Penetration tester • Offensive security enthusiast • Reverse engineer
On a mission to become the greatest (ethical) hacker—legally, transparently, and with impact.

I simulate real attacks to help defenders win. I learn in public and share what I can.

• 🥇 Goal: Master the craft of penetration testing across web, AD, cloud, and mobile.
• 🛡️ Ethos: Legal scope only, written permission first, responsible disclosure always.
• 📚 Principles: Master fundamentals → build and automate → document and teach.

• Web & API penetration testing (OWASP Top 10, business logic, auth flows)
• External and internal network assessments (attack paths, lateral movement)
• Active Directory and identity attacks (misconfigs, privilege escalation, pathways)
• Cloud security reviews (enumeration, misconfig detection, least-privilege gaps)
• Mobile app recon and analysis (traffic, storage, RE for insight)
• Reporting that prioritizes risk, reproducibility, and clear remediation

• Recon: amass, subfinder, httpx, nuclei, aquatone, Naabu
• Web/API: Burp Suite Pro, ffuf, zap, Postman, GraphQL tooling
• Network: Nmap, masscan, crackmapexec, Responder, Impacket, BloodHound
• Auth/ID: Kerbrute, Rubeus, Certipy, gMSA/ADCS checks
• Cloud: awscli, ScoutSuite, Prowler, Steampipe
• RE/Mobile: Ghidra, JADX, Frida, Objection, radare2/rizin
• Scripting: Python, Bash, Go; infra: Docker/Podman; OS: Linux (Kali/Arch/Ubuntu)

• Standards: PTES, NIST SP 800‑115, OWASP (WSTG, API, MASVS)
• Approach: scope ➜ recon ➜ threat modeling ➜ exploitation ➜ post‑ex ➜ reporting
• Deliverables: reproducible steps, impact analysis, prioritized fixes, retest plan

• 0x01 Foundations
  • OS internals, networks (L2–L7), auth/SSO/OAuth/OIDC, crypto basics
  • Web deep‑dive: session mgmt, access control, deserialization, SSRF, RCE
• 0x02 Enterprise & AD
  • Kerberos, ADCS, delegation, unconstrained/ constrained paths, LAPS/gMSA
  • Build repeatable AD lab; catalog attack chains with detections
• 0x03 Cloud
  • AWS/IAM privilege escalation maps, common misconfigs, detection evasion
  • IaC scanning and least‑privilege playbooks
• 0x04 Mobile/RE
  • Android instrumentation (Frida), storage/network hardening checks
  • Bytecode → behavior mapping; secure IPC and TLS pinning techniques
• 0x05 Publish & teach
  • Monthly writeups and tooling releases with defensive guidance
  • Talks/workshops; mentor newcomers

• Pentest/CTF writeups:
• AD/cloud lab notes:
• Disclosure reports (sanitized):

• Scope and rules of engagement first. Private reporting, coordinated disclosure.
• Clear, reproducible findings with impact and actionable remediation.
• Prefer typed, tested, and automated workflows; version‑controlled notes.

• In progress:
• Completed:
• Planned:

• Homelab:
• Cloud sandboxes:
• Data hygiene: isolate, resettable snapshots, no real customer data, safe payloads

• Open to: pentest collabs, research, tool building, mentoring, responsible bug bounties
• Best way to reach me:
• Availability:

• Website/Portfolio:
• Blog/Writeups:
• LinkedIn:
• X (Twitter):
• Mastodon:
• Discord:
• Email:
• PGP:

• GitHub Sponsors:
• Ko‑fi / Buy Me a Coffee: