Whoami

Ranked as Netflix's #1 hacker of 2026 (#3 all-time) on HackerOne's leaderboard!

Earned another $5,000 bounty from Netflix for a privately disclosed high-severity report.

Disclosed a ReDoS vulnerability in Svelte's <svelte:element> tag validation (CVE-2026-42567, ~$1,000 bounty).

Discovered another high-severity vulnerability for Netflix, privately ($5,000 bounty).

Built Scarecrow, an adversarial pattern optimizer for evading automated license plate recognition. Designed as a privacy tool against warrantless mass surveillance.

Reached 99th percentile on HackerOne with a 7.00 signal rating.

Disclosed a DoS vulnerability in Node.js TLS error handling (CVE-2026-21637, ~$1,000 bounty).

Discovered a high-severity vulnerability in Netflix production systems ($5,100 bounty + retesting).

Joined HackerOne to hunt for bug bounties in order to help pay off student loans and university expenses.

IT Security Engineer at Think Big Technology, where I managed security operations for two client organizations and mentored an intern in SOC operations.

Taught Python, Java, and C++ to K-12 students at The Coding Place. Turns out explaining pointers to 12-year-olds is harder than reversing malware.

WKL-Sec adapted my HVNC project into a Cobalt Strike module, bringing it into commercial offensive security tooling.

Built VisualSploit, a C# tool that weaponizes .csproj files to execute arbitrary code when opened in Visual Studio, under a signed Microsoft binary. Inspired by the 2021 North Korean supply chain attack against security researchers.

Reverse engineered live malware from Venom RAT, Pandora HVNC (both C# .NET). Shared IOCs with Antivirus vendors via VirusTotal.

Fixed, modernized, and reconstructed HVNC in Tinynuke as standalone client/server (C++). Posted to GitHub as my largest software undertaking to date.

Signed up to crackmes to learn reverse engineering. Learned Ghidra for native code, DnSpy and ILSpy for .NET apps. Wrote C++ on the side, mostly to have more binaries to practice on.

Spent COVID lockdown teaching myself C# through YouTube (thanks Mosh) and pet projects, mostly WinForms/WPF desktop apps and client/server apps over TCP sockets.

Learned JavaScript through freeCodeCamp to write a Chrome extension that automated my dreadful Membean homework. Gave the extension to my friends in the spirit of open source.