I am a full-time Penetration Tester and Bug Bounty Hunter specializing in advanced web exploitation, custom offensive tooling, and deep-dive infrastructure assessments. I do not rely solely on off-the-shelf scanners; I architect asynchronous, context-aware frameworks to exploit complex logic flaws, race conditions, and deserialization vulnerabilities in modern, high-latency environments.
When a target resists the standard toolkit, I build the tool that breaks it.
- HTB Certified Web Exploitation Expert (CWEE): Passed — the advanced, fully hands-on benchmark for grey/white-box web exploitation.
- HTB Certified Penetration Testing Specialist (CPTS): Full-scope network and AD penetration testing.
- HTB Certified Web Exploitation Specialist (CWES): Bug-bounty and web app testing (formerly CBBH, renamed by HTB in October 2025).
- PortSwigger Web Security Academy: 100% of labs solved, every module completed, both practice exams passed.
- Continuous R&D: Developing pure-logic payloads and runtime-first architectures to bypass modern WAFs and EDRs.
A selection of my proprietary frameworks and utilities, built to automate complex attack chains, bypass filters, and maximize assessment velocity.
- Burp Content Viewer: A native extension that automatically detects, prettifies, and visualizes complex HTTP responses (minified JSON/XML, raw CSV tables, PDF rendering, EXIF metadata extraction) directly inside the message editor.
- OOB Collaborator Export: A professional extension featuring an embedded Tailwind CSS web dashboard and a JSON API to export out-of-band interactions into local automation pipelines — keeping the Burp Scanner logs pristine.
The best findings are the ones nobody else bothered to look for. The same goes for this page — the real recon starts in the source.




