Motivated cybersecurity professional specializing in penetration testing, red teaming, and application security. Skilled in identifying and exploiting vulnerabilities across web, API, network, and Active Directory environments. Hands-on experience through bug bounty programs, freelance pentesting, and advanced labs.
A reconnaissance lead uncovered a hidden misconfiguration that chained into a full exploit. Using my own exploit CVE-2025-30406, I escalated it to Remote Code Execution (RCE) on RedBull’s infrastructure.
My journey of discovering my first Remote Code Execution (RCE) vulnerability during a bug bounty hunt, detailing the technical approach and lessons learned.
By publishing malicious npm packages, I hijacked internal dependencies in a supply chain attack. This approach led to a successful Remote Code Execution (RCE) exploit.
Optimized Nmap scans on port 1883 revealed a vulnerable Mosquitto service. This discovery led to significant findings and bug bounty rewards during large-scope reconnaissance.
Fuzzing headers revealed an X-Forwarded-For bypass, granting access to an internal panel. This exposed sensitive Personally Identifiable Information (PII) of users.
A GET parameter misconfiguration allowed JavaScript injection across 130+ endpoints. Using tools like waymore and katana, I uncovered a critical XSS vulnerability.
Chaining an account takeover via password reset with Markdown injection, I achieved command execution to retrieve the flag in the Armaxix web challenge.
A low-severity self-XSS was transformed into a high-impact exploit through clever techniques, resulting in a critical XSS vulnerability with significant impact.
Python script for parallel Nmap port scanning on large scopes of subdomains, accelerating reconnaissance in penetration testing.
Bash script for monitoring host status, supporting add/remove/display/clean operations and unique IP counting for uptime tracking.
Collection of techniques and payloads for bypassing authentication in web apps, targeting login forms, headers, and logic flaws during pentesting.
HTML-based proof-of-concept demonstrating CSRF exploitation to upload files to a victim's account without their knowledge using session hijacking.
Shell script to parse browser history and bookmarks, extracting URLs with parameters and detecting sensitive data like tokens for OSINT and CTF use.
ProLabs: DANTE, ZEPHYR, POO on HackTheBox
INE Security
CyberWarFare
SECOPS
TCM Security
Secured a top 4 position in the AUSIM CTF by Secdojo.
Paysafe Bug Bounty Program at Bugcrowd.
Secured second place in the DGSN CTF qualifiers on Secdojo.