Hi there! My name’s Sam and I’m a professional security researcher & penetration tester. In my free time I’m also active in many different areas, but at the time of writing this I’m mostly involved in bug bounty hunting, open source security and CTFs. As long as you’re not trying to sell me something, feel free to reach out to me for any reason. :)

Certifications & Achievements of Note:

├──>Offensive Security: OSCP
└──>CTF Peaks: Top 7 on HackTheBox, the biggest security challenge leaderboard in the world with over 200 000 members (Top 0.0035%)

Security Skills:

├──>Application Security (Linux and Windows applications)
├──>Reverse Engineering (X86/64, .NET, Java & some ARM)
├──>Web Application Security
├──>Exploit Development (X86/64 & Web)
├──>Code Auditing
└──>Tools: Burp, Wfuzz/ffuf, Cobalt Strike (inc. Malleable profiles to bypass EDRs and next-gen AV), GDB, Ghidra, IDA Pro, x64dbg, Metasploit, Wireshark

Programming Languages & Technologies:

├──>CMS: WordPress, Joomla, Drupal
├──>Databases: PostreSQL, PostGIS, MySQL/MariaDB
└──>Go-to languages: PHP, Javascript, Python, C/C++, C#, Ruby, Bash, X86/64 Assembly

CVEs & Bounties of Note:

├──>Ajenti 2 Server Control Panel Post-Auth Remote Code Execution
├──>Ninja Forms (Wordpress Plugin with > 20 millon installs) Blind SQL Injection
└──>Buda Cryptocurrency Bank 2FA Bypass & Silent Account Takeover