💡 Offensive Security | Security Research | Bug Bounty | Pentest | Red Team
With 4 years of experience in Offensive Security, Pentesting, and Red Teaming, I have worked on projects across various sectors including banking, industrial, healthcare, technology, and government — developing a broad and in-depth understanding of different testing environments.
I have hands-on experience with Infrastructure, Active Directory, and Mobile (Android and iOS) testing, as well as phishing campaigns. However, my greatest expertise lies in Web Applications and APIs. My passion for vulnerability exploitation led me to the field of Security Research, where I discovered 29 Zero-Day vulnerabilities (now assigned as CVEs) in widely used software around the world (listed in the "Publications" section).
Among these findings are critical vulnerabilities such as Broken Access Control, SQL Injection, and Command Injection in access management systems and smart IoT devices. I was recognized twice by Oracle for discovering three critical RCE vulnerabilities in their assets.
Beyond research, I also actively participate in Bug Bounty programs, having discovered severe vulnerabilities in major global companies.
📜 Certifications:
✅ OSCP, OSWE – OffSec
✅ CRTO – ZeroPoint Security
🏆 Bug Bounty Highlights:
Dell, Atlassian, Honda, Ford, ABB, Thomson Reuters, Adobe, Ring, M&T Bank, LATAM Airlines, City of Los Angeles, IBM, TIM, InnoGames, Web.com, Telenet, Twilio, PowerSchool, Swisscom, LexisNexis, Zooplus, UOL, The Walt Disney, State of California, Deutsche Bank, Red Bull, Coca-Cola, Allianz, Intel, U.S. Department of State, AT&T, Instacart, Roblox, KeyBank, Goldman Sachs, Daimler Truck, Ubiquiti Inc., TikTok, Citizens Bank.
🔥 Recognitions:
Oracle – July 2024
Oracle – October 2023
Citizens Bank Hall of Fame
Performance Stats