← home
Skills
Where I'm strongest — offensive security across web, network and mobile, grounded in the standards that turn findings into something a team can act on.
Web applications
- /API pentesting — GraphQL & REST
- /IDOR & broken object-level authorization
- /RBAC flaws & privilege escalation
- /Authentication & session-management vulnerabilities
- /Cloud-backed apps — Firebase & other BaaS misconfigurations
- /Business-logic flaws
- /OWASP Top 10
Networks
- /Network penetration testing & enumeration
- /SSL/TLS vulnerabilities & misconfigurations
- /Traffic analysis & interception
Mobile
- /Android app reverse engineering
- /Dynamic instrumentation with Frida
- /Device & app analysis with adb
- /SSL-pinning & root-detection bypass
Tooling
- /Burp Suite
- /Frida
- /adb
- /Nmap
- /Nuclei
- /Wireshark
- /SQLMap
Frameworks & standards
- /CISSP security domains
- /NIST Cybersecurity Framework (CSF)
- /NIST Risk Management Framework (RMF) / SP 800-53
- /CIA triad & security controls
- /OWASP testing methodology
- /ISO/IEC 27001
- /GDPR awareness