I break things for a living. I'm
Arnold Mavhezha
Offensive Security
Penetration Tester
Red Team Operator
Active Directory Specialist
Application Security
Offensive Security Engineer with 4+ years across SOC operations, penetration testing, and cloud security engineering. I started as a developer. That foundation means I trace vulnerabilities to their source in the code, not just fire tools at a target. Hands-on across the full attack surface: Active Directory environments compromised via BloodHound, Kerberoasting, DCSync, and delegation abuse. Live CVEs exploited on network services. Cobalt Strike C2 beacons identified in memory dumps. Full intrusion timelines reconstructed from raw disk artifacts. 13 HackTheBox machines rooted. All documented.
Offensive Highlights
- Compromised Windows domain controllers via BloodHound path analysis, WriteDACL abuse, Kerberoasting, and DCSync across 8 AD environments
- Exploited CVE-2014-6271 (Shellshock) and CVE-2007-2447 (Samba RCE) in live environments. Root shell. No privesc required.
- Identified live Cobalt Strike C2 beacons in memory dumps, extracted credentials from RAM, reconstructed full intrusion timelines from disk artifacts