Web application pentesting
Testing modern web applications, auth flows, and business logic for exploitable weaknesses including XSS, IDOR, SQLi, SSRF, access-control flaws, token abuse, and chained impact.
Penetration Testing/AI Red Teaming/Offensive AI
Web pentesting and AI red teaming.
Hands-on penetration testing and AI red teaming across web applications, internal environments, LLM-integrated products, model deployments, and agentic workflows.
Penetration testing / AI red teaming / client-ready reporting
I turn web and AI failures into evidence clients can act on.
My focus is practical assessment work: finding exploitable weaknesses in web applications, internal environments and AI systems, then translating the technical path into clear business risk, remediation, and report-ready evidence.
Offensive focus
View all writeupsLLM application exploitation
Assessing AI-integrated products for prompt injection, jailbreaking, unsafe tool use, data exfiltration, LLM output exploitation, rogue actions, and agentic workflow abuse.
AI / ML system security
Studying adversarial ML and AI system risk: evasion, poisoning, model reverse engineering, deployment tampering, MCP vulnerabilities, privacy leakage, and denial-of-service paths.
Internal assessments
Mapping exposed services, misconfigurations, credential paths, weak permissions, and privilege escalation opportunities into clear attack chains and practical remediation.
Bio
From exploit path to AI risk.
I work at the intersection of penetration testing and AI red teaming. The focus is understanding how systems fail in the real world: where authentication breaks, how trust gets abused, how small misconfigurations become attack paths, and how AI features introduce new ways to exfiltrate data, execute actions, bypass guardrails, or manipulate outputs.
My work is centered on web application pentesting, internal assessments, LLM application security, adversarial ML concepts, AI deployment security, automation, and professional reporting. I use Python to automate workflows, test attack ideas quickly, and turn repeatable findings into methodology.
Burp Suite
Caido
Nmap
ffuf
Python
Docker
LLM Security
Prompt Injection
MCP Security
Bash
Projects
Operator stack
Pentest craft. AI attack surface.
A sharper view of the work: classic web and internal assessment skills, extended into LLM applications, model-backed systems, tool-using agents, and offensive AI workflows.
Focus
Web App Pentesting, Internal Assessments, AI Red Teaming, Offensive AI
AI
Prompt Injection, Jailbreaking, LLM Output Exploitation, MCP Abuse, Model Deployment Tampering
Workflow
Recon, Threat Modeling, Exploitation, Impact Proof, Remediation, Client-Ready Reporting
Tooling
Burp Suite, Caido, Nmap, ffuf, Metasploit, Wireshark, Python, Bash, Docker, AI Security Labs
Build
Python, Rust, JavaScript, Bash, Docker, Linux