Ever since I was 12 and found my first valid vulnerability in Dropbox, I have been obsessed with cybersecurity.
I love programming, sure, but what's more fun? Actually going in and trying to work backwards through that code!
Hacking is like a puzzle to me. There are so many uncertainties and difficulties; frankly the only certainty for me is that I keep it in the ethical, white-hat realm. But in the end it's always so rewarding to discover that vulnerability.
Please note that cybersecurity work often requires NDAs (Non-disclosure agreements) so I cannot speak in any detail about much of my work which involves government entities or other invite-only programs.
Verified Web Application Skill set on Hackerone (A feature that is now deprecated unfortunately):
Discovery of reflected, stored, DOM-based, and blind XSS vulnerabilities, including filter evasion
Discovery of SOP bypasses, especially using Origin header
Discovery of blind and standard SSRF vulnerabilities
Discovery of blind and standard HTML Injection vulnerabilities
Discovery of IDOR vulnerabilities (many undisclosed reports)
Other skill areas include DoS (through unique means, not just flooding with requests), authorization token vulnerabilities, subdomain takeovers, sensitive data disclosures, and other miscellaneous, unique vulnerabilities.
Worked full-time as Cybersecurity Intern at Abbott Laboratories from Jun-Aug 2022.
I also do some work through Bugcrowd. You can visit my profile with by clicking here.
I have been featured on multiple "Hall of Fame" pages for reporting serious website vulnerabilities to the following groups:
"Professional and thorough. Thank you." - a private team on Hackerone
"Great report, thorough analysis and POC." - a private team on Hackerone
These testimonials can also be found at the bottom of my Hackerone profile page.