Andre Collins_

Projects & Writeups

Homelab builds, lab writeups, and security case studies. Methodology-first, sanitized, and honest — every entry documents how, not just what.

In progress

Securing a Multi-Tenant SaaS (TrueCreditIQ)

Authorized application-security assessment of a live production SaaS I own and operate: row-level security, OAuth, rate limiting, WAF tuning, and supply-chain review. OWASP-based methodology → findings → fixes.

AppSecOWASPBurp SuiteSupabase RLSCloudflare WAF
In progress

Active Directory Attack & Defense Lab

Isolated homelab: Windows Domain Controller + clients + a Kali attacker. Enumeration, attack paths, and privilege escalation — documented with a network diagram and sanitized evidence.

Active DirectoryPentestBloodHoundKali

Read the writeup (stub)
Planned

Web App Pentest — PortSwigger & Juice Shop

Working the OWASP Top 10 by vulnerability class in the PortSwigger Web Security Academy, plus a vulnerable-web-app target with Burp Suite. Each class becomes a short methodology writeup.

Web PentestOWASP Top 10Burp Suite
Planned

TryHackMe — Jr Penetration Tester Path

Selected rooms written up for methodology and learning (flags redacted, per platform rules). Focused on the offensive fundamentals that map to the pentest track.

TryHackMeEnumerationExploitation