What it is:
A hands-on penetration testing lab focused on identifying and exploiting Windows vulnerabilities using industry tools, followed by post-exploitation and privilege escalation techniques in a controlled virtual environment.
What I did:
Performed network reconnaissance using Nmap to identify open ports and SMB vulnerabilities. Exploited the MS08-067 vulnerability on Windows XP using Metasploit Framework and established a Meterpreter session. Tested EternalBlue (MS17-010) against modern systems, generated and delivered custom payloads to a Windows 7 machine, and conducted post-exploitation tasks including system enumeration, file manipulation, privilege escalation, and creating administrative backdoor accounts.
What I learned:
Learned how attackers identify and exploit vulnerabilities in outdated systems and why legacy systems pose significant risks. Gained experience in the full attack lifecycle: reconnaissance, exploitation, persistence, and post-exploitation. Also learned why modern systems (e.g., Windows Server 2022) are more resistant to older exploits due to updated security controls and patches.