Background
13+ years in offensive security, red teaming, and exploit development.
I’m a security researcher focused on practical offensive techniques, vulnerability research, and building tools that solve real problems. This site documents my work and learning journey.
Professional Experience
Red Team Leader & Penetration Tester
- 13+ years designing and executing red team operations
- Specialized in: Active Directory attacks, post-exploitation, defense evasion
- Experience with: Fortune 500 organizations, government contractors, financial institutions
- Tools built: SSSD-Extract, custom exploitation frameworks
Current Focus
- Deepening knowledge in AI/ML security through structured study
- Exploring emerging attack vectors in enterprise systems
- Documenting security research for the community
Certifications & Credentials
Professional certifications demonstrating expertise in offensive security:
OSCP — Penetration Testing with Kali Linux
Offensive Security · Earned 2022
The industry standard for penetration testing. Demonstrates hands-on skills in reconnaissance, exploitation, privilege escalation, and reporting.
- Verification: View credential on Credly
- What it covers: Network penetration testing, exploit development, Linux/Windows privilege escalation
- Relevance: Foundation for all offensive security work
OSWE — Advanced Web Application Exploitation (AWAE)
Offensive Security · Earned 2023
Advanced certification in web application security. Covers source code review, vulnerability research, and advanced exploitation techniques.
- Verification: View credential on Credly
- What it covers: Code review, web vulnerability research, Python exploitation, advanced burp techniques
- Relevance: Critical for modern app security testing
OSEP — Penetration Testing with Python (PEN-300)
Offensive Security · Earned 2024
The most advanced Offensive Security certification. Focuses on red team operations, evasion, automation, and Python-based exploitation.
- Verification: View credential on Credly
- What it covers: Adversarial simulation, client-side attacks, C2 development, AD exploitation, AMSI bypass
- Relevance: Expert-level red teaming capability
Technical Skills
Languages & Tools:
- Bash, Python, PowerShell
- Metasploit, Burp Suite, Wireshark
- Active Directory exploitation
- Exploit development (overflow, heap spray, ROP)
- Linux/Windows/macOS
Methodologies:
- NIST Cybersecurity Framework
- MITRE ATT&CK
- Risk-based assessment
- Red Team Simulation Design
Domains:
- Network penetration testing
- Web application security
- Red team operations
- Post-exploitation & persistence
- Defense evasion
- Cryptography
Why I Write
Most security content falls into two categories:
- Tutorial-style — How to pass certifications
- Academic — Peer-reviewed papers with narrow scope
This site documents the middle ground: practical offensive security work, techniques that actually work in the lab, and lessons from real-world red teaming.
I write because:
- Clarity through explanation — Teaching forces deep understanding
- Community contribution — Help others on the same journey
- Knowledge preservation — Document techniques before they become obsolete
- Continuous learning — Research + documentation = mastery
On This Site
Start Here — Recommended reading paths by goal (OSCP prep, web security, cryptography, etc.)
Posts — Technical content organized by category:
- Red Team & Post-Exploitation
- Web Application Security
- Cryptography & Encryption
- CTF Walkthroughs
- Tools & Utilities
Tools — Open-source security tools including SSSD-Extract
Get in Touch
- GitHub: z-r0crypt
- LinkedIn: vbtr
- Twitter: @zer0crypt
Questions, suggestions, or topic requests? Open an issue on GitHub or reach out on LinkedIn.
Last updated: January 2025