Yuvraj Singh
Cybersecurity, Offensive Security & SOC
LinkedIn · Hack The Box (0xz7ro)
Summary
B.E. Computer Science Engineering graduate (CGPA 9.18/10, Chitkara University, 2024). Ranked 153rd of 9,300+ participants in Hack The Box Season 7. Published a working proof-of-concept for CVE-2025-57819, an unauthenticated SQL injection to RCE chain in FreePBX, covering the full path from injection through a cron-based webshell to root privilege escalation. Built a home lab replicating enterprise attack/defense scenarios, including an Active Directory domain, pfSense, and a Security Onion SIEM, for both offensive practice and detection work. CEH exam scheduled July 2026. Looking for an entry-level SOC Analyst or Junior Penetration Tester role.
Proven
- 50+ Hack The Box machines solved across Web Application, Network, and Active Directory categories, documented in public writeups.
- CVE-2025-57819: published Python PoC for FreePBX unauthenticated SQLi to RCE, full chain from injection to webshell to incron-based root privilege escalation.
- Home lab: Active Directory domain controller (GPOs, users, ACLs configured), pfSense, Security Onion SIEM, used for attack simulation and detection practice.
- AI-assisted recon tooling: built a workflow using Claude Code on Kali Linux orchestrating a locally hosted Ollama security-focused LLM. Automates parsing of Nmap/Gobuster output and generates structured pentest reports.
Currently Learning
- Cloud Security
- Red Team Tactics
- CEH (exam scheduled July 2026)
Skills
Offensive Security: Penetration Testing, Vulnerability Assessment, OWASP Top 10, Active Directory Attack Chains (Kerberoasting, Pass-the-Ticket, DCSync), Privilege Escalation, Web App Exploitation (XSS, SQLi, LFI, RCE)
Tools: Burp Suite, Metasploit, Nmap, Wireshark, BloodHound / SharpHound, Impacket, CrackMapExec, Hydra, Responder, linpeas / winpeas
Defensive / SOC: Security Onion SIEM, pfSense, Windows Event IDs, Sysmon basics
Programming: Python (scripting & automation), SQL, JavaScript, TypeScript, Flask
Education
B.E. Computer Science and Engineering, Chitkara University, Punjab CGPA: 9.18/10, August 2020 to August 2024
Certifications
- Python Certification (Coding Ninjas)
- Cybersecurity Certification (Credly)
- OCI AI Foundations Associate, Oracle
- Certified Ethical Hacker (CEH), exam scheduled July 2026
Projects
FreePBX CVE-2025-57819: Proof of Concept
Published Python PoC for an unauthenticated SQL injection vulnerability in FreePBX, chaining error-based injection through a cron-based webshell to a root privilege escalation via incron/fwconsole command injection. Tested against HTB “Connected.”
Home Lab: Active Directory & SIEM
Designed and maintained a lab replicating enterprise infrastructure: Kali Linux attacker machine, Windows Server AD Domain Controller with configured users/groups/GPOs/ACLs, pfSense, and a Security Onion SIEM. Practiced full kill-chain exercises (recon, enumeration, exploitation, privilege escalation, lateral movement, persistence) using BloodHound, SharpHound, Impacket, Responder, and CrackMapExec, and used the same environment for detection-side practice (Windows Event IDs, Sysmon, port scan detection in SIEM).
AI-Assisted Recon & Enumeration Tooling
Built a cross-machine workflow for HTB engagements: Claude Code running on Kali Linux as the orchestration layer, connected to a locally hosted Ollama instance running a security-focused LLM. Custom prompt-based agents automate recon and enumeration. Tool output from Nmap, Gobuster, and similar utilities feeds directly into the pipeline for structured analysis and automated report generation, reducing manual documentation time.
Contac
DM on Linkedin