research & adversarial engineering
Red Teaming in the Age of AI.
Building secure systems through principled attacks.
14+ years in offensive security, penetration testing, and exploit development. Red teaming, OSCP/OSWE/OSEP certified. Expanding knowledge into AI/ML security and emerging attack vectors.
Certifications & Credentials
OSCP
Offensive Security Certified Professional
2022
OSWE
Offensive Security Web Expert
2023
OSEP
Offensive Security Experienced Pentester
2024
OSEP
Offensive Security Certified Expert
2024
SSSD-Extract tool: dump AD account hashes, group memberships, and user accounts from Linux systems with SSSD credential caching enabled.
SSSD-Extract: Dumping Active Directory Hashes from Linux Systems
SSSD-Extract tool: dump AD account hashes, group memberships, and user accounts from Linux systems with SSSD credential caching enabled.
HTB Machines for OSEP/PEN-300 Preparation: Complete Attack Chain Mapping
Complete HTB machine list for OSEP prep: client-side code execution, process injection, AV/AppLocker bypass, AD lateral movement, credential dumping.
Dangerous PHP Functions: Code Execution and Exploitation Reference
PHP functions dangerous when exposed: command execution, code evaluation, callbacks, filesystem manipulation, and information disclosure vectors.
Cryptography I: Advanced Block Cipher Modes and Padding
Practical implementation of CBC and CTR modes: IV management, nonce-based encryption, padding schemes (TLS), and security bounds.
Cryptography I: Block Ciphers and Modes of Operation
Week 2-3: Block ciphers, PRP security, one-time key modes (ECB/DET-CTR), many-time key modes (CBC/CTR), IV/nonce-based encryption.
OSWE/AWAE Preparation
This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification.
Microcorruption CTF Tutorial: Embedded Security Reverse Engineering
Tutorial-level walkthrough of Microcorruption CTF on MSP430 microcontroller with debugger techniques and vulnerability identification.
Cryptography I: Stream Ciphers, PRGs, and Semantic Security
Week 1 foundations: stream ciphers, PRG security definitions, birthday paradox, attacks on OTP/RC4/CSS, and Salsa20 construction.