Cybersecurity professional specializing in offensive security and secure application development. I combine hands-on penetration testing expertise with full-stack development skills to build tools that solve real security challenges.
I'm passionate about breaking things to understand how they work—and then building them back better. My work spans vulnerability research, exploit development, and creating secure applications that prioritize both functionality and defense-in-depth principles.
Currently active in CTF competitions and penetration testing challenges, with a focus on web application security, reverse engineering, and infrastructure exploitation.
Security & Penetration Testing
- Web Application Security Testing (SQLi, XSS, XSLT Injection, LFI/RFI, Authentication Bypass)
- Infrastructure Penetration Testing & Network Security
- Exploit Development & Proof-of-Concept Creation
- Reverse Engineering & Binary Analysis
- Password Cracking & Hash Analysis (Hashcat, John the Ripper)
Development
- Languages: C#, Python, JavaScript/Node.js, PHP, PowerShell, Bash
- Frameworks: React, .NET Core, Express.js, Electron
- Databases: PostgreSQL, SQL Server, SQLite
- Cloud & Infrastructure: AWS (EC2, S3, Lambda), Docker, Linux System Administration
- Security Tools: Burp Suite, Nuclei, Metasploit, Nmap, Wireshark
C# exploit for HackTheBox machine demonstrating XSLT injection leading to RCE via exslt:document abuse. Features automated payload generation and session management.
Tech Stack: C#, XSLT, XML, Reverse Shell Techniques
AI-powered recipe generator that transforms available ingredients into creative meal ideas using Claude AI API. Built with focus on clean UX and API integration best practices.
Tech Stack: React, Node.js, Anthropic API
Secure file storage application with encrypted backend, implementing zero-trust architecture and secure authentication patterns.
Tech Stack: C#, React, Electron, AES Encryption
High-performance bulk wordlist importer for PostgreSQL, optimized for processing hundreds of gigabytes of password datasets. Built for large-scale password cracking operations.
Tech Stack: C#, PostgreSQL, Bulk Insert Optimization
- Active HackTheBox participant with focus on web application and infrastructure challenges
- CTF competitor with experience in various security domains
- Continuous learner in offensive security techniques and exploit development
- Advanced exploitation techniques for modern web applications
- Cloud security and AWS penetration testing
- Automated vulnerability discovery with custom tooling
- GPU-accelerated password cracking infrastructure
"Security is not a product, but a process." – Bruce Schneier
💡 Open to collaboration on security research, exploit development, and building secure applications.