I am a Security Analyst with hands-on experience in vulnerability assessment and penetration testing across networks, web applications, APIs, and mobile applications. I specialize in identifying high impact vulnerabilities through black box and grey box testing, and I enjoy applying practical offensive security techniques to strengthen systems.
I have strong expertise in web application security, API testing, network security, and privilege escalation, and I have developed internal automation scripts to improve security workflows and assessment efficiency.
I actively participate in bug bounty programs and Capture The Flag competitions, which allow me to apply real-world attacker methods to uncover security flaws and validate exploitability. These experiences have enhanced my ability to think like an adversary while recommending effective defensive controls.
I am recognized for producing clear, actionable security reports, communicating risks effectively to both technical and non-technical stakeholders, and contributing to the improvement of security posture in real world environments. I continuously work to expand my skills in advanced and emerging areas of cybersecurity.
-
2025 Mar — 2025 Sep
Junior Penetration Tester · Fetlla
Conduct comprehensive penetration testing on web applications, Android applications, APIs, and network infrastructure. Identify and exploit security vulnerabilities using industry-standard methodologies. Create detailed reports with proof-of-concepts and remediation recommendations. Collaborate with development teams to implement security fixes and best practices.
-
2023 — PRESENT
Independent Bug Bounty Hunter
Actively participate in public and private bug bounty programs on platforms like HackerOne, Bugcrowd and yeswehack. Proactively discover and report security vulnerabilities in web applications and Android applications. Develop proof-of-concept exploits and write clear, concise vulnerability reports with actionable remediation steps, contributing to the enhancement of real-world application security.
-
Web Application Security
Expert in identifying OWASP Top 10 vulnerabilities, conducting manual testing, and using automated tools to assess web application security posture.
-
Network Penetration Testing
Proficient in network reconnaissance, vulnerability scanning, exploitation, and post-exploitation techniques using industry-standard tools.
-
Security Reporting
Strong technical writing skills for creating comprehensive penetration testing reports with clear remediation steps for technical and non-technical audiences.
-
Android Application Security
Proficient in testing Android applications for common vulnerabilities like insecure data storage, broken cryptography, insecure communication, and client-side injection. Experienced with static and dynamic analysis tools and methodologies specific to mobile security.
-
Vulnerability Research & Disclosure
Adept at independently discovering security flaws in various systems and applications. Skilled in developing proof-of-concept exploits and adhering to responsible disclosure practices to ensure timely and effective remediation of identified vulnerabilities.
-
AI-Assisted Scripting & Automation
Leveraging AI tools to enhance scripting for automation, task streamlining, and personal security-related projects. Focused on developing efficient command-line utilities and workflows.
Projects & Write-ups
-
2024 SEPTEMBER
Hack Havoc CTF Write-up: Solutions
Detailed write-up covering multiple challenges from the "Hack Havoc" CTF hosted by CyberMaterial. This entry showcases a diverse range of cybersecurity skills, including:
- Web Exploitation: Directory traversal, command injection, and Server-Side Template Injection (SSTI).
- OSINT: Social media analysis, public records, and image-based intelligence gathering.
- Cryptography: Base58, Base64, Base92, ROT47, XOR, Trithemius cipher, Braille ASCII, and Maritime Signal Code.
- Reverse Engineering: Binary analysis, Python bytecode decompilation, and flag extraction from obfuscated data.
-
2025 APRIL
VaultSweeper – Automated Secret Exposure Scanner (Python)
Personal security automation project focused on detecting verified exposed secrets across GitHub repositories at scale.
- Developed an automated scanner using TruffleHog v3 to identify exposed API keys, tokens, and credentials.
- Integrated the GitHub API for large-scale repository enumeration with concurrent scanning.
- Implemented real-time Discord webhook alerts using structured JSON payloads for efficient triage.
- Added detailed logging, timestamped outputs, and automated reports to support continuous security monitoring.
Security Achievements
Screenshots and highlights from my cybersecurity journey
Resume
View my complete professional background and experience.
Get in Touch
Have a question or want to discuss a project? Feel free to send me a message!