Work

Projects

Research tools, exploitation frameworks, threat intelligence platforms, and CTF infrastructure.
Source code available upon request — reach out to discuss access.

6
Core Projects
15+
Clients Secured
200+
Vulns Found
01
Browser Exploitation Chain Analysis
Reverse-engineered Firefox zero-day CVE-2024-9680 — WASM type confusion, JIT hijacking, Win32k.sys UAF to SYSTEM-level RCE. Decoded multi-layer JS obfuscation, disassembled WebAssembly, reconstructed shellcode. Full RomCom APT MITRE ATT&CK TTP mapping (T1203, T1055). 		exploit RE IDA Pro Request access
02
IoT & Embedded Systems Exploitation Framework
Full-stack pentest framework for 100+ IoT device types — WPA2 cracking, ARP poisoning, automated vulnerability scanning. Weaponized CVE-2021-4034 (PwnKit) and CVE-2023-34362 (MOVEit) with dynamic OS fingerprinting achieving 85% privilege escalation rate. MQTT fuzzing identified 12 critical CVEs affecting 100K+ users. 		offensive Bash Python Request access
03
AI-Augmented Threat Intelligence Platform
NVD CVE feeds integrated with LLM-powered exploit feasibility analysis — 65% MTTC reduction. MCP servers processing 50K+ queries/day at sub-100ms latency. High-performance caching reduced API calls by 75%, supporting prioritisation of 200+ critical CVEs monthly. 		threat intel Python FastMCP Request access
04
Red Team Infrastructure & C2 Development
Resilient C2 infrastructure leveraging Tor hidden services for anonymised communications — domain fronting and traffic obfuscation to evade network detection. Privacy-hardened Linux with transparent Tor proxy and OverlayFS-on-tmpfs for zero forensic persistence via RAM-based wiping. 		offensive Python Tor Request access
05
AI Security Red Teaming
Adversarial testing on LLMs identifying 25+ vulnerabilities in content filtering and safety alignment. Developed novel jailbreaking techniques achieving 80% bypass rate against commercial guardrails. Documented prompt injection vectors for responsible disclosure to AI vendors. 		AI red team Python OpenAI API Request access
06
PulsePoint — Real-Time Vital Signs Monitor
ESP32-based vital signs monitor with MAX30102 (HR/SpO2) + DS18B20 (temp) acquisition and real-time streaming over WebSocket/REST on the LAN (mDNS). React (Vite) dashboard consumes a 4 Hz JSON stream, persists long-horizon history in IndexedDB (Dexie), and runs optional Gemini analysis via a local Express proxy to keep API keys off the client. 		ESP32 WebSocket React Gemini Request access
Source code policy: All project source is available upon request for legitimate security research, hiring evaluation, or collaboration purposes. Reach out at with a brief description of your context.