Penetration
Tester_
I'm Anshuman Jha — an OSCP+ certified security professional who finds vulnerabilities before attackers do. Active Directory exploitation, web app pentesting, and red team operations.
Who I am & what
I bring to the table
I'm Anshuman Jha, a Penetration Tester with a deep passion for offensive security. I hold the OSCP+ certification from Offensive Security — one of the industry's most respected hands-on security credentials — earned August 2, 2025.
My expertise spans Active Directory exploitation, web application pentesting, and red team operations. I've completed all 4 HackTheBox Pro Labs including the advanced Cybernetics and RastaLabs environments that simulate hardened enterprise networks with live defensive tooling.
Beyond breaking things, I build them — my open-source OSCP+ / OSEP Advanced Cheatsheet v3 is an interactive reference tool with variable substitution used by the community during live engagements.
Core Skills
Proven across the OSCP+ exam, 4 HTB Pro Labs, and real-world engagements.
The Kill Chain
How I actually move through an engagement. Drag the nodes — hover one to see the techniques and tools I use at each stage.
Projects & Achievements
Passed the Offensive Security Certified Professional Plus (OSCP+) — the gold standard in hands-on penetration testing certifications. A 24-hour live exam requiring compromise of multiple machines including a full Active Directory environment. Proves real-world ability to enumerate, exploit, escalate, pivot, and report under pressure — not theory.
HTB's hardest AD lab — multi-forest, domain trust abuse, live AV/EDR. Chained complex attacks across forest boundaries for full compromise.
HTB ProfileRed team lab with live EDR — deployed C2 frameworks, bypassed endpoint defenses, achieved persistent access in hardened Windows enterprise.
HTB ProfileCorporate network simulation — intermediate AD attacks, web exploitation chains, and Windows privilege escalation across segmented environment.
HTB ProfileFull network pentest — initial foothold, pivoting through subnets, AD exploitation, full domain compromise. Complete offensive security kill chain.
HTB ProfileTools I've Built
Production-grade offensive security tooling — written, maintained, and used in real bug bounty & exam workflows.
A single-file, production-ready recon automation engine that chains 12 recon phases — from passive subdomain enumeration all the way to Wayback JS diffing and GitHub dorking — into one resumable, stealth-aware workflow. Drop it on any VPS and run.
24 real-browser UA rotation, proxy pool with circuit breaker, per-domain adaptive backoff
700+ secret detectors run on live JS & Wayback snapshots with verification
19 spoof headers + 14 path mutations + HTTP verb tampering
Per-phase resume markers, Discord webhooks, auto HTML reports
Interactive PEN-200 v2025-26 exam guide — 14 sections covering enumeration, Linux/Windows methodology, full AD attack chains (incl. ADCS ESC1–ESC8), MSSQL RCE, Ligolo-ng pivoting & proof collection.
Live ToolOpen-source security tooling and cheatsheets built from real engagement experience — all repositories public and actively maintained.
View GitHubWhat sets me apart
OSCP+ is not multiple choice — it's a 24-hour live hacking exam. Passing it proves actual capability under real conditions.
4 HTB Pro Labs completed including Cybernetics & RastaLabs — the hardest enterprise simulation environments with live defenses.
Built Ghost Protocol (12-phase recon engine) and an open-source OSCP+/OSEP cheatsheet with 200+ commands — real tools used by the security community.
Follows documented methodology — enumeration → exploitation → post-exploitation → reporting aligned with PTES and OWASP standards.
Strong commitment to responsible disclosure, confidentiality, and ethical hacking. Understands legal and professional scope.
Actively training through HackTheBox and OffSec. Current with latest attack techniques — not relying on outdated knowledge.
Let's work together
Available for penetration testing engagements, security audits, red team operations, and full-time / freelance roles.