Builds thingsthat break things.

Building & breaking secure systems.

Long-form technical writing on AppSec, DevSecOps, and AI-driven security automation. Hands-on guides across web, mobile, API pentesting, cloud hardening, and vulnerability research.

Searchable archive of disclosed vulnerabilities.

An archive of Chromium Vulnerability Reward Program submissions. Browse historical reports, explore a stats dashboard, look up researchers by agent, and query data via public JSON endpoints.

A companion for Polymarket traders.

Browser extension + web app for Polymarket — advanced filtering, visualization enhancements, and portfolio tracking for a sharper view of prediction markets.

A site generated end-to-end by AI.

A personal resume site built entirely through v0.dev — zero hand-written code. An experiment in AI-native workflows, deployed on Vercel.

A deliberately chaotic portfolio.

A portfolio that rejects corporate polish in favour of pure, unfiltered creativity — interactive demos, hover-driven delight, and a loud reminder that the internet should still be fun.

How a fake AI recruiter delivers five-staged malware.

Deep-dive into a coordinated attack where threat actors impersonate recruiters, luring developers to clone a malicious GitHub repo. Traces five stages — from JavaScript infostealers to Python RAT deployment to AnyDesk hijacking — extracting credentials and establishing persistent backdoors.

Passing a 48-hour web exploitation exam on the first attempt.

A candid account of preparing for and passing the OffSec Web Expert exam — manual source code review, web exploitation, no AI assistance. Covers study methodology, HackTheBox machines, CTF prep, exam failures, and the resources built along the way.