// About Me

Diyorbek Juraev is a passionate and results-driven cybersecurity professional, committed to protecting digital systems with precision, efficiency, and integrity. He specializes in identifying vulnerabilities, strengthening cyber defenses, and staying ahead of evolving threats across complex environments.

With deep expertise in both offensive and defensive security, Diyorbek brings a strategic, hands-on approach to areas like application security, infrastructure hardening, and red teaming. He is also an active bug bounty hunter, continuously sharpening his skills by uncovering real-world vulnerabilities in live systems and contributing to a safer digital ecosystem.

Known for his clarity, discipline, and dedication to continuous learning, Diyorbek helps organizations build resilience, reduce risk, and stay secure in an ever-changing threat landscape.

Download Resume (PDF)

// Technical Skills

Penetration Testing

Network Penetration Testing (Internal/External)
Web App Security (OWASP Top 10, Burp Suite)
API Security Testing
Wireless Network Assessment
Social Engineering Frameworks and Phishing Simulation
Active Directory exploitation & privilege escalation

Tools & Technologies

Metasploit, Nmap, Nessus, OpenVAS
Burp Suite Pro, OWASP ZAP, sqlmap
Wireshark, tcpdump
Kali Linux, Parrot OS, BlackArch
Python (Scapy, Requests), Bash
SIEM - SplunkES, SolarWinds SEM

Security Concepts

Threat Modeling (STRIDE)
Cryptography & PKI
Identity & Access Management (IAM)
Cloud Security Basics (AWS/Azure/GCP)
Incident Response Life Cycle
Risk Assessment Frameworks (NIST)

OS & Networking

Linux Administration (Debian/Ubuntu/CentOS)
Windows Server & Active Directory Basics
macOS Security
TCP/IP, DNS, HTTP/S Protocols
Firewall & IDS/IPS Concepts

Red Team Operations

Initial Access via Phishing & Payload Delivery
Command and Control (Cobalt Strike, Sliver, Covenant)
Lateral Movement & Persistence Techniques
AV/EDR Evasion & Obfuscation Techniques
Post-Exploitation Reporting & Debriefing
Adversary Simulation & Threat Emulation

Bug Bounty Hunting

Responsible Disclosure on HackerOne, Bugcrowd, Synack
Recon Automation (subdomain takeover, JS scraping)
High-Impact Findings: IDOR, SSRF, RCE, Auth Bypass
Custom Payload Crafting & Manual Validation
Duplicate Filtering & Report Writing
Staying Current with Exploit Trends & CVEs

// Certifications & Education

Offensive Security Certified Professional (OSCP) - Offensive Security
Cyber Defense Training Path - TryHackMe
MITRE ATT&CK® Cyber Threat Intelligence Certification - MITRE ATT&CK Defender™ (MAD)
MITRE ATT&CK® Fundamentals Badge - MITRE ATT&CK Defender™ (MAD)
Certified in Cybersecurity (CC) - ISC2
Bachelor's Degree in Cybersecurity - Slippery Rock University (2022)