A cybersecurity professional with 6+ years of experience. Expert in identifying critical vulnerabilities (RCE, Auth Bypass) in hardware and enterprise software. Active contributor to Metasploit and Exploit-DB, with 10+ published exploits. Primary author of the official CIS pfSense Benchmark. Creator of 403Override-NG.
reNgine - Stored XSS via DNS Entry.
Netgear Router - Command Injection.
TP-Link - Authentication Bypass.
Netgear - Forced Logout Admin bypass.
PlaySMS - Remote Code Execution.
10+ total CVEs published via Exploit-DB....
Detailed technical breakdown of an unauthenticated Remote Code Execution chain discovered in Netgear WNR614.
Primary author/contributor to the official CIS security configuration guide for pfSense firewalls.
Published 10+ exploit modules for various web and network-level vulnerabilities.
Co-Creator of interactive shell generator (ShellPop) and active contributor to Subzy.
Scanning remote host for new articles...
Advanced multi-threaded Burp Suite extension automating 401/403 bypass discovery, featuring strict Diff-engine verification and YAML configuration.
Intentionally vulnerable laboratory environment designed for testing 403 bypass tools against reverse proxy discrepancies.
This lab is a dynamic environment designed for security researchers to practice identifying and claiming “dangling DNS” records
At Writeup-DB, we are dedicated to enhancing the learning experience by providing a comprehensive collection of external writeups.
A comprehensive technical deep-dive into JSON Web Token (JWT) security. Covering internal structures, signature verification attacks, access control bypasses, and enterprise-grade mitigation strategies.
I, along with my colleague, presented 'Mitigating Supply Chain Attacks: Strategies for Resilient Cybersecurity' at CRESTCon 2024 in London.
I presented 'Cybersecurity and Supply Chain Risk Management: Best Practices for Procurement' at Threatcon 2023 in Kathmandu, Nepal.