Proof of Work

Portfolio & Credentials

Projects, platforms, certifications, and what I'm building next - the full picture of my offensive security journey.

Projects Platforms Credentials Training Coming Soon
9 Vulns Discovered
4 Core Credentials
2 Active Platforms
12+ Training Certs
Hands-on work

Featured Projects

Real engagements. Real findings. Real reports.

 Penetration Testing  ·  Application Security

OWASP Juice Shop — Web Application Penetration Test

Full black-box penetration test of OWASP Juice Shop following the OWASP Testing Guide v4 methodology. Identified and exploited 9 vulnerabilities across 7 OWASP Top 10 (2021) categories, documented with CVSS scores, working proof-of-concept scripts, 45 evidence screenshots, and a professional remediation roadmap.

GitHub Full Report
2 Critical
3 High
4 Medium
9 total findings across 7 OWASP Top 10 categories
Critical CVSS 9.8

SQL Injection

Full authentication bypass and admin JWT token extraction via unsanitised login query, zero resistance to payload injection.

Critical CVSS 9.1

Sensitive Data Exposure

BIP-39 seed phrase & OAuth client credentials stored in plaintext then led to full account takeover chain.

High CVSS 8.1

IDOR — User Basket Enumeration

Sequential basket IDs exposed all users' cart contents - zero ownership validation, horizontal privilege escalation.

High CVSS 7.5

Broken Authentication

No rate limiting on login endpoint — admin password cracked on attempt 3 using a targeted brute-force sequence.

Burp Suite Kali Linux Python Bash SQLi XSS IDOR OWASP Top 10 CVSS 3.1 Docker

More projects in the pipeline

Active network pentest lab, custom Python tooling, and a red-team scenario — all coming to this page soon.

Where I sharpen the blade

Hacking Platforms

Actively practicing offensive security through real-world machine compromises, guided attack paths, and CTF challenges.

TryHackMe

Premium Member

Completing structured learning paths and guided rooms across web exploitation, network security, and SOC analyst tracks. TryHackMe is where theory becomes instinct — every room is a real attack scenario with real consequences.

Web Exploitation Network Security SOC Analyst Linux Privesc
View TryHackMe Profile

HackTheBox

Premium Member

Tackling active machines and Sherlocks DFIR challenges with real-world exploitation techniques. HackTheBox is where you find your limits — and push past them. Machine writeups and CTF walkthroughs publishing to this portfolio soon.

Active Machines Privilege Escalation Sherlocks (DFIR) CTF Challenges
View HackTheBox Profile

CTF Writeups & Machine Walkthroughs

Detailed writeups of TryHackMe rooms and HackTheBox machines — documenting methodology, exploit chains, and lessons learned. Publishing soon.

Coming Soon
Verified credentials

Core Certifications

Industry-recognised credentials validating expertise in cybersecurity, compliance, and AI governance. Click any badge to verify on Credly.

CompTIA Security+ CE Certification Badge

CompTIA Security+

CompTIA Verify on Credly
ISC2 Certified in Cybersecurity (CC) Badge

Certified in Cybersecurity (CC)

ISC2 Verify on Credly
ISO/IEC 27001:2022 Lead Auditor Badge

ISO/IEC 27001:2022 Lead Auditor

Mastermind Assurance Verify on Credly
ISO/IEC 42001:2023 Lead Auditor Badge

ISO/IEC 42001:2023 Lead Auditor

Mastermind Assurance Verify on Credly
Continuous learning

Training & Development

Courses, workshops, and hands-on training spanning offensive security, cloud infrastructure, and development. Click any card to view the certificate.

CompTIA Security+ CE
CompTIA
Certified in Cybersecurity (CC)
ISC2
SOC Analyst Training
Cyberbit
Basic Linux Investigations
Cyberbit
Python Essentials 1
Cisco Networking Academy
AWS Fundamentals
ThinkCloudly
AWS Cloud Practitioner Essentials
ThinkCloudly
SOC Analyst Program
ThinkCloudly
Splunk Training
ThinkCloudly
SOC Analyst Training
Yeshiva University
Professional Development Certificate
November 2025
Professional Development Certificate
November 2025
In progress

What's Next

The pipeline is loaded. These sections are actively being built — check back soon.

CTF Writeups

Step-by-step walkthroughs of TryHackMe rooms and HackTheBox machines — documenting exploit chains, methodology, and post-exploitation techniques.

TryHackMe HackTheBox CTF Writeups
Building Now

Security Tools

Custom Python-based offensive and defensive tooling — recon automation, payload generators, SIEM integrations, and network scanning utilities.

Python Automation Red Team Open Source
In Development

Lab Walkthroughs

Structured lab environments — Active Directory attack chains, network pivoting, malware analysis sandbox walkthroughs, and detection engineering labs.

Active Directory Malware Labs Detection
Planned

Interested in working together?

Whether it's a penetration testing engagement, a security consultation, or a collaboration — I'm ready. Let's talk.

Get In Touch View Experience