Loading...

Initializing...

Security Researcher

_

Offensive Security Engineer · Full Stack Developer · Bug Bounty Hunter

Avatar

Security-focused Software Engineer with strong offensive security background. I specialize in Web Application Penetration Testing, API Security Testing, and Secure Laravel Development. I build applications — and I break them professionally.

Read Blog View Research

📄 Latest Posts

LABx_Docs - Complete Setup Guide
Jan 23, 2026 · 13 min read

LABx_Docs - Complete Setup Guide

A simple guide to set up your web security training environment

WebSecurity
Read more →
Web Security Labs Part III
Sep 15, 2025 · 11 min read

Web Security Labs Part III

Walkthrough For Web Security Category In Cyber Talents Part 3

WebSecuritycybertalents
Read more →
Attacktive Directory | THM
Aug 23, 2025 · 11 min read

Attacktive Directory | THM

99% of Corporate networks run off Active Directory. From this machine you will have a basic understanding on how to exploit such an environment.

WebSecurityTHMAD
Read more →
All posts →

🔍 Latest Research

SQL Injection in Backend Filter Widget numberrange Scope via numbersFromAjax

2025 · Responsible Disclosure · High

Discovered a SQL injection vulnerability in the backend filter widget's numberrange scope. The numbersFromAjax parameter was not properly sanitized, allowing an attacker to inject arbitrary SQL queries through the filter mechanism.

SQL Injection
CVE-202X-XXXXX

Privilege Escalation: Content Editor to Administrator via Stored XSS

2025 · Responsible Disclosure · High

Found a stored cross-site scripting vulnerability that allows a content editor to escalate privileges to administrator. Malicious JavaScript injected through content fields executes in the context of an admin session, enabling full account takeover.

Stored XSS / Privilege Escalation
CVE-202X-XXXXX

Incomplete Twig sandbox patch (CVE-202X-XXXXX bypass) allows data modification, exfiltration, and RCE via unblocked Model and Builder methods

2025 · Responsible Disclosure · High

Identified an incomplete patch for a prior Twig sandbox escape CVE. Unblocked Model and Builder methods remained accessible within the sandbox, enabling data modification, data exfiltration, and remote code execution.

Sandbox Escape / RCE
CVE-202X-XXXXX
All research →

💻 Projects

ReservaHub
Laravel 12Vue.js 3

ReservaHub

Production-ready, multi-tenant restaurant booking & management platform with GPS discovery, real-time reservations, PayPal payments, analytics, and support tickets.

View Project →
Zadx Tracking Gym
Java 17Swing

Zadx Tracking Gym

Enterprise-grade multi-branch gym management system with role-based access control, real-time member tracking, training progress monitoring, and comprehensive audit compliance.

View Project →
All projects →
Let's Connect

Interested in working together?

Whether you have a security concern, a collaboration idea, or just want to talk cybersecurity — I'm always open to connecting.

Get in Touch LinkedIn