N E T H R A N. W E D A G E

Loading

Cybersecurity undergraduate and web developer based in Sri Lanka, passionate about penetration testing, VAPT, and ethical hacking.

Contact Info

Hire Me
Hire Me
ls -la services/

What I can
do for you

From penetration testing and VAPT engagements to full-stack web development — every service is delivered manually, methodically, and with a clear written output you can act on.

Services Index

Penetration Testing01 VAPT02 Web Development03 CTF & Research04 Social Engineering05 Network Security06 Security Reporting07
01

Service 01

Penetration
Testing

Full-cycle web application and network penetration testing — from recon and enumeration through exploitation to post-exploitation and lateral movement. Every engagement is 100% manual, not a scan-and-report. I follow structured methodology (OWASP, PTES) and deliver clear risk-rated findings that your team can actually remediate.

What's Included

Scoping session to define targets, rules of engagement, and out-of-scope assets
Passive and active reconnaissance — OSINT, subdomain enum, port scanning
Manual vulnerability identification across OWASP Top 10 and beyond
Exploitation with proof-of-concept evidence for every confirmed finding
Post-exploitation — privilege escalation, lateral movement, persistence checks
CVSS-scored report for both technical teams and executive audience
Free re-test of all critical and high findings after remediation

Methodology

01
Reconnaissance
OSINT gathering, subdomain enumeration, technology fingerprinting, attack surface mapping.
02
Scanning & Enumeration
Port scanning, service detection, vulnerability scanning, manual web crawling.
03
Exploitation
Manual exploitation of confirmed vulnerabilities with PoC capture — no false positives.
04
Post-Exploitation
Privilege escalation, persistence testing, lateral movement, data exfil simulation.
05
Reporting & Re-test
Risk-rated findings, remediation roadmap, executive summary, and free re-test.

Tools Used

Burp Suite Nmap Metasploit SQLMap Kali Linux Gobuster Wireshark Hashcat
Manual. Thorough.
Risk-Rated.

No automated scan dumps. Every finding is manually verified, exploited where safe, and explained clearly enough for a developer to fix it on day one.

100%Manual
OWASPAligned
CVSSScored

Scope Options

Web Application Pentest
Network / Infrastructure Pentest
API Security Testing
Internal Network Assessment
Combined Web + Network
Request a Pentest
02

Service 02

Vulnerability Assessment
& Penetration Testing

VAPT combines structured vulnerability discovery with hands-on exploitation — giving you both breadth (every vulnerability catalogued) and depth (confirmed, exploited, risk-contextualised findings). Ideal for compliance requirements, pre-launch audits, or board-level security sign-off.

What's Included

Automated vulnerability scanning (Nessus / OpenVAS) as a baseline, not the final word
Manual verification of every scanner finding — no false positive noise in your report
CVSS 3.1 scoring for all findings with business impact context
Executive summary suitable for board, audit committee, or compliance sign-off
Technical report with step-by-step remediation for each finding
Re-test certificate confirming critical issues are resolved

Tools Used

OpenVAS Nikto Nmap Burp Suite Metasploit CVSS Calculator
Assessment
meets Exploitation.

VAPT is what you need when you want both the complete catalogue of vulnerabilities AND confirmed exploitation evidence — required for most compliance frameworks.

CVSS3.1 Scored
2-in-1VA + PT

Best For

Compliance & audit requirements (ISO 27001, PCI DSS)
Pre-launch security sign-off for web applications
Annual security review for SMEs
Board-level security reporting
Request VAPT
03

Service 03

Web
Development

Full-stack web development in PHP, MySQL, and JavaScript — with security baked in from line one, not bolted on at the end. I build clean, performant, responsive applications: from portfolio sites and business landing pages to internal management systems and custom tools.

