About

I’m passionate about cybersecurity, and this page gives a bit of background on who I am and what I’ve worked on. My interest in specifically cybersecurity started around age 15, sparked by Cyber Defense Competitions, Capture the Flag events, and a lot of hands-on tinkering. Back then, sites like Hack This Site were my playground. That early curiosity led to a career that began with development and system administration at a small company. Today, I lead offensive security testing engagements at RSM US LLP. I enjoy challenging problems, whether it’s pulling indicators and card information from credit card skimmers, automating infrastructure for security testing, or identifying high-impact vulnerabilities in complex applications.

This site serves as a public notebook for my research, tooling, and methodology across different areas of cybersecurity. If it’s useful to others, all the better.

Contributions

Some public tools I’ve created:

• gMSADumper
• Burp Suite Reproducer
• Burp Suite Deconfliction
• GenericPotato

I have identified and reported vulnerabilities during testing including:

• ColumbiaSoft Document Locator Improper Authentication - CVE-2023-5830
• Fiserv PrologueDecrypt - CVE-2020-35992

You can also check out some of the Hack The Box machines I’ve created:

• Cereal
• Intelligence

Certifications

• AWS Certified Security – Specialty
• Burp Suite Certified Practitioner
• Offensive Security Web Expert (OSWE)
• GIAC Web Application Penetration Tester (GWAPT)
• Offensive Security Certified Professional (OSCP)
• Amateur Radio Technician License