$ Red Team Specialist
· Offensive Security Engineer
· vCISO Advisor
· ICS/SCADA Security
Elite offensive security practitioner with 12+ years spanning red team operations,
adversary simulation, nation-state-level threat intelligence and critical-infrastructure security —
across the Middle East, Europe and the United States. I translate offensive findings into
[ classified ].
uptime12+ yrs offensive security
engagements50+ VAPT · 4 continents
rankHTB Omniscient · Top 10 (<0.1% globally)
recognitionBug Bounty HoF · Google · Twitter · Bugcrowd
HackTheBox Omniscient — Top 10 globally (<0.1% of users). Bug Bounty Hall of Fame at Google, Twitter, Bugcrowd. Every claim here is independently verifiable.
rangefull-spectrum
Wire to boardroom
Attacker depth — red team, exploit dev, AD attack chains — plusICS/SCADA (OT), LLM/AI security and vCISO advisory. Few operators cover both ends.
clearance12+ yrs
Trusted with the sensitive work
Government-adjacent and critical-infrastructure engagements where discretion is the requirement, not a preference. Sensitive scope stays sensitive.
deliveryships code
Outcomes, not a PDF
Open-source tooling with real traction (180★) and findings translated into CFO / board-level financial risk — remediation that survives the readout.
$echo "you're not hiring a scanner — you're hiring an adversary who can sit in your boardroom."
// rules_of_engagement — how I operate
ROE·01
Recon before action
Read, validate, verify before I touch anything. An assumption is just an unconfirmed vulnerability.
ROE·02
Offense serves the business
Every finding maps to a decision a board can make and a number a CFO can act on. Risk, not jargon.
ROE·03
Discretion by default
High-sensitivity scope stays sensitive. Trust is the actual deliverable — I treat it that way.
ROE·04
Fix, don't just flag
I ship tooling and remediation paths, not a report that ages in a drawer. The flaw and the fix.
ROE·05
Lead from inside the engagement
I run point with the team in the room — mentoring, aligning, and owning the outcome, not narrating from a slide deck.
ROE·06
Proof over posture
Claims are cheap. I bring verifiable rank, disclosed bounties, and shipped code to the table.
// case_studies — what I ship, not just what I find
Research into the security of Body Area Networks — the wireless mesh of wearable and implantable medical devices around the human body — and how weaknesses turn a connectivity convenience into a life-safety attack surface with physical, human consequences.
Hybrid Cloud Seeding — Hacking Microsoft Hybrid Cloud Infrastructure
A red-team approach to Microsoft Azure hybrid-cloud environments: enumerating and pivoting across Azure AD and on-premises Active Directory through federated services — correlating cloud and on-prem identities (users, groups, admin roles) to target privileged accounts and move laterally between the two.
focus: Azure AD / hybrid-cloud red teaming · Active Directory attack chains · federated identity · PowerShell enumeration · cloud↔on-prem pivoting