https://daniyalahmed.dev/tags/pentesting/Recent content in Pentesting on Daniyal Ahmed | Red Team & Cloud SecurityHugo -- gohugo.ioen-usdaniyal.ahmed@microtechx.com (Daniyal Ahmed)daniyal.ahmed@microtechx.com (Daniyal Ahmed)Sat, 02 May 2026 00:00:00 +0000https://daniyalahmed.dev/posts/api-pentesting-lab-setup-complete/Sat, 02 May 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/api-pentesting-lab-setup-complete/There is no better way to understand how API vulnerabilities work than to build a deliberately broken one and attack it yourself. This lab does exactly that. We set up a Flask API riddled with every major OWASP API Security Top 10 weakness, then systematically exploit each one using curl, Python scripts, Burp Suite, and jwt_tool. By the end you will have personally exploited SQL injection, broken object level authorization, JWT forgery, mass assignment, SSRF, and more all in a safe, isolated environment running on your own machine, no external setup required.https://daniyalahmed.dev/posts/ultimate-penetration-testing-notes/Fri, 01 May 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/ultimate-penetration-testing-notes/Over the past few years working through HackTheBox, TryHackMe, VulnHub, HackMyVM, VulNyx, DockerLabs, and realworld engagements, I have accumulated an enormous amount of notes, commands, techniques, and hardwon lessons. This document is the result of all of that compiled, organized, and formatted into something I can actually use under pressure. This is not a tutorial. It is not a beginner guide. It is a reference document built for people who are already in the middle of something and need to find a specific command, technique, or methodology fast.https://daniyalahmed.dev/posts/hybrid-identity-penetration-testing-laboratory-attack-guide/Wed, 29 Apr 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/hybrid-identity-penetration-testing-laboratory-attack-guide/This is my most ambitious lab yet. Multiple attack techniques, a complete initial access methodology, attack and defense, AD setup in Azure, hybrid identity setup and full compromise from zero credentials to cloud persistence. Before we touch a single command I want to walk through every concept that underpins what happens in the lab. This series rewards people who understand why a technique works, not just people who can copy and paste commands.