Ever since I was 12 and found my first valid vulnerability in Dropbox, I have been obsessed with cybersecurity.

I love programming, sure, but what's more fun? Actually going in and trying to work backwards through that code!

Hacking is like a puzzle to me. There are so many uncertainties and difficulties; frankly the only certainty for me is that I keep it in the ethical, white-hat realm. But in the end it's always so rewarding to discover that vulnerability.


Please note that cybersecurity work often requires NDAs (Non-disclosure agreements) so I cannot speak in any detail about much of my work which involves government entities or other invite-only programs.

Cybersecurity Areas of Proficiency(with relevant disclosed report by me, when applicable):

Verified Web Application Skill set on Hackerone (A feature that is now deprecated unfortunately):

Discovery of reflected, stored, DOM-based, and blind XSS vulnerabilities, including filter evasion

Discovery of SOP bypasses, especially using Origin header

Discovery of blind and standard SSRF vulnerabilities

  • Many undisclosed reports, mostly blind SSRF.

Discovery of blind and standard HTML Injection vulnerabilities

Discovery of IDOR vulnerabilities (many undisclosed reports)

Other skill areas include DoS (through unique means, not just flooding with requests), authorization token vulnerabilities, subdomain takeovers, sensitive data disclosures, and other miscellaneous, unique vulnerabilities.

More things to know

Worked full-time as Cybersecurity Intern at Abbott Laboratories from Jun-Aug 2022.

Notable Links

My main work is done through Hackerone. Visit my profile by clicking here.

I also do some work through Bugcrowd. You can visit my profile with by clicking here.

Check out my blog, The Volatile Triad. I post unique hacking tips in a manner designed to be helpful to any skill level of hacker, from beginner to expert.

I have been featured on multiple "Hall of Fame" pages for reporting serious website vulnerabilities to the following groups:


Testimonials

"Professional and thorough. Thank you." - a private team on Hackerone

"Great report, thorough analysis and POC." - a private team on Hackerone

These testimonials can also be found at the bottom of my Hackerone profile page.