ROOT@WAQAR ~ LEARNING CYBERSECURITY

HACK

THE PLANET.

[ PENETRATION TESTER IN TRAINING ]

Software Engineer with production DevOps experience, now learning to break into systems to understand how to defend them.

EXPLORE CONTACT

HIRE_ME //UPWORK FIVERR FREELANCER

root@kali:~#

$ nmap -sV -sC target.local

$ msfconsole -q

$ hydra -l admin -P wordlist.txt ssh://10.0.0.1

$ sqlmap -u "http://target/page?id=1" --dbs

$ john --wordlist=rockyou.txt hashes.txt

$ nmap -sV -sC target.local

WAQAR UL WAHABRED TEAM LEARNERPAKISTAN

SCROLL

// ABOUT_ME

LINKEDIN GITHUB INSTAGRAM FACEBOOK

Software Engineer transitioning into cybersecurity — learning to defend and test the systems I build.

I'm a Software & DevOps Engineer based in Islamabad, Pakistan, currently diving deep into the world of cybersecurity. With a strong foundation in building production-grade backend systems using Django, FastAPI, and cloud infrastructure, I'm now applying that knowledge to understand how systems can be secured and tested.

Currently learning network security fundamentals, penetration testing methodologies, and hands-on tools like NMAP, Wireshark, Burp Suite, and Metasploit. My background in DevOps (Docker, CI/CD, Linux) gives me a unique perspective on infrastructure security and hardening.

I don't have professional cybersecurity experience yet — I'm in the learning phase. But I believe my engineering background and hands-on mindset will help me grow fast in this field. Currently completing my Bachelor's in Software Engineering at the University of Haripur.

NAMEWaqar Ul Wahab

FOCUSCybersecurity & Network Security

BACKGROUNDSoftware & DevOps Engineer

EDUCATIONBSE — University of Haripur '25

LOCATIONWah Cantt, Islamabad, Pakistan

EMAILdev.waqarulwahab@gmail.com

// TIMELINE

2025Started Cybersecurity Learning Journey — NMAP, Wireshark, Kali Linux

2025Junior Software & DevOps Engineer at Amal Axis

2023Top-Rated Freelancer on Upwork & Fiverr

2021Started BSE at University of Haripur

2021Founded Quantum Hash Link

GET IN TOUCH DOWNLOAD CV

TOOLS
& ARSENAL.

Security tools and technologies I'm learning to master for penetration testing, network analysis, and vulnerability assessment.

SCANNINGNMAP

ANALYSISWireshark

WEB SECURITYBurp Suite

EXPLOITATIONMetasploit

OSKali Linux

VULNERABILITYNessus

WEB SECURITYNikto

BRUTE FORCEHydra

CRACKINGJohn the Ripper

CRACKINGHashcat

WIRELESSAircrack-ng

WEB SECURITYSQLMap

ENUMERATIONGobuster

NETWORKINGNetcat

ANALYSISTcpdump

VULNERABILITYOpenVAS

OSLinux CLI

INFRASTRUCTUREDocker

SCRIPTINGPython

SCRIPTINGBash

NMAPWIRESHARKBURP SUITEMETASPLOITKALI LINUXPYTHONBASHDOCKERTCP/IPDNSOWASPCVEFIREWALLIDS/IPSSIEMOSINT

// ENGAGEMENT_PLAYBOOK

OPERATION
FLOW.

A brutal, repeatable workflow. The goal is clarity, not chaos.

STEP_1

RECON

Collect intel, map surface area, validate targets.

OSINTDNSHTTP

STEP_2

ENUM

Identify services, versions, and weak edges.

NMAPGobusterSMB

STEP_3

EXPLOIT

Test hypotheses. Prove impact. Stay controlled.

BurpSQLiAuth

STEP_4

HARDEN

Turn findings into concrete defenses and fixes.

ConfigPatchesLeast-Priv

STEP_5

REPORT

Clear narrative: steps, evidence, remediation.

ProofRiskFix

LEARNING
PATH.

My structured approach to cybersecurity education. Currently focused on building a strong foundation before specializing.

IN PROGRESS

Network Security Fundamentals

Understanding TCP/IP stack, OSI model, subnetting, firewalls, IDS/IPS, VPNs, and secure network architecture design principles.

TCP/IPOSI ModelSubnettingFirewallsVPNDNS Security

IN PROGRESS

Penetration Testing & Ethical Hacking

Learning the penetration testing lifecycle — reconnaissance, scanning, exploitation, post-exploitation, and reporting using industry-standard tools.

NMAP ScanningVulnerability AssessmentExploitationPost-ExploitationReport Writing

STARTING

Web Application Security

Studying OWASP Top 10 vulnerabilities, XSS, SQL injection, CSRF, authentication flaws, and secure coding practices.

