/root/whoami
I am a Security-Oriented Full Stack Engineer bridging the gap between robust software architecture and offensive security operations.
My approach is dual-faceted: I build scalable web systems using modern stacks (React, Python, C++), and I rigorously stress-test them using advanced exploitation techniques. Currently focused on automating vulnerability reconnaissance and developing custom security tooling.
(Proof of concept: Building secure systems and breaking insecure ones)
| Project | Description | Stack |
|---|---|---|
| π‘οΈ Security Tooling | Developed a custom multi-threaded reconnaissance tool for automating subdomain enumeration and vulnerability scanning. Optimized for low-latency using C++ and Python bindings. | Python C++ Bash Docker |
| πΈοΈ Secure Web App | A full-stack e-commerce platform built with security-first principles. Implements strict CSP, JWT rotation, and input sanitization to mitigate XSS/SQLi vectors. | React Node.js PostgreSQL Redis |
| π© CTF Writeups | A curated collection of detailed writeups for Web and Pwn challenges from M4SEC competitions and HackTheBox, focusing on methodology and root-cause analysis. | Markdown Ghidra Burp Suite |
Integration of high-level development standards with security operations. Leverages code literacy to audit complex systems, write custom exploits, and implement robust security patches.
|
π οΈ Development Stack
|
βοΈ Security Operations
|
My research centers on the OWASP Top 10, focusing on the identification of high-impact vulnerabilities in modern web applications.
| Vulnerability Class | Competency | Methodology & Tooling |
|---|---|---|
| π Injection Attacks | π© Proficient | sqlmap, Union/Error-based extraction, Polyglots |
| π Access Control | π© Proficient | IDOR discovery, JWT manipulation, Privilege Escalation |
| πΈοΈ Server-Side Flaws | π¨ Intermediate | SSRF (Cloud Metadata), Insecure Deserialization, XXE |
| π‘οΈ Client-Side Risks | π© Proficient | XSS (DOM/Reflected), CSP Bypassing, Prototype Pollution |