What's Included

Responsive front-end using Bootstrap or custom CSS — looks great on every device
PHP/MySQL back-end with parameterised queries, input validation, and session security
OWASP-aware development — SQLi, XSS, CSRF, IDOR protections built in
Admin panels, CRUD systems, and custom dashboards
Clean, commented code handed over with documentation
Optional post-delivery security review of the finished product

Recent Builds

Dreamway Education Website
Full corporate website with course listings, contact forms, and CMS-style admin panel.
Timex Inventory Management System
Internal PHP/MySQL IMS for tracking stock, purchase orders, and reporting — used daily in production.
Portfolio Website (this site)
Custom PHP portfolio with modular includes, dynamic page system, and zero external CMS dependency.

Stack

PHP 8 MySQL JavaScript Bootstrap HTML5 / CSS3 Git
Built secure.
Shipped clean.

Most developers secure their code as an afterthought. Because I test applications for a living, security is part of the architecture from the first commit.

OWASPAware
FullStack
PHPMySQL

Project Types

Business & Portfolio Websites
Internal Tools & Admin Panels
Inventory & Management Systems
Landing Pages & Marketing Sites
Custom PHP APIs & Back-ends
Start a Project
04

Service 04

CTF & Security
Research

Active on HackTheBox and TryHackMe — working through machines and challenges across web exploitation, privilege escalation, binary exploitation, reverse engineering, cryptography, and digital forensics. I publish detailed writeups that document the methodology, not just the answer.

What I Cover

Web exploitation — SQLi, XSS, SSTI, SSRF, file upload bypass, auth flaws
Privilege escalation — Linux and Windows PrivEsc paths, SUID/SUDO abuse, misconfigs
Active Directory attacks — Kerberoasting, Pass-the-Hash, BloodHound enumeration
Reverse engineering — static and dynamic analysis with Ghidra
Cryptography challenges — classical ciphers, RSA weaknesses, hash cracking
Digital forensics — PCAP analysis, steganography, memory forensics

Tools

Ghidra Wireshark Hashcat BloodHound Python pwntools Volatility
Learn by
breaking things.

CTF platforms are where offensive security skills are stress-tested outside of client engagements. Regular practice keeps techniques sharp and current.

HTBActive
THMActive
10+Solved

From My Writeups

HTB Machine — From Foothold to Root
Linux PrivEsc Techniques Explained
Common Web Vulnerabilities for Developers
HTB Lucky Dice — Python Solver Writeup
Read Writeups
05

Service 05

Social
Engineering

The weakest link in most organisations isn't the firewall — it's the people behind it. Social engineering engagements simulate real-world human-layer attacks: phishing campaigns, pretexting scenarios, and OSINT-driven reconnaissance to expose exactly how much damage a well-crafted lure can do.

What's Included

OSINT target profiling — email formats, org structure, key personnel, public data exposure
Phishing campaign simulation — custom lure pages, email spoofing, click tracking
Pretexting scenario design and execution within agreed scope
Vishing script development and simulation planning
Awareness gap report — who clicked, what they gave up, how the attack succeeded
Remediation recommendations — training, process changes, technical controls

Tools

Maltego theHarvester Shodan GoPhish SET OSINT Framework
People are the
attack surface.

Technical controls stop technical attacks. Social engineering bypasses all of that. The only defence is knowing exactly how exposed your people are — before a real attacker finds out.

OSINTDriven
HumanLayer

Important Note

All engagements require explicit written authorisation
Scope and rules of engagement defined before any activity
No credential harvesting outside agreed parameters
Full debrief with all targets after engagement closes
Discuss Engagement
06

Service 06

Network
Security

Network-layer attack simulation, traffic analysis, and firewall auditing — finding open ports, weak protocols, misconfigured services, and unpatched devices before an attacker does. Backed by hands-on enterprise network management experience across multiple large organisations.

What's Included

Full port scan and service enumeration across the target IP range
Firewall rule review and misconfiguration identification
Weak protocol detection — Telnet, FTP, SNMPv1, weak SSL/TLS, open RDP
Network traffic capture and analysis for suspicious patterns
Internal network segmentation review — flat network risk assessment
Remediation report with prioritised patching and config hardening steps

Tools

Nmap Wireshark OpenVAS iptables Netcat Nessus
Find what's
exposed first.

