Breaking things to make them stronger: I dig into web and cloud systems to uncover flaws, weaponize exploits, and then turn them into defenses. Check out my recent red team projects, CTF write-ups, and security tools—I’m always pushing to learn more.
Purple-team exercises with live detections shipping every sprint.
These are the disciplines I rotate through every week to turn offensive insight into resilient defenses.
Designing bespoke attack chains that mirror the latest threat actors to pressure-test every defensive layer.
Building resilient detections, purple-team playbooks, and live dashboards that convert findings into action.
Pulling apart binaries, cloud misconfigs, and web stacks to surface overlooked exploits before attackers do.
Security+ and A+ certified — though the certs came after the obsession, not before. Most of my time goes into understanding how attacks actually land, building tools to automate the parts of security work nobody wants to do by hand, and writing up findings so the next person doesn't have to start from scratch.
Python is where most of my tooling lives. C++ when speed matters, TypeScript when it needs a frontend. I try to build things that solve real problems — job market scraping with fake-listing detection, dark web OSINT crawlers, business audit automation — not just demo projects that look good in a README.
I spend time on HackTheBox and TryHackMe because there's no shortcut to learning offense. The writeups here are equal parts notes-to-self and resource for whoever's stuck on the same box.
Find exposed risks, misconfigurations, and suspicious behavior without enterprise tools or alert spam. A focused, human-led review that gives you clarity fast.
This project explores how evil twin Wi-Fi attacks operate on a technical level by building a controlled, ethical simulation using ESP32 hardware. The goal was not to "hack Wi-Fi" but to deeply understand how threat actors exploit trust in wireless networks, and how defenders can detect and better mitigate these threats.
Every engagement is engineered as a story arc—intelligence-gathering, simulated impact, and hardening. Here’s how I keep teams engaged and outcomes measurable.
See it in practiceBlend automated recon with human-led exploration to uncover forgotten assets, shadow services, and risky trust paths.
Build tailored payloads, C2 frameworks, and signal-rich telemetry to replay the breach scenarios that keep teams awake.
Deliver concise remediation roadmaps, detection-as-code, and enablement workshops so teams can respond with confidence.
