOCUS: RED_TEAMING / OSINT / VAPT

About

Security-Minded, Hands-On, and Documentation Focused.

Profile Summary

Cybersecurity enthusiast with practical experience in offensive security, ethical hacking, and vulnerability assessment through hands-on labs, CTF challenges, and web security testing. Skilled in reconnaissance, enumeration, vulnerability exploitation, and privilege escalation across Linux and web environments.

Comfortable using industry-standard tools including Nmap, Gobuster, Dirb, Burp Suite, Metasploit, Maltego, WHOIS, and DNS enumeration, with strong interest in red teaming, OSINT, and real-world security assessment workflows.

> Reconnaissance and enumeration
> Web exploitation and API testing
> Linux privilege escalation
> CTF challenge writeups
> VAPT reporting and remediation notes

Skills

Technical Skill Map

Offensive Security

  • Penetration Testing
  • Vulnerability Analysis & Exploitation
  • Privilege Escalation
  • CTF Problem Solving

Reconnaissance & Intelligence

  • OSINT & Reconnaissance
  • Network Scanning & Enumeration
  • Wireless & Network Security

Web Application Security

  • Web Application Security
  • SQL Injection & XSS
  • Authentication Bypass & Access Control

Defensive & Analysis

  • IDS/Firewall Evasion
  • Malware Analysis
  • Cryptography Basics

Security Tools

  • Nmap
  • Gobuster & Dirb
  • Burp Suite
  • Metasploit
  • Maltego
  • WHOIS & DNS Enumeration
  • Kali Linux
  • Packet Sniffing Tools

Programming Languages

  • Python
  • Bash Scripting
  • Security Scripting
  • Command Line Tools
  • C
  • C++
  • C#
  • Java
  • HTML
  • CSS
  • JavaScript
  • React

Experience

Cybersecurity Experience and Training

09/2025 – 02/2026 • Remote

Cyber Security and Ethical Hacker Intern

Creative IT Institute

  • Performed hands-on security assessments on Linux and web targets through boot-to-root labs, web exploitation exercises, and CTF-based problem solving.
  • Conducted reconnaissance and vulnerability discovery using Nmap, Gobuster, Dirb, and Burp Suite.
  • Exploited SQL injection, XSS, arbitrary file write, authentication bypass, and broken access control in controlled environments.
  • Practiced privilege escalation through kernel exploit analysis, SUID binary analysis, credential recovery, and reverse shell access.
  • Produced technical writeups for lab exercises and 40+ PicoCTF challenges.

10/2024 – 06/2025 • Dhaka, Bangladesh

Certified Ethical Hacker Training

Creative IT Institute

  • Completed Cyber Ethical Hacker program.
  • Covered reconnaissance, scanning, enumeration, vulnerability analysis, exploitation, system hacking, malware analysis, sniffing, social engineering, web security, wireless hacking, IDS/firewall evasion, cryptography, and scripting.

Additional Experience

Chef and Customer Handling — Buffalo Wild Wings Sales Associate — Jewelry Hut Design Chief Human Resources Officer — AlignDots Head of Photography — ZZAEN Head Photographer — Chowdhury Car House Freelance Editor — Navana Real Estate Ltd.

Projects

Security Labs, Reports, and CTF Work

02/2026

MATRIX-BREAKOUT: 2 MORPHEUS

Boot-to-Root CTF Challenge

Full boot-to-root exploitation with arbitrary file write and privilege escalation.

  • Arbitrary file write exploitation using Burp Suite.
  • PHP reverse shell for initial access and persistence.
  • Dirty Pipe CVE-2022-0847 privilege escalation to root.
CTFBurp SuiteDirty Pipe
View on GitHub
01/2026

The Planet: Earth Complete Vulnerability Report

Boot-to-Root Security Lab

Full boot-to-root compromise through credential recovery and SUID exploitation.

  • XOR payload decoding for credential recovery and authentication bypass.
  • Base64-encoded Netcat reverse shell deployment for initial access.
  • Custom SUID binary analysis with ltrace for privilege escalation.
LinuxSUIDReverse Shell
View on GitHub
12/2025

Project Juice-Shop

Web Application Security Assessment

Identified and exploited 25+ web vulnerabilities in OWASP Juice Shop.

  • SQL Injection and XSS exploitation through manual and Burp Suite testing.
  • Access control bypass and API abuse techniques.
  • OSINT and metadata analysis for information disclosure.
Web SecuritySQLiXSS
View on GitHub
11/2025

PicoCTF Challenge Writeup

CTF / Cybersecurity Lab

Solved and documented 40+ PicoCTF challenges across web security, digital forensics, cryptography, and debugging.

