← home

Skills

Where I'm strongest — offensive security across web, network and mobile, grounded in the standards that turn findings into something a team can act on.

Web applications

  • /API pentesting — GraphQL & REST
  • /IDOR & broken object-level authorization
  • /RBAC flaws & privilege escalation
  • /Authentication & session-management vulnerabilities
  • /Cloud-backed apps — Firebase & other BaaS misconfigurations
  • /Business-logic flaws
  • /OWASP Top 10

Networks

  • /Network penetration testing & enumeration
  • /SSL/TLS vulnerabilities & misconfigurations
  • /Traffic analysis & interception

Mobile

  • /Android app reverse engineering
  • /Dynamic instrumentation with Frida
  • /Device & app analysis with adb
  • /SSL-pinning & root-detection bypass

Tooling

  • /Burp Suite
  • /Frida
  • /adb
  • /Nmap
  • /Nuclei
  • /Wireshark
  • /SQLMap

Frameworks & standards

  • /CISSP security domains
  • /NIST Cybersecurity Framework (CSF)
  • /NIST Risk Management Framework (RMF) / SP 800-53
  • /CIA triad & security controls
  • /OWASP testing methodology
  • /ISO/IEC 27001
  • /GDPR awareness