I enjoy idealizing, designing, developing, and implementing security solutions to fix, break or
exploit digital stuff. Long story short, I need to be involved with creativity and code, of course.
With over 13 years of experience, I spent most of this time testing, developing security
mechanisms, finding software vulnerabilities, and teaching software developers how they should
avoid them. I have extensive hands-on experience either in offensive and defensive perspectives,
which includes disciplines and skills like:
- Security Code Reviews
- Penetration Testing
- Secure Coding Training
- Threat Intelligence
- Red Teaming
- Research & Development
- Threat Modeling
- DevSecOps
- Cloud Security
- Tooling
As an independent researcher on IoT, I've identified several vulnerabilities and obtained some
CVEs. Lately, I have been developing an experimental security framework designed to audit web
applications in python: https://github.com/s4dhulabs/vimana-framework
Also, I have researched logic flaws for a while, and from that, I have created LFWF:bD
, case
studies on business logic flaws and insecure design scenarios:
https://github.com/s4dhulabs/LFWFBD
On the other hand, I'm also a sociologist interested in the anthropological approach to hacker
culture and the impacts of technology on society.