OWASP Top 10SQL InjectionXSSCSRFBurp SuiteSecure Coding

LEVERAGING DEVOPS EXPERIENCE

System & Infrastructure Hardening

Applying my DevOps background to learn Linux hardening, Docker security, CI/CD pipeline security, and cloud security best practices.

Linux HardeningDocker SecuritySSH SecurityLog AnalysisSIEM

PLANNED

Digital Forensics & Incident Response

Planning to learn disk forensics, memory analysis, log investigation, malware analysis basics, and incident response procedures.

Disk ForensicsMemory AnalysisLog AnalysisMalware BasicsIR Procedures

// LABS_AND_CTF

FIELD
LABS.

Hands-on practice, not vibes. I train with CTFs and lab environments to build repeatable recon, enumeration, and reporting habits.

OPERATOR_STATUS

ONLINE

CURRENT_MODELEARNING

PRIMARY_FOCUSRECON + ENUM

RULESETDOCUMENT EVERYTHING

TryHackMe — Pre Security

ACTIVE

Networking + Linux fundamentals

PROGRESS72%

TCP/IPLinuxDNS

RUNBOOK_READY

Hack The Box — Starting Point

ACTIVE

Enumeration + exploitation basics

PROGRESS54%

NMAPWebSMB

RUNBOOK_READY

PortSwigger — Web Security Academy

IN PROGRESS

OWASP Top 10 + Burp Suite workflow

PROGRESS38%

BurpXSSSQLi

RUNBOOK_READY

Blue Team — Log Hunting Drills

PLANNED

Detection mindset + incident response

PROGRESS0%

SIEMLogsIR

RUNBOOK_READY

// INTEL_FEED

OPSEC
NOTES.

Short writeups, templates, and repeatable checks. Built like a runbook.

CHANNEL

PUBLIC

FLAGNOISE: LOW

FLAGDOCS: ON

FLAGPACE: CONSISTENT

DRAFT2026-02

Recon Notes: Subdomains (passive → active)

Fast target mapping: collect → validate → fingerprint → document.

OSINTDNSReconOPEN

IN PROGRESS2026-02

Burp Workflow: Auth bypass checks

Session handling + role checks + endpoint discovery in a repeatable order.

WebBurpAuthOPEN

ACTIVE2026-02

NMAP Baseline: enumeration templates

Clean scan presets for services, scripts, and output structure.

NMAPEnumReportingOPEN

// THREAT_RADAR

SKILL
RADAR.

Real-time capability assessment across cybersecurity domains. Active learning = active growth.

LIVE_FEEDMONITORING

14:32:01HIGH

PORT_SCAN detected on 10.0.0.5:445

14:31:47MED

SSH brute-force attempt from 192.168.1.42

14:31:22HIGH

DNS exfiltration pattern matched

14:30:58CRIT

Reverse shell callback on port 4444

14:30:11INFO

NMAP SYN scan completed — 23 hosts up

14:29:44MED

Gobuster found /admin on target.local

// METRICS_DASHBOARD

OPS
METRICS.

Numbers don't lie. Tracking progress across every domain — hours invested, challenges solved, tools mastered.

0+HOURS TRAINED

0TOOLS STUDIED

0+LABS CLEARED

0+CTF CHALLENGES

0SCRIPTS WRITTEN

0NETWORKS MAPPED

DOMAIN_PROFICIENCYLEVEL_%

Network Security68%

Penetration Testing52%

Web App Security45%

Linux / CLI78%

Scripting (Python/Bash)72%

Cloud Security55%

Forensics & IR25%

COMPLETION_RINGS

52%

OFFENSIVE

35%

DEFENSIVE

70%

TOOLING

40%

REPORTING

// NETWORK_VISUALIZATION

THREAT
MAP.

Visualizing global attack surfaces. Understanding where threats originate is the first step in building defenses.

LIVE_RENDER

THREAT_VECTORSSIMULATED

NORTH AMERICA2.4K

VECTORBRUTE_FORCE

EUROPE1.8K

VECTORPHISHING

EAST ASIA3.1K

VECTORDDoS

SOUTH ASIA890

VECTORSQLi

MIDDLE EAST1.2K

VECTORAPT

TOTAL_INGESTED9,390

INITIATING SEQUENCE

AUTHENTICATING...

BREACH
PROTOCOL

Every system has a vulnerability. The question is whether you find it first — or someone else does.

FIREWALLBYPASSED

PAYLOADSTAGED

EXFILREADY

// ATTACK_SURFACE

KILL
CHAIN.

Visualizing the attack path from initial access to crown jewels. Every node is a decision point.