  • SQLi, SSTI, and client-side authentication bypass.
  • Forensic analysis and metadata extraction.
  • Cipher decoding and hash cracking.
CTFForensicsCrypto
View on GitHub
09/2025

VAPT Report on Metasploitable2

Network and Web Reconnaissance Module

Conducted end-to-end vulnerability assessment and penetration testing on a simulated target using OWASP, NIST SP 800-115, and PTES methodologies.

  • Nmap, Metasploit, Maltego, WHOIS, and DNS enumeration.
  • Identified RCE, privilege escalation, weak crypto, and vsFTPd 2.3.4 backdoor.
  • Achieved root access and prepared risk/remediation report.
VAPTMetasploitPTES
View on GitHub
08/2025

PATH TRAVERSAL VULNERABILITY TESTING REPORT

Web Application Security Assessment

Comprehensive assessment of path traversal vulnerabilities and remediation.

  • Identified path traversal instances and bypass techniques including URL encoding.
  • Proof of Concept demonstrations for sensitive file and configuration access.
  • Remediation recommendations including input validation and path canonicalization.
Path TraversalWeb SecurityRemediation
View on GitHub
08/2025

SERVER-SIDE VULNERABILITY REPORT

Web Application Security Assessment

Comprehensive VAPT assessment identifying 15 server-side vulnerabilities with interactive dashboard.

  • Identified critical SQL Injection, OS Command Injection, RCE, and authentication bypass vulnerabilities.
  • Interactive dashboard built with HTML, Tailwind CSS, and Chart.js for risk visualization.
  • Detailed remediation recommendations including input validation and secure authentication practices.
SQL InjectionSSRFRCE
View on GitHub
🔍 07/2025

PROJECT APOCRYPHA

Network Intelligence Gathering Module

Multi-purpose network and web reconnaissance module for comprehensive cybersecurity intelligence gathering.

  • Shadow Mask, DEDTrace, CTOS Scan, and Oghma Infinium intelligence modules for network profiling.
  • Advanced IP and MAC spoofing capabilities with DNS and domain analysis tools.
  • Comprehensive web infrastructure reconnaissance and network information gathering functions.
PythonKali LinuxReconnaissance
View on GitHub
07/2025

GODZILLA-WORDLIST-GENERATOR

Python CLI Tool

Lightweight cross-platform command-line tool for generating custom wordlists efficiently.

  • Custom wordlist generation with predefined/custom character sets, min/max length, and pattern matching.
  • Memory-efficient generation using Python's itertools library for one-by-one password creation.
  • Progress reporting and flexible output to console or file export with summary reporting.
PythonToolsCLI
View on GitHub

Certifications

Training and Certificates

Certified Ethical Hacker (CEH) — Creative IT Institute
Google Cybersecurity — Google
Ethical Hacker — Cisco
Palo Alto Networks Network Security Fundamentals
Palo Alto Networks Security Operations Fundamentals
Threat Analysis - Cisco

Education

Academic Background

01/2026 – Present

Associate of Arts and Sciences - AAS, Cyber Security (Transferred)

Community College of Baltimore County

Baltimore, Maryland, USA

2021 – 2025

Bachelor of Science in Computer Science & Engineering (Incomplete)

North South University

Dhaka, Bangladesh

2018 – 2020

Higher Secondary Certificate (HSC)

Bangladesh Navy School & College

Dhaka, Bangladesh

2016 – 2018

Secondary School Certificate (SSC)

Monipur High School & College

Dhaka, Bangladesh

Languages

Linguistic Proficiency

English

  • Professional Working Proficiency
  • Technical Writing
  • Documentation

Bengali

  • Native Speaker
  • Fluent Reading & Writing
  • Professional Communication

Hindi

  • Professional Working Proficiency
  • Fluent Speaking
  • Conversational

Urdu

  • Professional Working Proficiency
  • Fluent Speaking
  • Conversational

Contact

Let's Connect Securely.

For cybersecurity roles, collaborations, CTF work, or project discussions, use the links below.

Email nehalclickz@gmail.com Best for formal inquiries & opportunities
Phone +1 (443) 909-6725 For urgent matters & direct discussion
Location Windsor Mill, MD, USA Eastern Time Zone • Available for meetings
LinkedIn Nehal Choudhury Professional network • Work history & skills
GitHub Nehal-Choudhury Code portfolio • CTF writeups • Projects