I break systems for a living — web apps, networks, Active Directory. Fluent in Python, JavaScript, and Golang. I write the tools when the tools don't exist.
Offensive security practitioner obsessed with understanding how things break. I specialize in web application pentesting, network exploitation, and building custom tooling when off-the-shelf solutions fall short.
Python for rapid prototyping. JavaScript for knowing exactly how XSS payloads land. Golang for building fast, cross-platform tools that actually ship.
When I'm not hunting bugs, I'm studying Active Directory abuse paths, reading CVE write-ups, or grinding CTF challenges.
XSS, SQLi, SSRF, XXE, IDOR, RCE. Finding logic flaws that scanners miss.
Kerberoasting, lateral movement, privilege escalation in domains.
Exploit PoCs, fuzzers, recon automation scripts.
XSS payloads, prototype pollution, DOM exploitation.
Fast offensive tools, scanners, C2 frameworks.
Attack surface mapping, subdomain enumeration.
| # | Project | Stack | |
|---|---|---|---|
| 01 |
GhostScan
Stealth port scanner with SYN mode.
|
GolangNetworking
|
→ |
| 02 |
XSSHunter CLI
Blind XSS injector automation.
|
PythonWeb
|
→ |
| 03 |
AD-Enum
Active Directory enumeration tool.
|
LDAPPython
|
→ |
| 04 |
PhantomC2
Encrypted C2 framework.
|
GolangCrypto
|
→ |
Open for bug bounty, pentesting, or collaboration.