Skills

Networking, Web Security, and AppSec: threat modeling, input validation issues, authz/authn flaws, SSRF, XSS, CSRF, open redirects, and HTTP request smuggling.

Offensive tooling and automation: Python and JavaScript for PoCs, scanners, and custom fuzzers, plus Linux-first workflows and CLI pipelines for reproducible research.

Reporting and disclosure: coordinated disclosure workflows, timeline management, and writing vendor-ready remediation guidance and impact assessments.

Tech Stack

Languages: Python, JavaScript.

OS and tooling: Linux, Git, GitHub Actions (for CI on PoCs/tooling).

Security focus: Web AppSec, Network Security, Vulnerability Research, Responsible Disclosure.

Web context familiarity: REST/GraphQL APIs, modern SPAs, and typical stacks such as MERN/JAMstack for reproducing real-world issues.