NETWORK_TOPOLOGYSIMULATING

KILL_CHAIN_LOGIN PROGRESS

1ATTACKER

RECON: Scan perimeter, identify open ports

2ROUTER

BYPASS: Evade firewall via misconfigured router

3APP

EXPLOIT: RCE on application server (CVE-2024-XXXX)

4TARGET

PIVOT: Lateral movement to crown jewel

// LIVE_TERMINAL

PENTEST
SIM.

Watch a simulated penetration test in real-time. Recon → enum → exploit → access. This is how it flows.

TARGET: 10.10.14.0/24MODE: OFFENSIVERECORDING

root@kali:~/engagement

BASH

# Penetration Test — Simulated Engagement
# Objective: Enumerate, exploit, document
# Rules of Engagement: Stay in scope

CERT
TARGETS.

Certifications I'm targeting to validate my cybersecurity knowledge and skills.

PLANNED

CompTIA Security+

Foundation-level cybersecurity certification covering network security, compliance, threats, and vulnerabilities.

PLANNED

CEH — Certified Ethical Hacker

EC-Council certification for penetration testing methodologies, tools, and ethical hacking techniques.

PLANNED

CompTIA Network+

Networking fundamentals certification — infrastructure, troubleshooting, and network operations.

LONG-TERM GOAL

OSCP — Offensive Security Certified Professional

Advanced hands-on penetration testing certification. The gold standard for offensive security professionals.

ACTIVE

TryHackMe / HackTheBox

Practicing on CTF platforms and virtual labs to build practical hacking and defense skills.

PLANNED

eJPT — eLearnSecurity Junior Penetration Tester

Entry-level penetration testing certification with practical exam — great starting point.

BACK
GROUND.

My software engineering and DevOps experience — the foundation that powers my cybersecurity journey.

MAR 2025 — PRESENT

AMAL AXIS

Junior Software & DevOps Engineer

Building and deploying production backend systems, managing CI/CD pipelines, server infrastructure, and cloud deployments. This DevOps experience directly supports my cybersecurity learning.

Backend DevelopmentDevOpsSystem AdministrationCloud ComputingLinux

FEB 2023 — PRESENT

UPWORK

Python Engineer — Top Rated

Top-rated freelance professional delivering Django, FastAPI, and infrastructure projects. Understanding real-world systems helps identify security vulnerabilities.

DjangoFastAPIMachine LearningDevOpsAPI Security

FEB 2023 — PRESENT

FIVERR

Python Engineer

Trusted Fiverr freelancer with 5-star deliveries. Backend development and system administration experience forming the foundation for security work.

DjangoBackend DevelopmentSystem AdministrationServer Hardening

// EDUCATION

2021 — 2025

Bachelor's in Software Engineering

University of Haripur

2018 — 2021

F.Sc. Computer Science

BASE Group of Colleges

LET'S
CONNECT.

Interested in cybersecurity collaboration, learning together, or need a software engineer? Let's talk.

GET IN TOUCH DOWNLOAD CV

EMAILdev.waqarulwahab@gmail.com PHONE+92 340 9084 564 LOCATIONWah Cantt, Islamabad

LINKEDIN GITHUB UPWORK FIVERR INSTAGRAM FACEBOOK

HACK

THE PLANET.

Software Engineer transitioning into cybersecurity — learning to defend and test the systems I build.

TOOLS& ARSENAL.

OPERATIONFLOW.

RECON

ENUM

EXPLOIT

HARDEN

REPORT

LEARNINGPATH.

Network Security Fundamentals

Penetration Testing & Ethical Hacking

Web Application Security

System & Infrastructure Hardening

Digital Forensics & Incident Response

FIELDLABS.

TryHackMe — Pre Security

Hack The Box — Starting Point

PortSwigger — Web Security Academy

Blue Team — Log Hunting Drills

OPSECNOTES.

Recon Notes: Subdomains (passive → active)

Burp Workflow: Auth bypass checks

NMAP Baseline: enumeration templates

SKILLRADAR.

OPSMETRICS.

THREATMAP.

BREACHPROTOCOL

KILLCHAIN.

PENTESTSIM.

CERTTARGETS.

CompTIA Security+

CEH — Certified Ethical Hacker

CompTIA Network+

OSCP — Offensive Security Certified Professional

TryHackMe / HackTheBox

eJPT — eLearnSecurity Junior Penetration Tester

BACKGROUND.

AMAL AXIS

UPWORK

FIVERR

Bachelor's in Software Engineering

F.Sc. Computer Science

LET'SCONNECT.

TOOLS
& ARSENAL.

OPERATION
FLOW.

LEARNING
PATH.

FIELD
LABS.

OPSEC
NOTES.

SKILL
RADAR.

OPS
METRICS.

THREAT
MAP.

BREACH
PROTOCOL

KILL
CHAIN.

PENTEST
SIM.

CERT
TARGETS.

BACK
GROUND.

LET'S
CONNECT.