Whoami

Discovered another high-severity vulnerability for Netflix ($5,000 bounty).

Built Scarecrow, an adversarial pattern optimizer for evading automated license plate recognition. Designed as a privacy tool against warrantless mass surveillance.

Reached 99th percentile on HackerOne with a 7.00 signal rating.

Disclosed a DoS vulnerability in Node.js TLS error handling (CVE-2026-21637, ~$1,000 bounty).

Discovered a high-severity vulnerability in Netflix production systems ($5,100 bounty).

Joined HackerOne to hunt for bug bounties in order to help pay off student loans and university expenses.

IT Security Engineer at Think Big Technology, where I managed security operations for two client organizations and mentored an intern in SOC operations.

Taught Python, Java, and C++ to K-12 students at The Coding Place. Turns out explaining pointers to 12-year-olds is harder than reversing malware.

WKL-Sec adapted my HVNC project into a Cobalt Strike module, bringing it into commercial offensive security tooling.

Built VisualSploit (C#) to demonstrate MSBuild exploitation. Malicious .csproj files that execute code through trusted build processes. Based on that 2021 NK supply chain attack against security researchers.

Reverse engineered live malware from Venom RAT, Pandora HVNC (both C# .NET). Shared IOCs with Antivirus vendors via VirusTotal.

Fixed, modernized, and reconstructed HVNC in Tinynuke as standalone client/server (C++). Posted to GitHub as my largest software undertaking to date.

Signed up to crackmes to learn reverse engineering. Learned Ghidra for native code, DnSpy and ILSpy for .NET apps.

Built my first RAT (C#) - the delivery was process injection + RunPE. Learned NTDLL unhooking to bypass userland hooks.

Self-taught Python, C#, Java, C++, and web dev during COVID lockdown. Hundreds of hours of youtube, dozens of pet projects, and thousands of cups of coffee later, I was half-decent.