Having managed enterprise networks at Commercial Bank, MAS Intimates, and Timex Garments, I know how quickly misconfigurations appear — and exactly where to look for them.

3+Yrs Mgmt
L2/L3Coverage

Common Findings

Default credentials on network devices
Flat networks with no internal segmentation
Unencrypted management protocols (Telnet, HTTP)
Open RDP / SMB exposed to internal users
Request Network Review
07

Service 07

Security
Reporting

A security finding is only valuable if the right person understands it and acts on it. Every report I produce is written in two layers: a technical section with full PoC evidence and step-by-step remediation, and an executive summary that clearly communicates risk to non-technical decision makers — no jargon, no padding.

Report Structure

01
Executive Summary
Risk posture overview, critical finding summary, business impact assessment — readable by a board member in 5 minutes.
02
Findings Register
Every vulnerability catalogued with CVSS 3.1 score, severity rating, affected asset, and exploitability assessment.
03
Proof of Concept
Step-by-step reproduction instructions, screenshots, request/response captures, and tool output for every confirmed finding.
04
Remediation Roadmap
Prioritised fix list with specific code-level, config-level, or process-level remediation guidance for each finding.
05
Re-test Certificate
Formal confirmation that critical and high findings were retested and verified as resolved after remediation.

Delivered In

PDF Word / DOCX Google Docs Notion Excel (findings tracker)
Reports that
drive action.

The best penetration test report is useless if nobody reads it. Every report is structured so developers know exactly what to fix, and management knows exactly what to prioritise.

ExecSummary
TechDeep Dive
PoCEvidence

Report Standards

CVSS 3.1 scoring on all findings
OWASP / CWE reference mapping
Business impact per finding
Remediation effort estimate
Re-test verification included
Request a Report
Why Work With Me

What sets this
engagement apart

Always Manual

No engagement is just a scan-and-report. Every finding is manually verified and exploited where possible — because automated tools miss what skilled humans find.

Both Sides of the Fence

I manage enterprise infrastructure by day and break into systems by night. That dual perspective means I understand the defender's constraints as well as the attacker's opportunities.

Clear Communication

Reports are written for two audiences — technical teams who need to fix things, and executives who need to understand risk. No jargon dump, no filler.

Re-test Included

Critical and high findings are re-tested after remediation at no additional cost. You get a re-test certificate confirming the issues are closed.

Ethics & Authorisation

Every engagement runs within explicit written scope and rules of engagement. Security work without proper authorisation isn't security work — it's a crime.

Practical Remediation

Remediation guidance is specific and actionable — not "patch your software." You get exact config changes, code fixes, or process improvements for each finding.

Pricing

Transparent
Engagement Tiers

Starter
Basic Assessment

For small web apps, solo projects, or developers who want a security review before launch.

LKR
On Request
Scoped per engagement
  • Web application scan + manual review
  • OWASP Top 10 coverage
  • Risk-rated findings report (PDF)
  • Remediation guidance per finding
  • Executive summary
  • Re-test certificate
Get a Quote
Most Popular
Full nw-skill-name

Comprehensive assessment for SMEs, pre-launch sign-off, or compliance requirements.

LKR
On Request
Scoped per engagement
  • Full VAPT — web + network
  • Manual exploitation with PoC evidence
  • CVSS 3.1 scored findings register
  • Executive + Technical report
  • Remediation roadmap
  • Free re-test of critical/high findings
Get a Quote
Enterprise
Full Engagement

End-to-end offensive engagement including social engineering, network, and web — for organisations that want the complete picture.

LKR
On Request
Scoped per engagement
  • Web + Network + Social Engineering
  • OSINT & phishing simulation
  • Full PoC documentation
  • Board-ready executive report
  • Awareness gap reporting
  • Re-test certificate + debrief call
Get a Quote

Let's Get Started

Ready to find your
vulnerabilities first?

Drop me a message to discuss scope, timeline, and pricing. All engagements start with a free scoping call — no commitment required.

Start a Conversation View Past Projects