Hi there! My name’s Sam and I’m a professional security researcher & security engineer. Currently I’m working at Google and helping secure the cloud. In my free time I’m also active in many different areas, but at the time of writing this I’m mostly involved in open source security, personal projects and CTFs. As long as you’re not trying to sell me something, feel free to reach out to me for any reason. :)

Certifications & Achievements of Note:

├──>Offensive Security: OSCP
└──>CTF Peaks: Top 7 on HackTheBox, the biggest security challenge leaderboard in the world with over 400 000 members (Top 0.0018%)

Security Skills:

├──>Application Security (incl. Design) ├──>Reverse Engineering (X86/64, .NET, Java & some ARM)
├──>Web Application Security
├──>Exploit Development (X86/64 & Web)
├──>Code Auditing └──>Tools: Burp, Wfuzz/ffuf, Cobalt Strike (inc. Malleable profiles to bypass EDRs and next-gen AV), GDB, Ghidra, IDA Pro, x64dbg, Metasploit, Wireshark

Programming Languages & Technologies:

├──>Databases: PostreSQL, PostGIS, MySQL/MariaDB
└──>Go-to languages: Python, Go, PHP, Javascript, C/C++, C#, Ruby, Bash, X86/64 Assembly (Intel syntax only plz)

CVEs & Bounties of Note:

├──>Ajenti 2 Server Control Panel Post-Auth Remote Code Execution
├──>Ninja Forms (Wordpress Plugin with > 20 millon installs) Blind SQL Injection
└──>South-American Cryptocurrency Bank 2FA Bypass & Silent Account Takeover