I'm a security engineer dedicated to making software harder to break. My work centers around end-to-end security assessments of modern application stacks, covering web and API testing, cloud environments, and containerized microservice architectures.
- Application Security Testing (Web, API, Desktop)
- Infrastructure Penetration Testing (Internal & External)
- Cloud Security Assessments (AWS, Azure, GCP, K8s)
Here are some vulnerabilities I've discovered.
- CVE-2025-8533: Fantastical - Incorrect Authorization of XPC Service
- CVE-2024-10864: OpenText Advanced Authentication - SQL Injection
- CVE-2024-10865: OpenText Advanced Authentication - Reflected Cross-Site Scripting (XSS)
- CVE-2025-1983: Ready_ (Symfonia) - Stored Cross-Site Scripting (XSS)
- CVE-2025-1982: Ready_ (Symfonia) - Local File Inclusion (LFI)
- CVE-2025-1981: Ready_ (Symfonia) - SQL Injection
- CVE-2025-1980: Ready_ (Symfonia) - Remote Code Execution via Unrestricted File Upload (RCE)
- CVE-2024-50312: OpenShift (Red Hat) - Information Disclosure
- CVE-2024-50311: OpenShift (Red Hat) - Denial of Service (DoS)
- CVE-2024-2218: LuckyWP Table of Contents (WordPress) - Stored Cross-Site Scripting (XSS)
- CVE-2024-3050: Site Reviews (WordPress) - IP Spoofing
- CVE-2022-47072: Enterprise Architect (Sparx Systems) - SQL Injection
- CVE-2023-5118: Kofax Capture (Kofax) - Stored Cross-Site Scripting (XSS)
- CVE-2023-4925: Easy Forms for Mailchimp (WordPress) - Stored Cross-Site Scripting (XSS)
- CVE-2023-4932: SAS 9.4 (SAS Institute Inc.) - Reflected Cross-Site Scripting (XSS)
- CVE-2023-5209: Bookly (WordPress) - Stored Cross-Site Scripting (XSS)
- CVE-2023-38138: BIG-IP (F5 Networks) - Reflected Cross-Site Scripting (XSS)
- CVE-2023-38419: BIG-IP and BIG-IQ (F5 Networks) - Denial of Service (DoS)
- Offensive Security Certified Expert 3 (OSCE3)
- Offensive Security Exploit Developer (OSED)
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Certified Professional (OSCP)
See more on my Credential Platform profile.
I occasionally write about security topics based on my experience.
- Beyond the Surface – Digging Into CVE-2024-10864 & CVE-2024-10865 in NetIQ Advanced Authentication
- Null Pointer Exceptions: From Java’s Pitfalls to Kotlin’s Solutions
- Ready_ Wasn’t Ready – Four Critical Vulnerabilities in Symfonia eDokumenty
- SQL Injection in the Age of ORM: Risks, Mitigations, and Best Practices
- Understanding and Mitigating TOCTOU Vulnerabilities in C# Applications
- (More articles coming soon!)
Feel free to connect or reach out.
