research & adversarial engineering
Red Teaming in the Age of AI.
Building secure systems through principled attacks.
14+ years in offensive security, penetration testing, and exploit development. Red teaming, OSCP/OSWE/OSEP certified. Expanding knowledge into AI/ML security and emerging attack vectors.
Certifications & Credentials
OSCP
Offensive Security Certified Professional
2017
OSCE
Offensive Security Certified Expert
2018
OSWE
Offensive Security Web Expert
2023
OSEP
Offensive Security Experienced Pentester
2024
Demonstrates practical attacks on production RAG systems using prompt injection and context pollution. Includes working exploit code against Azure OpenAI deployments and mitigation strategies for defenders.
Data Exfiltration via RAG Manipulation in Enterprise Azure Environments
Demonstrates practical attacks on production RAG systems using prompt injection and context pollution. Includes working exploit code against Azure OpenAI deployments and mitigation strategies for defenders.
SSSD-Extract: Dumping Active Directory Hashes from Linux Systems
SSSD-Extract tool: dump AD account hashes, group memberships, and user accounts from Linux systems with SSSD credential caching enabled.
HTB Machines for OSEP/PEN-300 Preparation: Complete Attack Chain Mapping
Complete HTB machine list for OSEP prep: client-side code execution, process injection, AV/AppLocker bypass, AD lateral movement, credential dumping.
Dangerous PHP Functions: Code Execution and Exploitation Reference
PHP functions dangerous when exposed: command execution, code evaluation, callbacks, filesystem manipulation, and information disclosure vectors.
Cryptography I: Advanced Block Cipher Modes and Padding
Practical implementation of CBC and CTR modes: IV management, nonce-based encryption, padding schemes (TLS), and security bounds.
Cryptography I: Block Ciphers and Modes of Operation
Week 2-3: Block ciphers, PRP security, one-time key modes (ECB/DET-CTR), many-time key modes (CBC/CTR), IV/nonce-based encryption.
OSWE/AWAE Preparation
This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification.
Microcorruption CTF Tutorial: Embedded Security Reverse Engineering
Tutorial-level walkthrough of Microcorruption CTF on MSP430 microcontroller with debugger techniques and vulnerability identification.
Cryptography I: Stream Ciphers, PRGs, and Semantic Security
Week 1 foundations: stream ciphers, PRG security definitions, birthday paradox, attacks on OTP/RC4/CSS, and Salsa20 construction.