Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.
- Web Application Security: Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches
- Exploit Development: Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios
- Security Research: Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs
- Living Off the Land: Windows Post-Exploitation Without Tools Nov 28, 2025
- Finding and Exploiting CVE-2025-50674 in OpenMediaVault Aug 24, 2025
- Mythic C2 with EarlyBird Injection and Defender Evasion Jun 26, 2025
- Breaking ADCS: ESC1 to ESC16 Attack Techniques Jun 4, 2025
- From Zero Creds to Enterprise Admin May 20, 2025
- XSS to Account Takeover & Data Exfiltration Apr 24, 2025
- VirtualProtect DEP Bypass: Step-By-Step Exploit - Apr 8, 2025
- Social Engineering in Red Team Operations: Technical Setup and Tools - Apr 1, 2025
- C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations - Mar 25, 2025
- Mastering x86 Shellcode: A Deep Dive into Calculator-Launching Payload Development - Mar 18, 2025
- AspXVenom: Generates encoded shellcode and embeds it into ASPX webshells for .NET environments testing
- AutoMSF: Python script for generating and deploying multiple types of Meterpreter reverse_https payloads
- MacroPhantom: Creates XOR+Caesar encrypted shellcode and embeds it into VBA macros for Office documents
- GoPhish-Deploy: Automates deployment of the GoPhish phishing framework with SSL and secure defaults
- InterceptReady: Toolkit for configuring Android emulators with Frida and Burp Suite for mobile security testing
- CVE-2025-50674: Privilege escalation vulnerability in OpenMediaVault
- CVE-2024-32136: SQL injection vulnerability in database systems
- CVE-2023-0830: Vulnerability in EasyNAS backup allowing arbitrary command execution with root privileges
- CVE-2024-0365: System components security flaw allowing privilege escalation
- CVE-2024-0399: Critical vulnerability affecting data integrity and confidentiality
- CVE-2024-0405: Input validation vulnerability leading to remote code execution
- CVE-2024-0566: SQL injection vulnerability allowing data exfiltration
- CVE-2024-30240: Critical SQL injection vulnerability allowing authentication bypass
- CVE-2024-31370: Injection vulnerability allowing arbitrary code execution
- CVE-2024-33911: Vulnerability affecting system configurations and security controls