Principal Penetration Tester — 4+ years of offensive security operations across network, application, AI/ML, and cloud assessments. Adversarial testing for healthcare, finance, and tech.
Hello—welcome to the portfolio. I started my penetration testing journey in the fall of 2021 with no prior hacking experience, aiming to break into the field within a year. After grinding offensive security labs and stacking certifications, I landed a role shortly after earning the OSCP.
I am now an offensive security professional with 4+ years of experience spanning network, application, AI/ML, and cloud penetration testing.
I conduct adversarial assessments against generative and predictive AI systems — including prompt injection, indirect prompt injection through agentic pipelines and RAG architectures, and model inference attacks — alongside traditional application and infrastructure engagements.
Outside of work, I train regularly at the gym and compete in combat sports — I hold a blue belt in Brazilian Jiu-Jitsu. When I’m not on the mats, I unwind with anime and video games. My most recent obsession is the Resident Evil series.
Maps 56 adversarial AI challenges across 10 platforms to HiddenLayer’s APE Taxonomy by objective, tactic, and technique. Includes full prompts, model responses, and defensive countermeasures.
Markdown / ResearchSMS Spam Classifier built with TF-IDF and Naive Bayes as part of the HTB Academy AI in InfoSec track. Explores ML model behavior and misclassification attack surfaces in a security context.
PythonDeployment and write-up of GitHub’s Secure Code Game on Agentic AI Security. Covers securing AI agents that execute commands, browse the web, use tools, and coordinate other agents.
JavaScriptMCP Server Security Analysis Tool — built for assessing the security posture of Model Context Protocol servers, a key attack surface in agentic AI deployments.
PythonBrowser-based red-teaming workbench for LLM applications. Ships a curated library of 137+ attack prompts and supports live endpoint probing, determinism analysis, structured test logging with AI-assisted evaluation, and exploit-chain visualization — all client-side with no backend.
TypeScriptModular Azure / Entra ID collection and tool orchestration scripts for cloud penetration testing. Automates enumeration of identities, roles, and permissions across Azure tenants.
PythonScripts for exploiting AWS services — built for ARTE labs covering IAM abuse, privilege escalation, storage enumeration, and cross-account trust exploitation.
PythonAutomation script for running CloudFox commands during AWS penetration tests. Streamlines cloud enumeration workflows and produces organized output for reporting.
PythonPowerShell password-spraying tool for Microsoft Online (Azure / Entra ID / Office 365) that routes every authentication attempt through a FireProx API Gateway endpoint, rotating the source IP per request.
PowerShellBurp Suite extension for bulk URL importing. Streamlines web application testing by automating request importing into the Burp proxy — eliminates tedious manual entry during large-scope assessments.
PythonTool for harvesting JavaScript files from web applications for endpoint discovery and attack surface mapping. Accelerates manual JS analysis during web application penetration tests.
PythonOrchestration tool designed to facilitate the reconnaissance process during web application penetration tests. Streamlines and automates information-gathering workflows.
PythonComprehensive penetration testing wiki covering enumeration, exploitation, privilege escalation, post-exploitation, and Active Directory attack chains. Structured as a practitioner reference for real engagements and CTF challenges.
WalkthroughDetailed analysis mapping 56 adversarial AI challenges across 10 platforms to HiddenLayer’s APE Taxonomy. Includes full attack prompts, model responses, bypass techniques, and defensive countermeasures for each challenge.
The following sanitized report demonstrates the depth and quality of findings produced during penetration testing engagements. Provided for recruiter and hiring manager review.