π» Experience
Security Researcher - HackerOne/BugCrowd
- Specialized in identifying critical vulnerabilities in systems and applications using the PTES methodology and lateral thinking to solve complex problems with technical creativity.
- Identified and mitigated vulnerabilities, reducing attack surfaces by 60% and improving system resilience by 40%.
- Reported Open Redirect, Subdomain Takeover, and Info Disclosure, in Adobe, NASA VDP, and private programs. Strengthened security for major organizations through detailed vulnerability reports. Specialized in asset enumeration and web exploitation for high-impact findings.
Analyst Software/Ethical Hacker Internship - Siesa
- Conducted comprehensive analysis of enterprise software solutions, including ERP and CRM systems. Tested functionality across various versions before production deployment.
- Performed pentesting on two applications, uncovering security vulnerabilities. Proposed improvements to mitigate SQL Boolean Injection and XSS Reflected attacks.
- Contributed to software security analysis and optimization efforts, enhancing operational efficiency and data protection.
π Achievements
DiceCTF 2024 Quals
- Successfully participate in DiceCTF 2024 Quals, a prestigious 48-hour online Capture The Flag, in the ESPower_ team.
Reports in Hacker0ne
- I was able to successfully report a disclosure vulnerability in Hackerone for the Adobe Security Response program.
Adobe
Reports in BugCrowd
- Among the vulnerabilities I have reported to the NASA VDP, my most critical and impactful finding was an information disclosure affecting the supply chain, compromising both NASA and its associated customers.
Nasa π
Platforms Web Academy
- I have been able to solve over 356 labs on the Portswigger and Pentesterlab platform covering topics such as: SSRF, SQLi, No-SQLi, Disclosure Information, LLM Attacks, ClickJacking, Server Side Template Injection, OS Command Injection, Path Traversal, File Upload, File Include, Access Control, Authentication/Authorization, Web Sockets, UNIX Systems, XSS, Business Logic Vulnerabilities, CachΓ© Web Deception, HTTP Request Smuggling, Prototype Pollution, Insecure Deserialization, Race Conditions, XXE, CORS, DOM Based Vulnerabilities, GraphQL API Attacks, HOST Header Attacks, Web Cache Poisoning, and more.
PortSwigger
PentesterLab
π‘ Security Chronicles
My Blog in Medium :)
- In my spare time, I write on my personal blog about various topics related to computer security and software, from how AES hashing and Keccak states work in cryptography to how to set up dynamic routing between two LANs.
- Passionate about learning every day, every new topic is a great opportunity to expose it to the public, to teach it, to give the opportunity to someone who is in the same process as me to learn and not give up.