From Theory to Practice: Week 1 of Hands-On Offensive Security

I hold a bachelor's degree in IT Security and have spent two years building fullstack web applications with React and Node.js. The theoretical foundation is solid but security is a field where hands-on practice is non-negotiable. This series documents my structured transition into offensive security, real tools, real environments, real findings. Week one focus: environment setup, reconnaissance tooling, and web application vulnerabilities. Environment: Kali Linux on Apple Silicon Running security tooling on an M1 MacBook requires some deliberate setup. Native ARM support for many tools is still inconsistent, so I provisioned a Kali Linux VM using UTM a solid QEMU-based virtualisation option for Apple Silicon. One issue worth documenting is that UTM can produce a black screen on initial Kali boot due to display driver initialisation. The fix involves adjusting the display settings before first launch. Not a blocker, but it costs time if you don't know to expect it. With Kali running, I