In-depth vulnerability research, detection engineering & applied cryptography.
All real output, nothing staged: a web-app data breach and a full server takeover against targets I host in a lab I control, then a cryptographic flaw I found and responsibly disclosed in production software. Offensive web, infrastructure, and deep code review - never against systems I don't own.
01 · data breach A real SQL-injection chain against a web app (OWASP Juice Shop): bypass the login with no password, then dump every account's stored credentials straight from the database.
02 · full takeover Command injection in an appliance's diagnostics tool: a "ping" box that runs whatever I type, as root. One request turns into remote code execution and the server's production secrets.
03 · crypto research The disclosed flaw in Fireblocks' MPC threshold-signature library: a one-byte type confusion cuts a 40-bit check to 8 bits, so I forge an invalid proof the production verifier accepts, about 1 in 256 tries, with a control run that proves the cause. Read the full audit →