$ whoami

I break things before attackers do.

Offensive security consultant who hunts the vulnerabilities that matter, proves the damage they'd do, and helps fix them.

Work with me → Read writeups

Burp Suite ffuf nuclei sqlmap BloodHound Caido Impacket mimikatz Frida subfinder ligolo-ng CrackMapExec MobSF Objection httpx Wireshark Burp Suite ffuf nuclei sqlmap BloodHound Caido Impacket mimikatz Frida subfinder ligolo-ng CrackMapExec MobSF Objection httpx Wireshark

01about

An attacker's mindset,
on your side of the table.

I find and fix the vulnerabilities that actually matter, the way a real adversary would, not the way a checklist would. Six years across consulting and bug bounty, which keeps me close to how things break in the wild rather than in theory.

02writeups

Field notes from the hunt.

idor · featured

Account Takeover by Chaining Two IDORs

Two access-control bugs that looked minor in isolation. Chained together, they walked straight into a full account takeover. A study in why severity is about impact, not the bug class.

read the writeup →

ssti

03services

What I can do for you.

/01

[ web ]

Web & API Testing

Deep assessment of web apps and APIs against the OWASP Top 10: auth flaws, broken access control, injection, and the business-logic chains that turn a small bug into a real breach.

/02

[ mobile ]

Mobile App Testing

Android, iOS and Huawei HMS, tested to OWASP MASVS and MASTG with both static and dynamic analysis. Pinning bypass, insecure storage, runtime instrumentation, and everything underneath.

/03

[ infra ]

Network & Infrastructure

External and internal IP-range testing, black box or grey box. Host and service enumeration, exploitation, lateral movement, and Active Directory attacks through to full domain takeover.

04contact

Let's find what's broken.

Open to consulting engagements, VAPT work, and interesting offensive security problems. Tell me what you're protecting.

Get in touch →

An attacker's mindset,on your side of the table.